KEMBAR78
Detection of Spyware by Mining Executable Files | DOC
Uploaded bySWAMI06
DOC, PDF220 views

Detection of Spyware by Mining Executable Files

This document proposes a method to detect spyware using data mining techniques. It extracts features from executable files and uses feature reduction to generate training data for classifiers to classify files as legitimate or spyware. The method involves collecting data, generating byte sequences and n-grams, extracting features using frequency-based and common-based approaches, reducing features, generating ARFF files for modeling, and training models using machine learning algorithms in WEKA, such as Naive Bayes and SVM, to classify new files.

Download to read offline
Detection of Spyware by Mining Executable Files Objectives The main objective of our project is to establish a method in spyware detection research using data mining techniques. These techniques are used for information retrieval and classification. In application of techniques, there was only one change that computer programs were used rather than text documents. In this project, binary features are extracted from executable files. A feature reduction method is then used to obtain a subset of data which is further used as a training set for automatically generating classifiers. In this method, the generated classifiers are used to classify new, previously unseen binaries as either legitimate software or spyware. We will use appropriate value of “n” in order to yield high performance, also suitable machine learning algorithm to produce high accuracy. Project idea The goal of the project is to detect spyware by using data mining and machine learning. We use the Waikato Environment for Knowledge Analysis (WEKA) to perform the experiments. WEKA is a suite of machine learning algorithms and analysis tools, which is used in practice for solving data mining problems. First, we extract features from the binary files and we then apply a feature reduction method in order to reduce data set complexity. Finally, we convert the reduced feature set into the Attribute Relation File Format (ARFF). ARFF files are ASCII text files that include a set of data instances, each described by a set of features. Figure 2.1 shows the steps involved in our proposed method. “Detection of Spyware by Mining Executable Files”
Figure 2.1: Proposed System We organized our work into following stages: 1. Data Collection 2. Byte Sequence Generation 3. N-gram Generation 4. Feature Extraction 5. Feature Reduction 6. ARFF Generation 7. Model Training Step 1: Data Collection “Detection of Spyware by Mining Executable Files”
Our data set consists of two classes of binary files: (1) Benign files (2) Spyware files. Step 2: Byte Sequence Generation This process makes file conversion from binary to byte sequence in each class. We use xxd, which is a UNIX based utility for conversion. Step 3: N-gram Generation This process pieces out the byte sequences into a desired size of “n” (namely 4, 5 and 6). An n-gram is a sequence of n elements. This process also makes sure that each line contains one n-gram and length of a single line is equal to the size of “n”. Step 4: Feature Extraction We extract the features by using two different approaches: Common Feature Based Extraction (CFBE) and Frequency Based Feature Extraction (FBFE). Both methods are used to obtain Reduced Feature Sets (RFSs) which are then used to generate the Attribute Relation File Format (ARFF) files. 1. Frequency Based Feature Extraction (FBFE): In FBFE, the frequency of each n-gram in each class is calculated. 2. Common Feature Based Extraction (CFBE): In CFBE, the common n-grams are extracted from each class. Step 5: Feature Reduction In FBFE, all n-grams within a specified frequency range (50-500) are extracted and the rest (1-49) are discarded. In CFBE, only one representation of each feature is “Detection of Spyware by Mining Executable Files”
considered in one class. To obtain Reduced Feature Sets (RFSs) for CFBE and FBFE, merge unique n-grams for both classes. Step 6: ARFF Generation (Data Set Generation) This process generates two ARFF databases: frequency based feature database and common feature based database. All attributes in database are treated as Boolean attributes. ARFF process searches for every n-gram in all byte sequences for a class and assign a value to the attribute which can be either “1” or “0” on the present/not present basis. Step 7: Model Training The ARFF file is used as input to WEKA for applying machine learning algorithms. The algorithms used in the experiment are: ZeroR, Naive Bayes, SVM (Support Vector Machines), J48, Random Forest and JRip. Hardware Requirements • Pentium Processor, 1.6 GHz or advanced • RAM, 128 MB or more • HDD, 40 GB or more. Software Requirements • Platform: Linux OS • Language: JAVA • Editor: G-Edit Editor • WEKA (Machine Learning Tool) “Detection of Spyware by Mining Executable Files”

More Related Content

DOC
ECET 375 Invent Yourself/newtonhelp.com
bylechenau125
 
PPTX
ICML 2017 Meta network
byKaty Lee
 
PDF
Optimization as a model for few shot learning
byKaty Lee
 
DOC
Program listds
byinvertis university
 
PDF
CSE5656 Complex Networks - Location Correlation in Human Mobility, Implementa...
byMarcello Tomasini
 
PPT
Artificial neural networks in hydrology
byJonathan D'Cruz
 
PPTX
Data structures and algorithms lab4
byBianca Teşilă
 
PPT
Active Object
bymelbournepatterns
 
ECET 375 Invent Yourself/newtonhelp.com
bylechenau125
 
ICML 2017 Meta network
byKaty Lee
 
Optimization as a model for few shot learning
byKaty Lee
 
Program listds
byinvertis university
 
CSE5656 Complex Networks - Location Correlation in Human Mobility, Implementa...
byMarcello Tomasini
 
