Abstract
The growth of cyber-attacks that are carried out with malware have become more sophisticated on almost all networks. Furthermore, attacks with advanced malware have the greatest complexity which makes them very hard to detect. Advanced malware is able to obfuscate much of their traces through many mechanisms, such as metamorphic engines. Therefore, predictions and detections of such malware have become significant challenge for malware analyses mechanisms. In this paper, we propose a multi-dimensional machine learning approach to predict Stuxnet like malware from a dataset that consists of malware samples by using five distinguishing features of advanced malware. We define the features by analyzing advanced malware samples in the wild. Our approach uses regression models to predict advanced malware. We create a malware dataset from existing datasets that contain real samples for experimental purposes. Analyses results show that there are high correlations among some features of advanced malware. These provide better predictions scores, such as R2=0.8203 score for Stuxnet closeness feature. Experimental analyses show that our approach is able to predict Stuxnet like advanced malware if prediction features defined.
Original language | English |
---|---|
Pages (from-to) | 118-129 |
Number of pages | 12 |
Journal | Computer Networks |
Volume | 160 |
DOIs | |
Publication status | Published - 4 Sept 2019 |
Bibliographical note
Publisher Copyright:© 2019 Elsevier B.V.
Funding
This work is supported by Istanbul Teknik Üniversitesi under the BAP project, number MAB-2017-40642 .
Funders | Funder number |
---|---|
Istanbul Teknik Üniversitesi | MAB-2017-40642 |
Keywords
- Advanced malware
- API Call
- Classification
- Machine learning
- Prediction