Skip to main content
SpringerLink
Log in

Linux Malware Detection Using eXtended–Symmetric Uncertainty

  • Conference paper
Security, Privacy, and Applied Cryptography Engineering (SPACE 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8804))

Abstract

We propose a novel two step dimensionality reduction approach based on correlation using machine learning techniques for identifying unseen malicious Executable Linkable Files (ELF). System calls used as features are dynamically extracted in a sandbox environment. The extended version of symmetric uncertainty (X-SU) proposed by us, ranks feature by determining Feature–Class correlation using entropy, information gain and further eliminate the redundant features by estimating Feature–Feature correlation using weighted probabilistic information gain. Three learning algorithms (J48, Adaboost and Random Forest) are employed to generate prediction models, from the system call traces. Optimal feature vector constructed using minimum feature length (27 no.) resulted in over all classification accuracy of 99.40% with very less false alarm to identify unknown malicious specimens.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T., et al.: A sense of self for Unix processes. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1996)

    Google Scholar 

  2. Breiman, L.: Random forests. Machine Learning 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  3. Yu, L., Liu, H.: Feature Selection for High-Dimensional Data: A Fast Correlation-Based Filter Solution. In: ICML, pp. 856–863 (2003)

    Google Scholar 

  4. Wang, X., Yu, W., Champion, A., Fu, X., Xuan, D.: Detecting Worms via Mining Dynamic Program Execution. In: Proceedings of Third International Conference on Security and Privacy in Communication Networks and the Workshops, SecureComm, pp. 412–421 (2007)

    Google Scholar 

  5. Mehdi, B., Tanwani, A.K., Farooq, M.: IMAD: In-execution Malware Analysis And Detection. In: Proceedings of the Generic and Evolutionary Conference, pp. 1553–1560 (2009)

    Google Scholar 

  6. Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 121–141. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA Data Mining Software: An Update. SIGKDD Explorations 11(1) (2009)

    Google Scholar 

  8. Mehdi, B., Ahmed, F., Khayyam, S.A., Farooq, M.: Towards a Theory of Generalizing System Call Representation For In–Execution malware Detection. In: Proceedings of the IEEE International Conference on Communication, pp. 1553–1560 (2010)

    Google Scholar 

  9. Shahzad, F., Bhatti, S., Shahzad, M., Farooq, M.: In-Execution Malware Detection using Task Structures of Linux Process. In: IEEE International Conference on Communication, pp. 1–6 (2011)

    Google Scholar 

  10. Shahzad, F., Farooq, M.: Elf-miner: Using structural knowledge and data mining methods to detect new (linux) malicious executables. Knowledge and Information Systems, 1–24 (2011)

    Google Scholar 

  11. Shahzad, F., Shahzad, M., Farooq, M.: In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS. Inf. Sci. 231, 45–63 (2013)

    Article  Google Scholar 

  12. Asmitha, K.A., Vinod, P.: A machine learning approach for linux malware detection. In: 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT), pp. 830–835. IEEE (2014)

    Google Scholar 

  13. Hall, E.F.M.A., Holmes, G., Kirkby, R., Pfahringer, B.: WEKA - A Machine Learning Workbench for Data Mining. In: The Data Mining and Knowledge Discovery Handbook, pp. 1305–1314 (2005)

    Google Scholar 

  14. Moskovitch, R., Stopel, D., Feher, C., Nissim, N., Japkowicz, N., Elovici, Y.: Unknown malcode detection and the imbalance problem. Journal in Computer Virology 5(4), 295–308 (2009)

    Article  Google Scholar 

  15. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware Analysis via Hardware Virtualization Extensions. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2008)

    Google Scholar 

  16. Vasudevan, A., Yerraballi, R.: Cobra: Finegrained Malware Analysis using Stealth Localized Executions. In: Proceedings of the IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  17. VX Heavens Virus Collection, http://vx.netlux.org (last accessed on January 20, 2014)

  18. Strace tool, http://sourceforge.net/projects/strace/ (last accessed on February 17, 2014)

  19. Server Security Survey Report (2013), https://www.bit9.com/research/2013-server-security-survey-report/ (last accessed on January 4, 2014)

  20. Global Threat Intelligence Report (2013), http://www.solutionary.com/research/threat-reports/annual-threat-report/ (last accessed on January 3, 2014)

  21. Open source automated malware analysis system, http://www.cuckoosandbox.org/ (last accessed on January 18, 2014)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, SCMS School of Engineering & Technology, Ernakulam, Kerala, India, 683 582

    K. A. Asmitha & P. Vinod

Authors
  1. K. A. Asmitha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. Vinod
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

    Rajat Subhra Chakraborty

  2. Department of Computer Systems and Communications, Masaryk University, Brno, Czech Republic

    Vashek Matyas

  3. The Bradley Department of Electrical and Computer Engineering, Virginia Tech., 24060, Blacksburg, VA, USA

    Patrick Schaumont

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Asmitha, K.A., Vinod, P. (2014). Linux Malware Detection Using eXtended–Symmetric Uncertainty. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2014. Lecture Notes in Computer Science, vol 8804. Springer, Cham. https://doi.org/10.1007/978-3-319-12060-7_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12060-7_21

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12059-1

  • Online ISBN: 978-3-319-12060-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation