EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Combined dynamic multi-feature and rule-based behavior for accurate malware detection

Mohamed Belaoued, Abdelaziz Boukellal, Mohamed Amir Koalal, Abdelouahid Derhab, Smaine Mazouzi and Farrukh Aslam Khan

International Journal of Distributed Sensor Networks, 2019, vol. 15, issue 11, 1550147719889907

Abstract: Malware have become the scourge of the century, as they are continuously evolving and becoming more complex with increasing damages. Therefore, an adequate protection against such threats is vital. Behavior-based malware detection techniques have shown to be effective at overcoming the weaknesses of the signature-based ones. However, they are known for their high false alarms, which is still a very challenging problem. In this article, we address this shortcoming by proposing a rule-based behavioral malware detection system, which inherits the advantages of both signature and behavior-based approaches. We apply the proposed detection system on a combined set of three types of dynamic features, namely, (1) list of application programming interface calls; (2) application programming interface sequences; and (3) network traffic, which represents the IP addresses and domain names used by malware to connect to remote command-and-control servers. Feature selection and construction techniques, that is, term frequency–inverse document frequency and longest common subsequence, are performed on the three extracted features to generate new set of features, which are used to build behavioral Yet Another Recursive Acronym rules. The proposed malware detection approach is able to achieve an accuracy of 97.22% and a false positive rate of 4.69%.

Keywords: Malware detection; dynamic analysis; application programming interface sequences; network traffic (search for similar items in EconPapers)
Date: 2019
References: View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://journals.sagepub.com/doi/10.1177/1550147719889907 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:sae:intdis:v:15:y:2019:i:11:p:1550147719889907

DOI: 10.1177/1550147719889907

Access Statistics for this article

More articles in International Journal of Distributed Sensor Networks
Bibliographic data for series maintained by SAGE Publications ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:sae:intdis:v:15:y:2019:i:11:p:1550147719889907