EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Dynamic Extraction of Initial Behavior for Evasive Malware Detection

Faitouri A. Aboaoja (), Anazida Zainal, Abdullah Marish Ali, Fuad A. Ghaleb, Fawaz Jaber Alsolami and Murad A. Rassam
Additional contact information
Faitouri A. Aboaoja: Faculty of Computing, Universiti Teknologi Malaysia, Iskandar Puteri 81310, Malaysia
Anazida Zainal: Faculty of Computing, Universiti Teknologi Malaysia, Iskandar Puteri 81310, Malaysia
Abdullah Marish Ali: Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Fuad A. Ghaleb: Faculty of Computing, Universiti Teknologi Malaysia, Iskandar Puteri 81310, Malaysia
Fawaz Jaber Alsolami: Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Murad A. Rassam: Department of Information Technology, College of Computer, Qassim University, Buraidah 51452, Saudi Arabia

Mathematics, 2023, vol. 11, issue 2, 1-23

Abstract: Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F 1 of 0.975.

Keywords: malware analysis approaches; machine learning-based malware detection models; evasive malware; feature extraction methods; box-whisker plot algorithm (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2023
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://www.mdpi.com/2227-7390/11/2/416/pdf (application/pdf)
https://www.mdpi.com/2227-7390/11/2/416/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:11:y:2023:i:2:p:416-:d:1034129

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jmathe:v:11:y:2023:i:2:p:416-:d:1034129