Feature Hierarchy Mining for Malware Classification

Abstract

It is an established fact that Malware attacks are the most prominent form of cyber-attacks that newlinecould bring down any cyber-physical system. The mitigation of such attacks to cyber-physical newlinesystems relies on evolving detection systems that change with the realization of newer malware newlinefamilies and their related sub-classes. The objective of this work is to obtain a better newlineunderstanding of the signatures that define families and sub-classes of malwares and propose a newlineframework that scales to the volume and velocity at which newer malwares are created and newlineevolve. We believe that these signatures manifest as code and it is these signatures that help newlinecharacterize the evolution of malwares that generate new malwares. Related research in the area newlinelargely relies on a static definition of signatures and known counter measures have been rendered newlineineffective due to the sheer velocity of malware that are generated. In this work, we focused on newlinethe rootkit family of malwares that have produced an exploratory analysis to establish our newlinehypothesis that there exists a hierarchical relationship between features and signatures of newlinemalware families. Our framework uses an n-gram approach to extract features from samples raw newlinemalware executables. This results in a high dimensional feature space, far exceeding the number newlineof samples. The specific aim of this dissertation therefore includes feature selection, feature newlineweighing and ranking using both filter and wrapper based approaches. The dissertation is about newlineestablishment of hierarchical relationship amongst features and emphasizing on the conservation newlineof these hierarchical features across related families of malwares. newline newline