Abstract
A number of machine learning based malware detection systems have been suggested to replace signature based detection methods. These systems have shown that they can provide a high detection rate when recognising non-previously seen malware samples. However, in systems based on behavioural features, some new malware can go undetected as a result of changes in behaviour compared to the training data. In this paper we analysed misclassified malware instances and investigated whether there were recognisable patterns across these misclassifications. Several questions needed to be understood: Can we claim that malware changes over time directly affect the detection rate? Do changes that affect classification occur in malware at the level of families, where all instances that belong to certain families are hard to detect? Alternatively, can such changes be traced back to certain malware variants instead of families? Our experiments showed that these changes are mostly due to behavioural changes at the level of variants across malware families where variants did not behave as expected. This can be due to the adoption of anti-virtualisation techniques, the fact that these variants were looking for a specific argument to be activated or it can be due to the fact that these variants were actually corrupted.
Original language | English |
---|---|
Title of host publication | ICISSP 2017 - Proceedings of the 3rd International Conference on Information Systems Security and Privacy |
Editors | Paolo Mori , Steven Furnell, Olivier Camp |
Publisher | SciTePress |
Pages | 101-112 |
Number of pages | 12 |
Volume | 2017-January |
ISBN (Electronic) | 9789897582097 |
DOIs | |
Publication status | Published - 19 Feb 2017 |
Event | 3rd International Conference on Information Systems Security and Privacy, ICISSP 2017 - Porto, Portugal Duration: 19 Feb 2017 → 21 Feb 2017 |
Conference
Conference | 3rd International Conference on Information Systems Security and Privacy, ICISSP 2017 |
---|---|
Country/Territory | Portugal |
City | Porto |
Period | 19/02/17 → 21/02/17 |
Keywords
- Behavioural Analysis
- Classification Algorithms
- Machine Learning
- Malware
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Science Applications