Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation

Akshay Kapoor; Sunita Dhavale

doi:10.14429/dsj.66.9701

Akshay Kapoor Department of Computer Engineering, Defence Institute of Advanced Technology, Girinagar
Sunita Dhavale Department of Computer Engineering, Defence Institute of Advanced Technology, Girinagar

DOI: https://doi.org/10.14429/dsj.66.9701

Keywords: Bi normal separation, control flow graph, machine learning, malware detection

Abstract

Control flow graphs (CFG) and OpCodes extracted from disassembled executable files are widely used for malware detection. Most of the research in static analysis is focused on binary class malware detection which only classifies an executable as benign or malware. To overcome this issue, CFG based multiclass malware detection system that automatically classifies the malware into their respective families is proposed. The use Bi-normal separation (BNS) as a feature scoring metric. Experimental results show that proposed method using BNS outperforms compared to hitherto use technique of document Frequency for multiclass metamorphic malware detection and achieves detection accuracy of 99.5 per cent.

Author Biographies

Akshay Kapoor, Department of Computer Engineering, Defence Institute of Advanced Technology, Girinagar

Mr (Maj.) Akshay Kapoor has received MTech (Cyber Security) Defence Institute of Technology, Pune, in 2015. His research interests include: Malware analysis and cyber security.

Sunita Dhavale, Department of Computer Engineering, Defence Institute of Advanced Technology, Girinagar

Dr Sunita Vikrant Dhavale has received MTech (Computer Engineering) from VIT, Pune, in 2009 and PhD from Defence Institute of Technology, Pune, in 2015. Her research interests include: Information security, steganography, multimedia security and malware analysis.