University of Rwanda Digital Repository

A Feature Engineering Approach for Classification and Detection of Polymorphic Malware using Machine Learning

Show simple item record

dc.contributor.author Masabo, Emmanuel
dc.date.accessioned 2020-04-03T11:31:16Z
dc.date.available 2020-04-03T11:31:16Z
dc.date.issued 2019-12
dc.identifier.citation
dc.identifier.citation http://events.mak.ac.ug/sites/default/files/2019-10/Makerere-CoCIS-Masabo-Emmanuel-PhD-Abstract-31stOct2019.pdf
dc.identifier.uri http://hdl.handle.net/123456789/942
dc.identifier.uri http://events.mak.ac.ug/sites/default/files/2019-10/Makerere-CoCIS-Masabo-Emmanuel-PhD-Abstract-31stOct2019.pdf
dc.description PhD Thesis en_US
dc.description.abstract Malicious software have evolved as a major threat in Computer Systems. These threats aim at compromising systems from low level to high level, from individuals to large corporations or even government institutions. Their creation technology is constantly evolving by using sophisticated tactics to create multiple instances of the existing ones, by encrypting the malicious payload as well as changing the code structure at each infection, while retaining the same functionality. Due to polymorphism in today’s malware, current solutions are not yet able to sufficiently address this problem. Such solutions are mostly signature-based and a changing malware means a changing signature. Generally, the detection rate should be 100% in an ideal setup. However, there is a high rate of False Positives and False Negatives. The frequent updating of signature-based systems requires more resources. Previous research shows that current malware detection rate by anti-malware products is between 25% and 50%. They easily evade detection and classification in their respective families is also hard, making it more difficult to eliminate them. This study addresses this problem by providing a structured deeper analysis of key features or parameters that enable polymorphism in malware. This study proposed a Novel Feature Engineering (NFE) approach for a better classification and detection of polymorphic malware based on structural and behavioural features. Key features were highly engineered to help in building powerful classification and detection models. This research employs NFE approach to create an improved malware classification model. Three classifiers namely KNN, Linear Discriminant Analysis and Gradient Boosting Machine (GBM) were used for this task. The best model achieved an accuracy of 94% on malware classification. This research also developed an early-stage Deep learning based detection model. The experiments achieved an earlier detection accuracy of 99.66% within the first five seconds of file execution. The solutions provided by this research will revolutionize anti-malware industry in creating better protection mechanisms en_US
dc.language.iso en en_US
dc.publisher Makerere University en_US
dc.source.uri http://events.mak.ac.ug/sites/default/files/2019-10/Makerere-CoCIS-Masabo-Emmanuel-PhD-Abstract-31stOct2019.pdf
dc.subject Machine learning en_US
dc.subject Supervised learning (Machine learning) en_US
dc.subject Graphic methods en_US
dc.title A Feature Engineering Approach for Classification and Detection of Polymorphic Malware using Machine Learning en_US
dc.type Thesis en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search Repository


Browse

My Account