SlideShare a Scribd company logo

Today

Download as PPTX, PDF
Sherin Bennet, profile picture
Sherin Bennet

This document discusses detecting malware using n-grams and machine learning algorithms. It analyzes executable files to extract n-gram sequences from the opcode, creates a feature vector table (FVT) of n-grams and their frequencies. This FVT is used to train and test machine learning classifiers like J48, SVM, and Random Forest. Dimensionality reduction using PCA is also applied before classification. The models are evaluated based on metrics like accuracy, misclassification rate, and precision on n-gram datasets of different sizes. Random Forest performs best with over 95% accuracy on 2-grams.

Software
1 of 30
Downloaded 63 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Malware Detection using n-grams and Evaluation using Machine Learning Algorithms 11MSE0195-SHERIN JOSEPHIN B
Abstract ‱ Computer security has been a major concern in today's scenario. The term Malware is used to denote bad software which hacks the computer security in the present world. ‱ While most of the anti-virus software fails to detects new virus. Thus n-grams as file signature can help us to detect own malware and reduce false positive ratio. ‱ Further the dataset is optimized by using feature selection algorithm. The final Featured Vector Table obtained from feature selection and dimension reduction will be compared and evaluated using various machine learning algorithms.
Aim and Scope ‱ The aim of this project is to detect malware files using n- gram analysis and evaluate it using machine learning algorithm. ‱ As many antivirus software fails to detect new virus, using n-gram as a model, will detect malware files efficiently. ‱ This project will focus on developing a better tool to detect the malware files taking into consideration space complexity. ‱ It is currently used in industries. Every industry mainly focuses on securing the data. Anti-virus software like Kaspersky, K7 uses this technique to detect malware files.
LITERATURE SURVEY
LITERATURE SURVEY...
LITERATURE SURVEY... S.N TITLE ABSTRACT TECHNIQUES ADVANTAGES 8. “Static Malware Detection with Segmented Sandboxing” This is study is about Taking the best part from both static and dynamic detection approach, which is called “Segmented Sandboxing” is applied to detect malware files. 1. segmented sandboxing Higher detection rate (compare previous data) 9. .,“N grams based file signature for malware detection”. This study proposes the use of n-grams as file signatures in order to detect unknown malware 1.n-grams low false positive ratio. 10. “A Hybrid Model to Detect Malicious Executables”. This paper proposes featuthe re set is called hybrid feature set which is given to support vector machine which classify malware and benign files. 1.n-grams 2.SVM 1.high accuracy 2. low false positive rate 11. Detection of New Malicious Code Using N- grams Signatures”. This paper says about the n- gram analysis that classify the malware and benign . 1.n-grams 1. efficient 2. Scalable 3. practical solutions
Architecture
Detailed Design
Module Description MODULE 1: Dataset preparation -executable files (benign or malware file) are disassembled using a disassembler. -assembly code is parsed. The opcode sequence is collected in Dataset. MODULE 2 : Create Feature Vector Table( FVT )by n-grams extraction - Dataset is classified as Training data and Testing data. - The training data is used for n-gram extraction. - These extracted n-grams are stored in a table called Feature Vector Table (FVT). - Feature Vector Table consists opcode, its frequency count and respective class MODULE 3 : Employing Feature Reduction Algorithm - PCA MODULE 4: Classification using Machine Learning Algorithm - J48,Support Vector Machine(SVM) and Random Forest
UML Design ‱USE CASE DIAGRAM ‱CLASS DIAGRAM ‱SEQUENCE DIAGRAM ‱ACTIVITY DIAGRAM ‱STATE CHART DIAGRAM
USE CASE DIAGRAM
CLASS DIAGRAM
Sequence Diagram
Activity Diagram
State Traction
Results and Discussion With PCA Without PCA 2 grams 8 216 3 grams 9 256 4 grams 8 256 With Feature Selection Algorithm
2-grams Random Forest SVM J48 Classified 95% 82.50% 88% Misclassified 12.30% 82.50% 36.40% Precision 95.00% 68.10% 86.90% Performance Table for 2grams
Graphic view for 2grams 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Random Forest SVM J48 TPR FPR Precision
Performance Table for 3grams 3-grams Random Forest SVM J48 Classified 92% 94.70% 84% Misclassified 52.10% 34.70% 53.20% Precision 92.80% 95.00% 84.20%
Graphic view for 3grams 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Random Forest SVM J48 TPR FPR Precision
Normal Code and Obfuscated Code
Disassembling the executables
Parser
N-grams extraction
Opcode and its frequency and class
Data set
Before PCA
After Feature Selection- PCA
Classification
Today

