Document Type
Article
Publication Date
2-2012
Abstract
Organizations increasingly rely on the confidentiality, integrity and availability of their information and communications technologies to conduct effective business operations while maintaining their competitive edge. Exploitation of these networks via the introduction of undetected malware ultimately degrades their competitive edge, while taking advantage of limited network visibility and the high cost of analyzing massive numbers of programs. This article introduces the novel Malware Target Recognition (MaTR) system which combines the decision tree machine learning algorithm with static heuristic features for malware detection. By focusing on contextually important static heuristic features, this research demonstrates superior detection results. Experimental results on large sample datasets demonstrate near ideal malware detection performance (99.9+% accuracy) with low false positive (8.73e-4) and false negative rates (8.03e-4) at the same point on the performance curve. Test results against a set of publicly unknown malware, including potential advanced competitor tools, show MaTR’s superior detection rate (99%) versus the union of detections from three commercial antivirus products (60%). The resulting model is a fine granularity sensor with potential to dramatically augment cyberspace situation awareness.
DOI
10.1016/j.cose.2011.09.002
Source Publication
Computers & Security
Recommended Citation
Dube, T. E., Raines, R. A., Peterson, G. L., Bauer, K. W., Grimaila, M. R., & Rogers, S. K. (2012). Malware target recognition via static heuristics. Computers & Security, 31(1), 137–147. https://doi.org/10.1016/j.cose.2011.09.002
Comments
AFIT Scholar furnishes the draft version of this article. The published version of record appears in Computers & Security and is available by subscription through the DOI link in the citation below.