Artificial neural networks in hydrology
byJonathan D'Cruz
 
Data structures and algorithms lab4
byBianca Teşilă
 
Active Object
bymelbournepatterns
 

Similar to Detection of Spyware by Mining Executable Files

PDF
A44090104
byIJERA Editor
 
PDF
[IJET-V1I2P2] Authors :Karishma Pandey, Madhura Naik, Junaid Qamar,Mahendra P...
byIJET - International Journal of Engineering and Techniques
 
PPTX
detection and classification of malware.pptx
byJamesFranklen
 
PDF
malware_detection_data_mining
byDavid Zivi
 
PDF
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
PPTX
Data mining for antivirus
byYaroup Alhamwi
 
PDF
proposal
byEhsan Moshiri
 
PDF
Zero day malware detection
bysujeeshkumarj
 
PDF
DETECTING MALWARE IN PORTABLE EXECUTABLE FILES USING MACHINE LEARNING APPROACH
byIJNSA Journal
 
PDF
A study of detecting computer viruses in real infected files in the n-gram re...
byUltraUploader
 
PDF
A hybrid model to detect malicious executables
byUltraUploader
 
PDF
H@dfex 2015 malware analysis
byCharles Lim
 
PDF
20170412 om patri pres 153pdf
byInternational Society of Service Innovation Professionals
 
PPTX
Malware Classification and Analysis
byPrashant Chopra
 
PPTX
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
PDF
Inbot10 vxclass
byzynamics GmbH
 
PDF
Classification of Malware based on Data Mining Approach
byijsrd.com
 
PDF
Fighting advanced malware using machine learning (English)
byFFRI, Inc.
 
PPTX
Today
bySherin Bennet
 
PDF
Adversarial machine learning for av software
byjunseok seo
 
A44090104
byIJERA Editor
 
[IJET-V1I2P2] Authors :Karishma Pandey, Madhura Naik, Junaid Qamar,Mahendra P...
byIJET - International Journal of Engineering and Techniques
 
detection and classification of malware.pptx
byJamesFranklen
 
malware_detection_data_mining
byDavid Zivi
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
Data mining for antivirus
byYaroup Alhamwi
 
proposal
byEhsan Moshiri
 
Zero day malware detection
bysujeeshkumarj
 
DETECTING MALWARE IN PORTABLE EXECUTABLE FILES USING MACHINE LEARNING APPROACH
byIJNSA Journal
 
A study of detecting computer viruses in real infected files in the n-gram re...
byUltraUploader
 
A hybrid model to detect malicious executables
byUltraUploader
 
H@dfex 2015 malware analysis
byCharles Lim
 
20170412 om patri pres 153pdf
byInternational Society of Service Innovation Professionals
 
Malware Classification and Analysis
byPrashant Chopra
 
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
Inbot10 vxclass
byzynamics GmbH
 
Classification of Malware based on Data Mining Approach
byijsrd.com
 
Fighting advanced malware using machine learning (English)
byFFRI, Inc.
 
Today
bySherin Bennet
 
Adversarial machine learning for av software
byjunseok seo
 

More from SWAMI06

DOCX
Secure Distibuted data discovery & dissemination IN WSN
bySWAMI06
 
PDF
ns2-project-list
bySWAMI06
 
DOCX
Heart disease prediction system
bySWAMI06
 
PPTX
Annotating Search Results from Web Databases
bySWAMI06
 
PPTX
Multimedia Answer Generation for Community Question Answering
bySWAMI06
 
DOCX
Keyword Query Routing
bySWAMI06
 
DOCX
A Hybrid Cloud Approach for Secure Authorized Deduplication
bySWAMI06
 
PPTX
Efficient Instant-Fuzzy Search With Proximity Ranking
bySWAMI06
 
PDF
Opinion Mining & Sentiment Analysis Based on Natural Language Processing
bySWAMI06
 
PPTX
A Segmentation based Sequential Pattern Matching for Efficient Video Copy De...
bySWAMI06
 
PPTX
Frequent itemset mining_on_hadoop
bySWAMI06
 
Secure Distibuted data discovery & dissemination IN WSN
bySWAMI06
 
ns2-project-list
bySWAMI06
 
Heart disease prediction system
bySWAMI06
 
Annotating Search Results from Web Databases
bySWAMI06
 
Multimedia Answer Generation for Community Question Answering
bySWAMI06
 
Keyword Query Routing
bySWAMI06
 
A Hybrid Cloud Approach for Secure Authorized Deduplication
bySWAMI06
 
Efficient Instant-Fuzzy Search With Proximity Ranking
bySWAMI06
 
Opinion Mining & Sentiment Analysis Based on Natural Language Processing
bySWAMI06
 
A Segmentation based Sequential Pattern Matching for Efficient Video Copy De...
bySWAMI06
 
Frequent itemset mining_on_hadoop
bySWAMI06
 

Recently uploaded

PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
PDF
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
PPTX
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
PDF
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
PPTX
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
PPTX
Chapter 4 Geosynthetics materials for soil improvement .pptx
byFanastic
 
