Abstract—In the past, the number of malware was small, and signature-based anti-virus program could be used to effectively protect the system. Cyber attackers create a large number of variants of malwares with automated tools to avoid signature-based anti-virus programs. Creating signature for all the variants is quite expensive task. To solve this problem, defensive side has been tried to automatically detect the malware variants. Classifying malware families can be one way to solve them. In this paper, we extract novel features from frequency analysis of malware to classify malware family. We separate the malware into section level and apply DCT/DFT to each section. Experimental results show that the proposed method can achieves high accuracy and low operation cost.
Index Terms—Bootstrap aggregating, discrete cosine transform, frequency analysis, malware family, malware image, machine learning, Microsoft malware classification challenge.
Changhee Choi, Kyeongsik Lee, Hwaseong Lee, Ilhoon Jeong, and Hosang Yun are with Agency for Defense Development (ADD), Daejeon, South Korea (e-mail: changhee84@add.re.kr, n0fate@add.re.kr, hslee@add.re.kr, ihjeong@add.re.kr, yun_hosang@add.re.kr).
[PDF]
Cite:Changhee Choi, Kyeongsik Lee, Hwaseong Lee, Ilhoon Jeong, and Hosang Yun, "Malware Family Classification Based on Novel Features from Frequency Analysis," International Journal of Computer Theory and Engineering vol. 10, no. 4, pp. 135-138, 2018.