@article{2541,
  author = {Ban Khammas},
  title = {Malware Detection using Sub-Signatures and Machine Learning Technique},
  journal = {Journal of Information Security Research},
  year = {2018},
  volume = {9},
  number = {3},
  doi = {https://doi.org/10.6025/jisr/2018/9/2/96-106},
  url = {http://www.dline.info/jisr/fulltext/v9n3/jisrv9n3_2.pdf},
  abstract = {Malware is a major computer security concern as many computing systems are connected to the Internet. The number
of malware has increased over the years and new malware has emerged, where new variants are capable of evading conventional
system detection through obfuscations. One of the promising methods used to detect malware is machine learning (ML) techniques.
This work presents a static malware detection system using n-gram and machine learning techniques, using known malware subsignatures
to reduce large feature search spaces, which are generated due to n-gram feature extraction methods. The feature space
directly affects the performance and the detection accuracy of malware ML classifiers. Analysis of multiple feature selection
methods to minimize the number of features and analysis of multiple ML classifiers are also presented to improve the malware
detection accuracy. The results show that analyzing n-gram with Snort sub-signature features using machine learning give good
malware detection accuracy of more than 99.78% and zero FPR when 4-gram features are used for most of the verified ML
classifiers.},
}