Malicious Detection Based on ReliefF and Boosting Multidimensional Features

  title={Malicious Detection Based on ReliefF and Boosting Multidimensional Features},
  author={Yangxia Luo},
  journal={J. Commun.},
—Aiming at the problem of large overhead and low accuracy on the identification of obfuscated and malicious code, a new algorithm is proposed to detect malicious code by identifying multidimensional features based on ReliefF and Boosting techniques. After a disassembly analysis and static analysis for the clustered malicious code families, the algorithm extracts features from four dimensions: two static properties (operation code sequences and bytecode sequence) and two features (system call… 

Figures and Tables from this paper

Detecting obfuscated suspicious JavaScript based on collaborative training
  • Hongcheng Wu, Sujuan Qin
  • Computer Science
    2017 IEEE 17th International Conference on Communication Technology (ICCT)
  • 2017
This paper summarizes the collaborative training model, and uses the trained obfuscation recognizer and the malicious recognizer to decide whether the code is malicious or not.
H6Proxy: Address forging and data-gram forwarding based attack testing proxy system in IPv6 network
An Address Forging and Data-Gram Forwarding based IPv6 Man-In-The-Middle Attack testing system to help user aware the security risks in IPv6 Networks.


Efficient Malicious Code Detection Using N-Gram Analysis and SVM
This paper proposes an approach that results in an effective n-gram feature extraction from malicious code for classifying executable as malicious or benign with the use of Support Vector Machines (SVM) as the machine learning classifier.
A Malicious Code Detection Method Based on Integrated Behavior Characterization
This paper presents a new malicious code detection algorithm based on behavior characteristics by importing improved attack tree model to describe the entity relationships during the malicious code execution time, named IBC-DA.
Detection of New Malicious Code Using N-grams Signatures
This work employs n-grams analysis to automatically generate signatures from malicious and benign software collections, capable of classifying unseen benign and malicious code.
Malware detection using assembly and API call sequences
This paper presents detection algorithms that can help the anti-virus community to ensure a variant of a known malware can still be detected without the need of creating a signature; a similarity analysis is performed to produce a matrix of similarity scores that can be utilized to determine the likelihood that a piece of code under inspection contains a particular malware.
Semantics-Based Malware Behavior Signature Extraction and Detection Method
This approach extracts critical malware behaviors as well as dependencies among these behaviors, integrating instruction-level taint analysis and behavior-level semantics analysis, and acquires anti-interference malware behavior signatures using anti-obfuscation engine.
A quantitative study of accuracy in system call-based malware detection
This paper presents a systematic approach to measure how the choice of behavioral models influences the quality of a malware detector, and suggests that accuracy is non-linear across the model space, and that analytical reasoning is insufficient for finding an optimal model, and has to be supplemented by testing and empirical measurements.
Fast malware family detection method using control flow graphs
A new method which can analyze and detect malware binaries using control flow graphs and Bloom filter by abstracting common characteristics of malware families is proposed.
A semantics-based approach to malware detection
This paper proposes a semantics-based framework for reasoning about malware detectors and proving properties such as soundness and completeness of these detectors, and uses a trace semantics to characterize the behavior of malware as well as that of the program being checked for infection.
Virtual machine monitor-based lightweight intrusion detection
A novel approach to intrusion detection of virtual server environments which utilizes only information available from the perspective of the virtual machine monitor (VMM), showing that by working entirely at the VMM-level, this approach is able to capture enough information to characterize normal executions and identify the presence of abnormal malicious behavior.
Unified threat model for analyzing and evaluating software threats
A case study for an online banking system is given to systematically demonstrate the application of unified threat models in software threat analysis and evaluation, demonstrating that the unified threat model is superior to traditional threat trees in accurately evaluating results, designing mitigation measures, and guiding software security testing.