Please use this identifier to cite or link to this item:

Discovering Malware with Time Series Shapelets

File Size Format  
paper0749.pdf 2.63 MB Adobe PDF View/Open

Item Summary

Title:Discovering Malware with Time Series Shapelets
Authors:Patri, Om
Wojnowicz, Michael
Wolff, Matt
Entropy Analysis
File Content
Date Issued:04 Jan 2017
Abstract:Malicious software (‘malware’) detection systems are usually signature-based and cannot stop attacks by malicious files they have never encountered. To stop these attacks, we need statistical learning approaches to identify root patterns behind execution of malware. We propose a machine learning approach for detection of malware from portable executable (PE) files. We create an ‘entropy time series’ representation of the content of each file, and then apply a unique time series classification method (called ‘shapelets’) for identifying malware. The shapelet-based approach picks up local discriminative features from the entropy signals. Our approach is file format agnostic, can deal with varying lengths in input instances, and provides fast classification. We evaluate our method on an industrial dataset containing thousands of executable files, and comparison with state-of-the-art methods illustrates the performance of our approach. This work is the first to use time series shapelets for malware detection and information security applications.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Deception, Digital Forensics, and Malware Minitrack

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons