H HaddadPajouh
Intelligent OS X malware threat detection with code inspection
HaddadPajouh, H; Dehghantanha, A; Khayami, R; Choo, RKK
Authors
A Dehghantanha
R Khayami
RKK Choo
Abstract
With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. In this paper, we propose a supervised machine learning model. The model applies kernel base Support Vector Machine (SVM) and a novel weighting measure based on application library calls to detect OS X malware. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were is created. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%. All malware classification experiments are tested using cross validation technique. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset.
Journal Article Type | Article |
---|---|
Acceptance Date | Oct 7, 2017 |
Online Publication Date | Oct 20, 2017 |
Publication Date | Oct 20, 2017 |
Deposit Date | Oct 18, 2017 |
Publicly Available Date | Nov 1, 2017 |
Journal | Journal of Computer Virology and Hacking Techniques |
Print ISSN | 2274-2042 |
Electronic ISSN | 2263-8733 |
Publisher | Springer Verlag |
Volume | 14 |
Issue | 3 |
Pages | 213-223 |
DOI | https://doi.org/10.1007/s11416-017-0307-5 |
Publisher URL | http://dx.doi.org/10.1007/s11416-017-0307-5 |
Related Public URLs | http://www.springer.com/computer/journal/11416 |
Additional Information | Funders : European Council International Incoming Fellowship Grant Number: FP7-PEOPLE-2013-IIF |
Files
10.1007_s11416-017-0307-5.pdf
(1.9 Mb)
PDF
Licence
http://creativecommons.org/licenses/by/4.0/
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/