TY - GEN
T1 - Apoyo al SGSI por Medio de la Clasificación de Malware Empleando Análisis de Patrones
AU - Macias, Mauricio
AU - Barria, Cristian
AU - Acuna, Alejandra
AU - Cubillos, Claudio
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/12/8
Y1 - 2016/12/8
N2 - Nowadays, there are significant amounts of malware codes that are created every day. However, the majority of these samples (malware) are variations of other malware that have been already identified. Therefore, most of the analyzed malware have similar structure among them. In this investigation, we will present a technic to extract features throughout different abstraction levels in order to classify malware codes. This analysis is based on three factors: the position where the malware is detected, the functions' calls from each Dynamic Link Libraries (DLL) and the ten most frequently visited hexadecimals per each malware sample. Once those characteristics are obtained, a descriptive vector of each malware is built. This vector works as a training to different learning machines types (SVM, IBL, and Decision Tree) and as a classification of the variations of malware codes (Virus, Backdoor, Trojan, and Adware). The result in the precision of the classification was 78.38% average where 3 types of learning machines were combined. The classified type as virus and algorithm IB1 (Instance Based Learning, IBL) were considered more accurate. These results are a fundamental support to the management system in information security by combining traditional and new classification and detention techniques of malware codes.
AB - Nowadays, there are significant amounts of malware codes that are created every day. However, the majority of these samples (malware) are variations of other malware that have been already identified. Therefore, most of the analyzed malware have similar structure among them. In this investigation, we will present a technic to extract features throughout different abstraction levels in order to classify malware codes. This analysis is based on three factors: the position where the malware is detected, the functions' calls from each Dynamic Link Libraries (DLL) and the ten most frequently visited hexadecimals per each malware sample. Once those characteristics are obtained, a descriptive vector of each malware is built. This vector works as a training to different learning machines types (SVM, IBL, and Decision Tree) and as a classification of the variations of malware codes (Virus, Backdoor, Trojan, and Adware). The result in the precision of the classification was 78.38% average where 3 types of learning machines were combined. The classified type as virus and algorithm IB1 (Instance Based Learning, IBL) were considered more accurate. These results are a fundamental support to the management system in information security by combining traditional and new classification and detention techniques of malware codes.
KW - Classification
KW - DLL
KW - Hexadecimals
KW - Learning Machines
KW - Malware
KW - Position
KW - Precision
KW - SGSI
UR - http://www.scopus.com/inward/record.url?scp=85010460319&partnerID=8YFLogxK
U2 - 10.1109/ICA-ACCA.2016.7778516
DO - 10.1109/ICA-ACCA.2016.7778516
M3 - Conference contribution
AN - SCOPUS:85010460319
T3 - 2016 IEEE International Conference on Automatica, ICA-ACCA 2016
BT - 2016 IEEE International Conference on Automatica, ICA-ACCA 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE International Conference on Automatica, ICA-ACCA 2016
Y2 - 19 October 2016 through 21 October 2016
ER -