MDBA: Detecting Malware based on Bytes N-Gram with Association Mining

2019 26th International Conference on Telecommunications (ICT) Pub Date : 2019-04-08 DOI:10.1109/ICT.2019.8798828

Bowei Li, Yongzheng Zhang, Junliang Yao, Tao Yin

{"title":"MDBA: Detecting Malware based on Bytes N-Gram with Association Mining","authors":"Bowei Li, Yongzheng Zhang, Junliang Yao, Tao Yin","doi":"10.1109/ICT.2019.8798828","DOIUrl":null,"url":null,"abstract":"Malware has always threatened the security of networks and computer systems. The traditional methods for malware detection are signature-based with manually designed rules. Some recent methods involving static or dynamic analysis require professional tools to extract features, while feature engineering is time-consuming and labor-intensive. In this paper, we propose MDBA, the Malware Detection based on Association mining method. Our approach only takes bytes n-grams from PE binaries as features, which can be easily obtained. By mining the n-gram features, we can produce association rules that satisfy the minimum support and the minimum confidence constraints. Based on the association rules, a classifier is built to detect whether a PE executable is malicious or not. To demonstrate the capability of our MDBA approach, we organize a large dataset with more than 10,000 PE files and conduct series of experiments on the dataset. The results show that our approach not only achieves high performance of malware detection, but also is capable of discovering malware of unknown types.","PeriodicalId":127412,"journal":{"name":"2019 26th International Conference on Telecommunications (ICT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 26th International Conference on Telecommunications (ICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICT.2019.8798828","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Malware has always threatened the security of networks and computer systems. The traditional methods for malware detection are signature-based with manually designed rules. Some recent methods involving static or dynamic analysis require professional tools to extract features, while feature engineering is time-consuming and labor-intensive. In this paper, we propose MDBA, the Malware Detection based on Association mining method. Our approach only takes bytes n-grams from PE binaries as features, which can be easily obtained. By mining the n-gram features, we can produce association rules that satisfy the minimum support and the minimum confidence constraints. Based on the association rules, a classifier is built to detect whether a PE executable is malicious or not. To demonstrate the capability of our MDBA approach, we organize a large dataset with more than 10,000 PE files and conduct series of experiments on the dataset. The results show that our approach not only achieves high performance of malware detection, but also is capable of discovering malware of unknown types.

查看原文本刊更多论文

基于关联挖掘的字节N-Gram恶意软件检测

恶意软件一直威胁着网络和计算机系统的安全。传统的恶意软件检测方法是基于签名和人工设计的规则。最近一些涉及静态或动态分析的方法需要专业的工具来提取特征，而特征工程是耗时和劳动密集型的。本文提出了基于关联挖掘的恶意软件检测方法MDBA。我们的方法只需要PE二进制文件中的字节n-gram作为特征，这很容易获得。通过挖掘n-gram特征，我们可以生成满足最小支持度和最小置信度约束的关联规则。基于关联规则，构建分类器来检测PE可执行文件是否为恶意文件。为了证明我们的MDBA方法的能力，我们组织了一个包含超过10,000个PE文件的大型数据集，并在数据集上进行了一系列实验。结果表明，该方法不仅实现了高性能的恶意软件检测，而且能够发现未知类型的恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 26th International Conference on Telecommunications (ICT)

自引率

0.00%

发文量