Classifying advanced malware into families based on instruction link analysis

Abstract

With the ever-increasing growth of network resources, a great number of organizations are extremely dependent on the internet for operational activities as such, exposing their sensitive and confidential information to intrusion or invasion by saboteurs and corporate theft leaving them exposed and vulnerable. This revolution has led to the fast and emerging growth of malware with high complexity which circumnavigates a lot of security asset to keep safe sensitive organizational data. The development of these complex malware has become a big threat in today’s computing world such as Advanced Persistent Threats (APTs). APTs is customized for a specific target and can be subtly altered to avoid detection. In that, APTs attack is considered as a serious problem whose devastating effects cannot be overemphasized.
To combat this propagate, malware analysers have been deployed in Machine Learning and Data Mining techniques or the combination of both techniques to automatically spot malicious file. A lot of feature engineering approaches are explored to improve the performance of detection/classification system if feature engineering approach provides sufficient information of malware type for clustering purposes, then this indicates the possibility of developing learning method which performs better. In fact, there are motivations for incorporating feature selection in data classification employed on data from a machine learning perspective. The main focus of this research is on static analysis approach. To find the dominated features in one malware family, an experimentation with the association, link analysis, and segmentation algorithms are employed. The model performs on a publicly available dataset on Kaggle and GitHub. The experimental data gave supportive validation of the proposed feature selection model by Gaussian Mixer Model in R environment.