A Hybrid Wrapper-Filter Approach for Malware Detection

Mamoun Alazab, Shamsul Huda, Jemal Abawajy, Rafiqul Islam, John Yearwood, S Venkatraman, Roderic Broadhurst

    Research output: Contribution to journalArticle

    Abstract

    This paper presents an efficient and novel approach for malware detection. The proposed approach uses a hybrid wrapper-filter model for malware feature selection, which combines Maximum Relevance (MR) filter heuristics and Artificial Neural Net Input Gain Measurement Approximation (ANNIGMA) wrapper heuristic for sub-set selection by capitalizing on each classifier’s strengths. The novelty of the proposed approach is that it injects the intrinsic characteristics of data obtained by the filter into the wrapper stage and combines this with wrapper’s heuristic score. This in turn can reduce the search space and guide the search for the most significant malware features that assist in detection. Extensive cross-validated experimental investigations on actual malware datasets were conducted to evaluate the performance of the proposed model. The model was compared with several existing models including independent wrapper and filter approaches. The results of the model’s performance on both obfuscated malware as well as benign datasets showed that the proposed hybrid MRANNIGMA model out-performed the independent filter and wrapper approaches by achieving the highest accuracy of 97%. Furthermore, this hybrid model improved execution time by using a more compact set of operation code features, and also reduced the rate of false positives. Index Terms—Malware, opcodes, feature selection, wrapperfilter, neural network, multi-layer perceptron networks
    Original languageEnglish
    Pages (from-to)2878-2891
    JournalJournal of Networks
    Volume9
    Issue number11
    DOIs
    Publication statusPublished - 2014

    Fingerprint Dive into the research topics of 'A Hybrid Wrapper-Filter Approach for Malware Detection'. Together they form a unique fingerprint.

    Cite this