FETA: A systematic and efficient approach for feature engineering on anti-static and anti-dynamic malware analysis

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-06-11 DOI:10.1016/j.jisa.2025.104104

Dima Rabadi , Jia Y. Loo , Amudha Narayanan , Yuexuan Wang , Sin G. Teo , Tram Truong-Huu

{"title":"FETA: A systematic and efficient approach for feature engineering on anti-static and anti-dynamic malware analysis","authors":"Dima Rabadi , Jia Y. Loo , Amudha Narayanan , Yuexuan Wang , Sin G. Teo , Tram Truong-Huu","doi":"10.1016/j.jisa.2025.104104","DOIUrl":null,"url":null,"abstract":"<div><div>Malware detection is a critical but very challenging task in cybersecurity. The eternal competition between malware authors (cyber attackers) and security analysts (detectors) is a never-ending game in which malware evolves rapidly and becomes more sophisticated as cyber attackers constantly evolve their tactics to evade detection. Such competition raises the demand for new automated malware detection techniques to keep pace with malware evolution and address sophisticated malware. This paper presents an empirical study that analyzes the effectiveness of static and dynamic features using machine learning algorithms. We propose FETA, a systematic approach for <strong>F</strong>eature <strong>E</strong>ngineering on anti-s<strong>T</strong>atic and anti-dyn<strong>A</strong>mic malware analysis. FETA combines static and dynamic features through feature aggregation and model integration techniques to improve detection accuracy and robustness. Extensive experiments on a real-world dataset show that the aggregation of static and dynamic features outperforms individual feature sets, achieving a detection rate of 98.06%. Additionally, we provide insights into feature selection and conduct a deep analysis of misclassified samples. This research contributes to the development of more effective and efficient malware detection techniques for enhanced cybersecurity.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104104"},"PeriodicalIF":3.7000,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001413","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Malware detection is a critical but very challenging task in cybersecurity. The eternal competition between malware authors (cyber attackers) and security analysts (detectors) is a never-ending game in which malware evolves rapidly and becomes more sophisticated as cyber attackers constantly evolve their tactics to evade detection. Such competition raises the demand for new automated malware detection techniques to keep pace with malware evolution and address sophisticated malware. This paper presents an empirical study that analyzes the effectiveness of static and dynamic features using machine learning algorithms. We propose FETA, a systematic approach for Feature Engineering on anti-sTatic and anti-dynAmic malware analysis. FETA combines static and dynamic features through feature aggregation and model integration techniques to improve detection accuracy and robustness. Extensive experiments on a real-world dataset show that the aggregation of static and dynamic features outperforms individual feature sets, achieving a detection rate of 98.06%. Additionally, we provide insights into feature selection and conduct a deep analysis of misclassified samples. This research contributes to the development of more effective and efficient malware detection techniques for enhanced cybersecurity.

查看原文本刊更多论文

FETA：一种系统有效的反静态和反动态恶意软件分析特征工程方法

恶意软件检测是网络安全领域的一项关键而又极具挑战性的任务。恶意软件作者（网络攻击者）和安全分析师（检测器）之间的永恒竞争是一场永无止境的游戏，在这场游戏中，恶意软件的进化速度很快，随着网络攻击者不断进化他们逃避检测的策略，恶意软件也变得越来越复杂。这种竞争增加了对新的自动化恶意软件检测技术的需求，以跟上恶意软件的发展并解决复杂的恶意软件。本文提出了一项使用机器学习算法分析静态和动态特征有效性的实证研究。我们提出了FETA，一种用于反静态和反动态恶意软件分析的系统特征工程方法。FETA通过特征聚合和模型集成技术将静态特征和动态特征结合起来，提高了检测的准确性和鲁棒性。在真实数据集上的大量实验表明，静态和动态特征的聚合优于单个特征集，达到98.06%的检测率。此外，我们还提供了对特征选择的见解，并对错误分类的样本进行了深入分析。本研究有助于开发更有效和高效的恶意软件检测技术，以增强网络安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.