Multiscale and Kolmogorov entropies as effective features for malware detection

Multiscale and Kolmogorov entropies as effective features for malware detection

연구 분야: Safety

학회: Journal of Computer Virology and Hacking Techniques

A variety of malicious software programs such as malware have been developed to damage computer systems for various purposes such as interfering users' daily tasks. Recently, there have been several studies focus on malware detection from different perspectives. Investigating the Opcodes of files is one of the famous approaches for malware detection. Recently, machine learning methods have been applied to distinguish extracted text features of Opcodes sequence into normal and malware files. Nevertheless, due to the length of sequences obtained from Opcodes, most of these methods discard considerable portions of Opcodes, resulting in a decrease in detection accuracy. In this paper, we address this problem by converting and treating Opcodes as discrete signals. At first, a signal is created by mapping the Opcodes of each file to a fixed number. After that, 15 informative entropy-based features have been elicited from the extracted signal of each file. We use machine learning classifiers such as random forest, different boosting classifiers and a convolutional neural network to detect malware-related features. The proposed method using 15 features archives an accuracy of 95.08%, which outperforms the counterparts. Among the entropy based features, composite multiscale entropy and Kolmogorov entropy provide the best accuracy over the famous benchmark.