More Related Content

PPTX
A review of machine learning based anomaly detection
Mohamed Elfadly
 
PPTX
Machine learning in computer security
Kishor Datta Gupta
 
PPTX
Anomaly detection, part 1
David Khosid
 
PDF
ieee project topic & abstracts in php
aswin tbbc
 
PPTX
Spam detection using machine learning based binary classifier_043660
syaidatulamirah
 
PPTX
Subverting Machine Learning Detections for fun and profit
Ram Shankar Siva Kumar
 
ODP
Malware Dectection Using Machine learning
Shubham Dubey
 
PPTX
Anomaly Detection for Security
Cody Rioux
 
A review of machine learning based anomaly detection
Mohamed Elfadly
 
Machine learning in computer security
Kishor Datta Gupta
 
Anomaly detection, part 1
David Khosid
 
ieee project topic & abstracts in php
aswin tbbc
 
Spam detection using machine learning based binary classifier_043660
syaidatulamirah
 
Subverting Machine Learning Detections for fun and profit
Ram Shankar Siva Kumar
 
Malware Dectection Using Machine learning
Shubham Dubey
 
Anomaly Detection for Security
Cody Rioux
 

What's hot (20)

PPSX
04 intel v_tune_session_05
Vivek Singh Chandel
 
DOCX
A malware detection method for health sensor data based on machine learning
jaigera
 
PPTX
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
DOCX
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
IEEEGLOBALSOFTSTUDENTPROJECTS
 
PDF
IRJET - Survey on Malware Detection using Deep Learning Methods
IRJET Journal
 
PPTX
Infiltrate 2015 - Data Driven Offense
Ram Shankar Siva Kumar
 
PDF
Artificial immune system against viral attack
UltraUploader
 
PPTX
Outlier detection for high dimensional data
Parag Tamhane
 
PPTX
Cyber intrusion
Kishor Datta Gupta
 
PDF
Automatically generated win32 heuristic
poojamancharkar
 
PPTX
Penetration testing
Nameen Singh
 
PDF
Quick presentation for the OpenML workshop in Eindhoven 2014
Manuel MartĂ­n
 
PPTX
fault localization in computer network..
CDAC PUNE
 
DOCX
robust malware detection for iot devices using deep eigen space learning
Venkat Projects
 
DOCX
Security evaluation of pattern classifiers under attack
Shakas Technologies
 
PDF
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Kent State University
 
PPTX
DM for IDS
Nesma Mahmoud
 
DOC
Security evaluation of pattern classifiers under attack
Papitha Velumani
 
PDF
AI approach to malware similarity analysis: Maping the malware genome with a...
Priyanka Aash
 
PPTX
Malware Detection Using Data Mining Techniques
Akash Karwande
 
04 intel v_tune_session_05
Vivek Singh Chandel
 
A malware detection method for health sensor data based on machine learning
jaigera
 
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
IEEE 2014 JAVA PARALLEL DISTRIBUTED PROJECTS On false-data-injection-attacks-...
IEEEGLOBALSOFTSTUDENTPROJECTS
 
IRJET - Survey on Malware Detection using Deep Learning Methods
IRJET Journal
 
Infiltrate 2015 - Data Driven Offense
Ram Shankar Siva Kumar
 
Artificial immune system against viral attack
UltraUploader
 
Outlier detection for high dimensional data
Parag Tamhane
 
Cyber intrusion
Kishor Datta Gupta
 
Automatically generated win32 heuristic
poojamancharkar
 
Penetration testing
Nameen Singh
 
Quick presentation for the OpenML workshop in Eindhoven 2014
Manuel MartĂ­n
 
fault localization in computer network..
CDAC PUNE
 
robust malware detection for iot devices using deep eigen space learning
Venkat Projects
 
