Discovering Malware with Time Series Shapelets
Date
2017-01-04
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
Malicious software (‘malware’) detection systems are usually signature-based and cannot stop attacks by malicious files they have never encountered. To stop these attacks, we need statistical learning approaches to identify root patterns behind execution of malware. We propose a machine learning approach for detection of malware from portable executable (PE) files. We create an ‘entropy time series’ representation of the content of each file, and then apply a unique time series classification method (called ‘shapelets’) for identifying malware. The shapelet-based approach picks up local discriminative features from the entropy signals. Our approach is file format agnostic, can deal with varying lengths in input instances, and provides fast classification. We evaluate our method on an industrial dataset containing thousands of executable files, and comparison with state-of-the-art methods illustrates the performance of our approach. This work is the first to use time series shapelets for malware detection and information security applications.
Description
Keywords
Antivirus, Entropy Analysis, File Content, Malware, Shapelets
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 50th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.