Signature-Based Malware Detection Using Sequences of N-grams

  • Authors

    • Alogba Moshood Abiola
    • Mohd Fadzli Marhusin
    2018-10-07
    https://doi.org/10.14419/ijet.v7i4.15.21432
  • N-grams, K-grams, Signature-based detection.

  • The focus of our study is on one set of malware family known as Brontok worms. These worms have long been a huge burden to most Windows-based user platforms. A prototype of the antivirus was able to scan files and accurately detect any traces of the Brontok malware signatures in the scanned files. In this study, we developed a detection model by extracting the signatures of the Brontok worms and used an n-gram technique to break down the signatures. This process makes the task to remove redundancies between the signatures of the different types of Brontok malware easier. Hence, it was used in this study to accurately differentiate between the signatures of both malicious and normal files. During the experiment, we have successfully detected the presence of Brontok worms while correctly identifying the benign ones. The techniques employed in the experiment provided some insight on creating a good signature-based detector, which could be used to create a more credible solution that eliminates any threats of old malware that may resurface in the future.

     

  • References

    1. [1] McDermid, J., 1989. ESEC'89: 2nd European Software Engineering Conference, University of Warwick, Coventry, UK, September 11-15, 1989. Proceeding (Vol. 387). Springer Science and Business Media.

      [2] Emm, D., Garnaeva, M., Ivanov, A., Makrushin, D., & Unuchek, R. (2015). IT threat evolution in Q2 2015. Kaspersky Lab.

      [3] Gianni. (2002), Brontok virus, http://no1tutorials.blogspot.my/2012/07/brontok-virus.html.

      [4] Microsoft. Worm:Win32/Brontok.AR@mm. Windows defender security intelligence, https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm% 3AWin32 %2FBrontok.AR%40mm

      [5] F-Secure. (2010). Email-Worm: W32/Brontok.N, http://www.f-secure.com/v-descs/brontok_n.shtml.

      [6] VX Heavens. Virus collection, http://vxer.org/.

      [7] Georgia Tech Information Security Center. (2017). Open malware, http://openmalware.org/.

      [8] Santos, I., Penya, Y. K., Devesa, J., & Bringas, P. G. (2009). N-grams-based file signatures for malware detection. ICEIS (2), 9, 317-320.

      [9] Marhusin, M. F. (2012). Improving the effectiveness of behaviour-based malware detection. PhD thesis, University of New South Wales.

      [10] VirusTotal, https://www.virustotal.com/#/home/upload.

      [11] Zeltser, L. Malware sample sources for researchers, https://zeltser.com/malware-sample-sources/.

  • Downloads

  • How to Cite

    Moshood Abiola, A., & Fadzli Marhusin, M. (2018). Signature-Based Malware Detection Using Sequences of N-grams. International Journal of Engineering & Technology, 7(4.15), 120-125. https://doi.org/10.14419/ijet.v7i4.15.21432