Security evaluation of pattern classifiers under attack
Shakas Technologies
 
Design and Implementation of Artificial Immune System for Detecting Flooding ...
Kent State University
 
DM for IDS
Nesma Mahmoud
 
Security evaluation of pattern classifiers under attack
Papitha Velumani
 
AI approach to malware similarity analysis: Maping the malware genome with a...
Priyanka Aash
 
Malware Detection Using Data Mining Techniques
Akash Karwande
 
Ad

Viewers also liked (9)

PPTX
An Introduction to Malware Classification
John Seymour
 
PPT
NIDS ppt
Mahendar Reddy
 
PPTX
Antivirus - Virus detection and removal methods
Somanath Kavalase
 
DOCX
Discovery and verification Documentation
Sambit Dutta
 
PDF
Malware classification and detection
Chong-Kuan Chen
 
PDF
60780174 49594067-cs1403-case-tools-lab-manual
Chitrarasan Kathiravan
 
PPT
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
DOCX
Fr app e detecting malicious facebook applications
CloudTechnologies
 
PPTX
Computer Virus powerpoint presentation
shohrabkhan
 
An Introduction to Malware Classification
John Seymour
 
NIDS ppt
Mahendar Reddy
 
Antivirus - Virus detection and removal methods
Somanath Kavalase
 
Discovery and verification Documentation
Sambit Dutta
 
Malware classification and detection
Chong-Kuan Chen
 
60780174 49594067-cs1403-case-tools-lab-manual
Chitrarasan Kathiravan
 
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Fr app e detecting malicious facebook applications
CloudTechnologies
 
Computer Virus powerpoint presentation
shohrabkhan
 
Ad

Similar to Today (20)

PDF
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
ijaia
 
PDF
A study of detecting computer viruses in real infected files in the n-gram re...
UltraUploader
 
PDF
Automated malware invariant generation
UltraUploader
 
PDF
A hybrid model to detect malicious executables
UltraUploader
 
PDF
Zero day malware detection
sujeeshkumarj
 
PPT
CISC 879 - Machine Learning for Solving Systems Problems
butest
 
PPT
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
Silvio Cesare
 
PPTX
MALWISE
Febin Joy Kaviyil
 
PPTX
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith Jones, PhD
 
PDF
Design and Development of an Efficient Malware Detection Using ML
Siva krishnam raju Patsamatla
 
PPTX
malware detection ppt for vtu project and other final year project
NaveenAd4
 
PDF
Malwise-Malware Classification and Variant Extraction
IOSR Journals
 
PPTX
Malware Detector
Abhishek Jindal
 
PDF
A novel ensemble-based approach for Windows malware detection
IAESIJAI
 
PPTX
Malware Classification and Analysis
Prashant Chopra
 
PDF
Classification of Malware based on Data Mining Approach
ijsrd.com
 
PPT
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
AAKANKSHA JAIN
 
PPT
Malware Classification Using Structured Control Flow
Silvio Cesare
 
PDF
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
IJCSIS Research Publications
 
PDF
Inbot10 vxclass
zynamics GmbH
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
ijaia
 
A study of detecting computer viruses in real infected files in the n-gram re...
UltraUploader
 
Automated malware invariant generation
UltraUploader
 
A hybrid model to detect malicious executables
UltraUploader
 
Zero day malware detection
sujeeshkumarj
 
CISC 879 - Machine Learning for Solving Systems Problems
butest
 
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malwa...
Silvio Cesare
 
MALWISE
Febin Joy Kaviyil
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith Jones, PhD
 
Design and Development of an Efficient Malware Detection Using ML
Siva krishnam raju Patsamatla
 
malware detection ppt for vtu project and other final year project
NaveenAd4
 
Malwise-Malware Classification and Variant Extraction
IOSR Journals
 
Malware Detector
Abhishek Jindal
 
A novel ensemble-based approach for Windows malware detection
IAESIJAI
 
Malware Classification and Analysis
Prashant Chopra
 
Classification of Malware based on Data Mining Approach
ijsrd.com
 
DETECTION OF MALICIOUS EXECUTABLES USING RULE BASED CLASSIFICATION ALGORITHMS
AAKANKSHA JAIN
 
Malware Classification Using Structured Control Flow
Silvio Cesare
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
IJCSIS Research Publications
 
