Discovering malware with time series shapelets

16Citations
Citations of this article
35Readers
Mendeley users who have this article in their library.

Abstract

Malicious software ('malware') detection systems are usually signature-based and cannot stop attacks by malicious files they have never encountered. To stop these attacks, we need statistical learning approaches to identify root patterns behind execution of malware. We propose a machine learning approach for detection of malware from portable executable (PE) files. We create an 'entropy time series' representation of the content of each file, and then apply a unique time series classification method (called 'shapelets') for identifying malware. The shapelet-based approach picks up local discriminative features from the entropy signals. Our approach is file format agnostic, can deal with varying lengths in input instances, and provides fast classification. We evaluate our method on an industrial dataset containing thousands of executable files, and comparison with state-of-the-art methods illustrates the performance of our approach. This work is the first to use time series shapelets for malware detection and information security applications.

Cite

CITATION STYLE

APA

Patri, O. P., Wojnowicz, M. T., & Wolff, M. (2017). Discovering malware with time series shapelets. In Proceedings of the Annual Hawaii International Conference on System Sciences (Vol. 2017-January, pp. 6079–6088). IEEE Computer Society. https://doi.org/10.24251/hicss.2017.734

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free