Abstract
Malware analysis and detection are the most important activities to ensure system security. However, current attacks like polymorphic viruses and zero-day attacks that utilize signature-based methods complicate the detection process with accurate results. Therefore, this has—in turn—raised the need for more intelligent techniques to analyze the behavior of the malware rather than depending on the signature-based analyses. This paper proposes a machine learning-based model to analyze and detect the different types of malware. The system tries to determine the optimal feature representation and extraction and classification method that can lead to the best detection accuracy. Particularly, different machine learning algorithms were evaluated, including k-Nearest Neighbors (kNN), Multi-Layer Perceptron (MLP), Naive Bayes Classifier (NBC), Adaboost/XGBoost Decision Trees (ADT), and Support Vector Machines (SVM). The models were trained and tested using a new dataset that includes op-codes available in .asm format (generated using the IDA disassembler tool); it is a subset of data used in Kaggle for the Microsoft Classification challenges. Our empirical results revealed the superiority of the XGBoost-based model scoring an overall detection accuracy of 98.3%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kaspersky Labs (2017). What is malware, and how to defend against it? http://usa.kaspersky.com/internet-securitycenter/internet-safety/what-is-malware-andhow-to-protect-againstit#.WJZS9xt942x. Accessed 15 Feb 2017
Abu Al-Haija Q, Al-Dala’ien M (2022) ELBA-IoT: an ensemble learning model for botnet attack detection in IoT networks. J Sens Actuator Netw 11:18. https://doi.org/10.3390/jsan11010018
Aliyev V (2010) Using honeypots to study skill level of attackers based on the exploited vulnerabilities in the network. The Chalmers University of Technology
Horton J, Seberry J (1997) Computer viruses. An introduction. The University of Wollongong
Smith C, Matrawy A, Chow S, Abdelaziz B (2009) Computer worms: architectures, evasion strategies, and detection mechanisms. J Inf Assur Secur
Moffie M, Cheng W, Kaeli D, Zhao Q (2006) Hunting Trojan Horses. In: Proceedings of the 1st workshop on architectural and system support for improving software dependability
Chien E (2005) Techniques of adware and spyware. WWW document. https://www.symantec.com/avcenter/reference/techniques.of.adware.and.spyware.pdf
Lopez W, Guerra H, Pena E, Barrera E, Sayol J (2013) Keyloggers. Florida International University
Abu Al-Haija Q, Krichen M, Abu Elhaija W (2022) Machine-learning-based darknet traffic detection system for IoT applications. Electronics 11:556. https://doi.org/10.3390/electronics11040556
Prasad BJ, Annangi H, Pendyala KS (2016) Basic static malware analysis using open-source tools
Abu Al-Haija Q (2022) Top-down machine learning-based architecture for cyberattacks identification and classification in IoT communication networks. Front Big Data 4:782902
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Abu-Zaideh, S., Snober, M.A., Al-Haija, Q.A. (2023). Smart Boosted Model for Behavior-Based Malware Analysis and Detection. In: Joby, P.P., Balas, V.E., Palanisamy, R. (eds) IoT Based Control Networks and Intelligent Systems. Lecture Notes in Networks and Systems, vol 528. Springer, Singapore. https://doi.org/10.1007/978-981-19-5845-8_58
Download citation
DOI: https://doi.org/10.1007/978-981-19-5845-8_58
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-5844-1
Online ISBN: 978-981-19-5845-8
eBook Packages: EngineeringEngineering (R0)