Inbot10 vxclass
zynamics GmbH
 

Recently uploaded (20)

PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Transform Your Business with a Software ERP System
Canada Software Company
 
System and Network Administration Chapter 2
jaramharo
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
System and Network Administraation Chapter 3
jaramharo
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 

Today

  • 1. Malware Detection using n-grams and Evaluation using Machine Learning Algorithms 11MSE0195-SHERIN JOSEPHIN B
  • 2. Abstract ‱ Computer security has been a major concern in today's scenario. The term Malware is used to denote bad software which hacks the computer security in the present world. ‱ While most of the anti-virus software fails to detects new virus. Thus n-grams as file signature can help us to detect own malware and reduce false positive ratio. ‱ Further the dataset is optimized by using feature selection algorithm. The final Featured Vector Table obtained from feature selection and dimension reduction will be compared and evaluated using various machine learning algorithms.
  • 3. Aim and Scope ‱ The aim of this project is to detect malware files using n- gram analysis and evaluate it using machine learning algorithm. ‱ As many antivirus software fails to detect new virus, using n-gram as a model, will detect malware files efficiently. ‱ This project will focus on developing a better tool to detect the malware files taking into consideration space complexity. ‱ It is currently used in industries. Every industry mainly focuses on securing the data. Anti-virus software like Kaspersky, K7 uses this technique to detect malware files.
  • 6. LITERATURE SURVEY... S.N TITLE ABSTRACT TECHNIQUES ADVANTAGES 8. “Static Malware Detection with Segmented Sandboxing” This is study is about Taking the best part from both static and dynamic detection approach, which is called “Segmented Sandboxing” is applied to detect malware files. 1. segmented sandboxing Higher detection rate (compare previous data) 9. .,“N grams based file signature for malware detection”. This study proposes the use of n-grams as file signatures in order to detect unknown malware 1.n-grams low false positive ratio. 10. “A Hybrid Model to Detect Malicious Executables”. This paper proposes featuthe re set is called hybrid feature set which is given to support vector machine which classify malware and benign files. 1.n-grams 2.SVM 1.high accuracy 2. low false positive rate 11. Detection of New Malicious Code Using N- grams Signatures”. This paper says about the n- gram analysis that classify the malware and benign . 1.n-grams 1. efficient 2. Scalable 3. practical solutions
  • 9. Module Description MODULE 1: Dataset preparation -executable files (benign or malware file) are disassembled using a disassembler. -assembly code is parsed. The opcode sequence is collected in Dataset. MODULE 2 : Create Feature Vector Table( FVT )by n-grams extraction - Dataset is classified as Training data and Testing data. - The training data is used for n-gram extraction. - These extracted n-grams are stored in a table called Feature Vector Table (FVT). - Feature Vector Table consists opcode, its frequency count and respective class MODULE 3 : Employing Feature Reduction Algorithm - PCA MODULE 4: Classification using Machine Learning Algorithm - J48,Support Vector Machine(SVM) and Random Forest
  • 10. UML Design ‱USE CASE DIAGRAM ‱CLASS DIAGRAM ‱SEQUENCE DIAGRAM ‱ACTIVITY DIAGRAM ‱STATE CHART DIAGRAM
  • 16. Results and Discussion With PCA Without PCA 2 grams 8 216 3 grams 9 256 4 grams 8 256 With Feature Selection Algorithm
  • 17. 2-grams Random Forest SVM J48 Classified 95% 82.50% 88% Misclassified 12.30% 82.50% 36.40% Precision 95.00% 68.10% 86.90% Performance Table for 2grams
  • 18. Graphic view for 2grams 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Random Forest SVM J48 TPR FPR Precision
  • 19. Performance Table for 3grams 3-grams Random Forest SVM J48 Classified 92% 94.70% 84% Misclassified 52.10% 34.70% 53.20% Precision 92.80% 95.00% 84.20%
  • 20. Graphic view for 3grams 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Random Forest SVM J48 TPR FPR Precision
  • 21. Normal Code and Obfuscated Code
  • 25. Opcode and its frequency and class