Please use this identifier to cite or link to this item:
|Title:||Feature Hierarchy Mining for Malware Classification|
|Abstract:||It is an established fact that Malware attacks are the most prominent form of cyber-attacks that newlinecould bring down any cyber-physical system. The mitigation of such attacks to cyber-physical newlinesystems relies on evolving detection systems that change with the realization of newer malware newlinefamilies and their related sub-classes. The objective of this work is to obtain a better newlineunderstanding of the signatures that define families and sub-classes of malwares and propose a newlineframework that scales to the volume and velocity at which newer malwares are created and newlineevolve. We believe that these signatures manifest as code and it is these signatures that help newlinecharacterize the evolution of malwares that generate new malwares. Related research in the area newlinelargely relies on a static definition of signatures and known counter measures have been rendered newlineineffective due to the sheer velocity of malware that are generated. In this work, we focused on newlinethe rootkit family of malwares that have produced an exploratory analysis to establish our newlinehypothesis that there exists a hierarchical relationship between features and signatures of newlinemalware families. Our framework uses an n-gram approach to extract features from samples raw newlinemalware executables. This results in a high dimensional feature space, far exceeding the number newlineof samples. The specific aim of this dissertation therefore includes feature selection, feature newlineweighing and ranking using both filter and wrapper based approaches. The dissertation is about newlineestablishment of hierarchical relationship amongst features and emphasizing on the conservation newlineof these hierarchical features across related families of malwares. newline12 newlineWe believe that rootkits offer the concealment of most complex variety of malware forms, by newlinepreventing the malicious processes that activate the malware to be read. The rootkit datasets used newlinein this work were to demonstrate the underlying applicability of the techniques and to evaluate newlinetheir efficacy in a contained class environment (hence minimizing the effect of exte|
|Appears in Departments:||Department of Computer Science and Engineering|
Files in This Item:
|prasenjit das.pdf||Attached File||2.58 MB||Adobe PDF||View/Open|
Items in Shodhganga are protected by copyright, with all rights reserved, unless otherwise indicated.