利用数据特征检测恶意软件的机器学习分类器

IF 0.5 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of ICT Research and Applications Pub Date : 2021-12-28 DOI:10.5614/itbj.ict.res.appl.2021.15.3.5

Saleh Abdulaziz Habtor, Ahmed Haidarah Hasan Dahah

{"title":"利用数据特征检测恶意软件的机器学习分类器","authors":"Saleh Abdulaziz Habtor, Ahmed Haidarah Hasan Dahah","doi":"10.5614/itbj.ict.res.appl.2021.15.3.5","DOIUrl":null,"url":null,"abstract":"The spread of ransomware has risen exponentially over the past decade, causing huge financial damage to multiple organizations. Various anti-ransomware firms have suggested methods for preventing malware threats. The growing pace, scale and sophistication of malware provide the anti-malware industry with more challenges. Recent literature indicates that academics and anti-virus organizations have begun to use artificial learning as well as fundamental modeling techniques for the research and identification of malware. Orthodox signature-based anti-virus programs struggle to identify unfamiliar malware and track new forms of malware. In this study, a malware evaluation framework focused on machine learning was adopted that consists of several modules: dataset compiling in two separate classes (malicious and benign software), file disassembly, data processing, decision making, and updated malware identification. The data processing module uses grey images, functions for importing and Opcode n-gram to remove malware functionality. The decision making module detects malware and recognizes suspected malware. Different classifiers were considered in the research methodology for the detection and classification of malware. Its effectiveness was validated on the basis of the accuracy of the complete process.","PeriodicalId":42785,"journal":{"name":"Journal of ICT Research and Applications","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2021-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Machine-Learning Classifiers for Malware Detection Using Data Features\",\"authors\":\"Saleh Abdulaziz Habtor, Ahmed Haidarah Hasan Dahah\",\"doi\":\"10.5614/itbj.ict.res.appl.2021.15.3.5\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The spread of ransomware has risen exponentially over the past decade, causing huge financial damage to multiple organizations. Various anti-ransomware firms have suggested methods for preventing malware threats. The growing pace, scale and sophistication of malware provide the anti-malware industry with more challenges. Recent literature indicates that academics and anti-virus organizations have begun to use artificial learning as well as fundamental modeling techniques for the research and identification of malware. Orthodox signature-based anti-virus programs struggle to identify unfamiliar malware and track new forms of malware. In this study, a malware evaluation framework focused on machine learning was adopted that consists of several modules: dataset compiling in two separate classes (malicious and benign software), file disassembly, data processing, decision making, and updated malware identification. The data processing module uses grey images, functions for importing and Opcode n-gram to remove malware functionality. The decision making module detects malware and recognizes suspected malware. Different classifiers were considered in the research methodology for the detection and classification of malware. Its effectiveness was validated on the basis of the accuracy of the complete process.\",\"PeriodicalId\":42785,\"journal\":{\"name\":\"Journal of ICT Research and Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2021-12-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of ICT Research and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5614/itbj.ict.res.appl.2021.15.3.5\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of ICT Research and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5614/itbj.ict.res.appl.2021.15.3.5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 1

摘要

在过去的十年里，勒索软件的传播呈指数级增长，给多个组织造成了巨大的经济损失。各种反勒索软件公司提出了防止恶意软件威胁的方法。恶意软件的发展速度、规模和复杂性给反恶意软件行业带来了更多挑战。最近的文献表明，学术界和反病毒组织已经开始使用人工学习以及基本的建模技术来研究和识别恶意软件。传统的基于签名的反病毒程序很难识别不熟悉的恶意软件并跟踪新形式的恶意软件。在本研究中，采用了一个以机器学习为核心的恶意软件评估框架，该框架由几个模块组成:分为两类(恶意软件和良性软件)的数据集编译、文件拆卸、数据处理、决策制定和更新恶意软件识别。数据处理模块使用灰色图像、导入功能和Opcode n-gram来删除恶意软件功能。决策模块检测恶意软件并识别可疑的恶意软件。在恶意软件检测和分类的研究方法中考虑了不同的分类器。在整个过程的准确性的基础上，验证了其有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Machine-Learning Classifiers for Malware Detection Using Data Features

The spread of ransomware has risen exponentially over the past decade, causing huge financial damage to multiple organizations. Various anti-ransomware firms have suggested methods for preventing malware threats. The growing pace, scale and sophistication of malware provide the anti-malware industry with more challenges. Recent literature indicates that academics and anti-virus organizations have begun to use artificial learning as well as fundamental modeling techniques for the research and identification of malware. Orthodox signature-based anti-virus programs struggle to identify unfamiliar malware and track new forms of malware. In this study, a malware evaluation framework focused on machine learning was adopted that consists of several modules: dataset compiling in two separate classes (malicious and benign software), file disassembly, data processing, decision making, and updated malware identification. The data processing module uses grey images, functions for importing and Opcode n-gram to remove malware functionality. The decision making module detects malware and recognizes suspected malware. Different classifiers were considered in the research methodology for the detection and classification of malware. Its effectiveness was validated on the basis of the accuracy of the complete process.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of ICT Research and Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.60

自引率

0.00%

发文量

审稿时长

24 weeks

期刊介绍： Journal of ICT Research and Applications welcomes full research articles in the area of Information and Communication Technology from the following subject areas: Information Theory, Signal Processing, Electronics, Computer Network, Telecommunication, Wireless & Mobile Computing, Internet Technology, Multimedia, Software Engineering, Computer Science, Information System and Knowledge Management. Authors are invited to submit articles that have not been published previously and are not under consideration elsewhere.