IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v11y2023i2p416-d1034129.html
   My bibliography  Save this article

Dynamic Extraction of Initial Behavior for Evasive Malware Detection

Author

Listed:
  • Faitouri A. Aboaoja

    (Faculty of Computing, Universiti Teknologi Malaysia, Iskandar Puteri 81310, Malaysia)

  • Anazida Zainal

    (Faculty of Computing, Universiti Teknologi Malaysia, Iskandar Puteri 81310, Malaysia)

  • Abdullah Marish Ali

    (Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia)

  • Fuad A. Ghaleb

    (Faculty of Computing, Universiti Teknologi Malaysia, Iskandar Puteri 81310, Malaysia)

  • Fawaz Jaber Alsolami

    (Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia)

  • Murad A. Rassam

    (Department of Information Technology, College of Computer, Qassim University, Buraidah 51452, Saudi Arabia)

Abstract

Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F 1 of 0.975.

Suggested Citation

  • Faitouri A. Aboaoja & Anazida Zainal & Abdullah Marish Ali & Fuad A. Ghaleb & Fawaz Jaber Alsolami & Murad A. Rassam, 2023. "Dynamic Extraction of Initial Behavior for Evasive Malware Detection," Mathematics, MDPI, vol. 11(2), pages 1-23, January.
    • Handle: RePEc:gam:jmathe:v:11:y:2023:i:2:p:416-:d:1034129
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/11/2/416/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2227-7390/11/2/416/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Ali Asghar Anvary Rostamy & Davood Khosroanjom & Ali Niknafs & Amin Anvary Rostamy, 2015. "Fuzzy AHP models for the evaluation of IT capability, data quality, knowledge management systems implementation and data security dimensions," International Journal of Operational Research, Inderscience Enterprises Ltd, vol. 22(2), pages 194-215.
    2. Wei-Cheng Lin & Yi-Ren Yeh, 2022. "Efficient Malware Classification by Binary Sequences with One-Dimensional Convolutional Neural Networks," Mathematics, MDPI, vol. 10(4), pages 1-14, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Arif Jamal Siddiqui & Sadaf Jahan & Maqsood Ahmed Siddiqui & Andleeb Khan & Mohammed Merae Alshahrani & Riadh Badraoui & Mohd Adnan, 2023. "Targeting Monoamine Oxidase B for the Treatment of Alzheimer’s and Parkinson’s Diseases Using Novel Inhibitors Identified Using an Integrated Approach of Machine Learning and Computer-Aided Drug Desig," Mathematics, MDPI, vol. 11(6), pages 1-17, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Tsung-Yu Chou & Yen-Ting Chen, 2020. "Applying Fuzzy AHP and TOPSIS Method to Identify Key Organizational Capabilities," Mathematics, MDPI, vol. 8(5), pages 1-16, May.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:11:y:2023:i:2:p:416-:d:1034129. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.