NOA: An Information Retrieval Based Malware Detection System

Authors

  • Igor Santos S3Lab, DeustoTech – Computing, Deusto Institute of Technology, University of Deusto, Avenida de las Universidades 24, Bilbao
  • Xabier Ugarte-Pedrero S3Lab, DeustoTech – Computing, Deusto Institute of Technology, University of Deusto, Avenida de las Universidades 24, Bilbao
  • Felix Brezo S3Lab, DeustoTech – Computing, Deusto Institute of Technology, University of Deusto, Avenida de las Universidades 24, Bilbao
  • Pablo Garcia Bringas S3Lab, DeustoTech – Computing, Deusto Institute of Technology, University of Deusto, Avenida de las Universidades 24, Bilbao
  • José María Gómez-Hidalgo Optenet, Madrid

Keywords:

Malware detection, computer security, information retrieval, static analysis

Abstract

Malware refers to any type of code written with the intention of harming a computer or network. The quantity of malware being produced is increasing every year and poses a serious global security threat. Hence, malware detection is a critical topic in computer security. Signature-based detection is the most widespread method used in commercial antivirus solutions. However, signature-based detection can detect malware only once the malicious executable has caused damage and has been conveniently registered and documented. Therefore, the signature-based method fails to detect obfuscated malware variants. In this paper, a new malware detection system is proposed based on information retrieval. For the representation of executables, the frequency of the appearance of opcode sequences is used. Through this architecture a malware detection system prototype is developed and evaluated in terms of performance, malware variant recall (false negative ratio) and false positives.

Downloads

Download data is not yet available.

Downloads

Published

2013-03-22

How to Cite

Santos, I., Ugarte-Pedrero, X., Brezo, F., Bringas, P. G., & Gómez-Hidalgo, J. M. (2013). NOA: An Information Retrieval Based Malware Detection System. Computing and Informatics, 32(1), 145–174. Retrieved from http://147.213.75.17/ojs/index.php/cai/article/view/1470