PDF
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PPT
lec0_Introduction_to_cmos_vlsi_design.ppt
bysrijeett
 
PPTX
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
PDF
mariadbwebinardr07301000156458558219.pdf
byEduardo154255
 
PDF
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
PDF
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
PPTX
Introduction to engineering dynamics for structural engineering student
bytekalign24
 
PPTX
GEMM tiling for weight stationary NCKU AISlab
bye24111071
 
PDF
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PDF
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
DOCX
material selection for preparation of glider
bybityasteraye
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
All About Introduction to Artificial IntelligenceAI.pptx
byRAJASEKARAN G
 
Chapter 4 Geosynthetics materials for soil improvement .pptx
byFanastic
 
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
lec0_Introduction_to_cmos_vlsi_design.ppt
bysrijeett
 
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
mariadbwebinardr07301000156458558219.pdf
byEduardo154255
 
Energias renovables estudio energias.pdf
byCarlosPrezBuelga
 
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
Introduction to engineering dynamics for structural engineering student
bytekalign24
 
GEMM tiling for weight stationary NCKU AISlab
bye24111071
 
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
How Are Learning-Based Methods Reshaping Trajectory Planning in Autonomous D...
byimagnejane
 
material selection for preparation of glider
bybityasteraye
 

Detection of Spyware by Mining Executable Files

  • 1.
    Detection of Spywareby Mining Executable Files Objectives The main objective of our project is to establish a method in spyware detection research using data mining techniques. These techniques are used for information retrieval and classification. In application of techniques, there was only one change that computer programs were used rather than text documents. In this project, binary features are extracted from executable files. A feature reduction method is then used to obtain a subset of data which is further used as a training set for automatically generating classifiers. In this method, the generated classifiers are used to classify new, previously unseen binaries as either legitimate software or spyware. We will use appropriate value of “n” in order to yield high performance, also suitable machine learning algorithm to produce high accuracy. Project idea The goal of the project is to detect spyware by using data mining and machine learning. We use the Waikato Environment for Knowledge Analysis (WEKA) to perform the experiments. WEKA is a suite of machine learning algorithms and analysis tools, which is used in practice for solving data mining problems. First, we extract features from the binary files and we then apply a feature reduction method in order to reduce data set complexity. Finally, we convert the reduced feature set into the Attribute Relation File Format (ARFF). ARFF files are ASCII text files that include a set of data instances, each described by a set of features. Figure 2.1 shows the steps involved in our proposed method. “Detection of Spyware by Mining Executable Files”
  • 2.
    Figure 2.1: ProposedSystem We organized our work into following stages: 1. Data Collection 2. Byte Sequence Generation 3. N-gram Generation 4. Feature Extraction 5. Feature Reduction 6. ARFF Generation 7. Model Training Step 1: Data Collection “Detection of Spyware by Mining Executable Files”
  • 3.
    Our data setconsists of two classes of binary files: (1) Benign files (2) Spyware files. Step 2: Byte Sequence Generation This process makes file conversion from binary to byte sequence in each class. We use xxd, which is a UNIX based utility for conversion. Step 3: N-gram Generation This process pieces out the byte sequences into a desired size of “n” (namely 4, 5 and 6). An n-gram is a sequence of n elements. This process also makes sure that each line contains one n-gram and length of a single line is equal to the size of “n”. Step 4: Feature Extraction We extract the features by using two different approaches: Common Feature Based Extraction (CFBE) and Frequency Based Feature Extraction (FBFE). Both methods are used to obtain Reduced Feature Sets (RFSs) which are then used to generate the Attribute Relation File Format (ARFF) files. 1. Frequency Based Feature Extraction (FBFE): In FBFE, the frequency of each n-gram in each class is calculated. 2. Common Feature Based Extraction (CFBE): In CFBE, the common n-grams are extracted from each class. Step 5: Feature Reduction In FBFE, all n-grams within a specified frequency range (50-500) are extracted and the rest (1-49) are discarded. In CFBE, only one representation of each feature is “Detection of Spyware by Mining Executable Files”
  • 4.
    considered in oneclass. To obtain Reduced Feature Sets (RFSs) for CFBE and FBFE, merge unique n-grams for both classes. Step 6: ARFF Generation (Data Set Generation) This process generates two ARFF databases: frequency based feature database and common feature based database. All attributes in database are treated as Boolean attributes. ARFF process searches for every n-gram in all byte sequences for a class and assign a value to the attribute which can be either “1” or “0” on the present/not present basis. Step 7: Model Training The ARFF file is used as input to WEKA for applying machine learning algorithms. The algorithms used in the experiment are: ZeroR, Naive Bayes, SVM (Support Vector Machines), J48, Random Forest and JRip. Hardware Requirements • Pentium Processor, 1.6 GHz or advanced • RAM, 128 MB or more • HDD, 40 GB or more. Software Requirements • Platform: Linux OS • Language: JAVA • Editor: G-Edit Editor • WEKA (Machine Learning Tool) “Detection of Spyware by Mining Executable Files”