Show simple item record

dc.contributor.authorBanin, Sergii
dc.contributor.authorDyrkolbotn, Geir Olav
dc.identifier.citationDigital Investigation. The International Journal of Digital Forensics and Incident Response. 2018, 26 107-117.nb_NO
dc.description.abstractBecause malicious software or (”malware”) is so frequently used in a cyber crimes, malware detection and relevant research became a serious issue in the information security landscape. However, in order to have an appropriate defense and post-attack response however, malware must not only be detected, but also categorized according to its functionality. It comes as no surprise that more and more malware is now made with the intent to avoid detection and research mechanisms. Despite sophisticated obfuscation, encryption, and anti-debug techniques, it is impossible to avoid execution on hardware, so hardware (“low-level”) activity is a promising source of features. In this paper, we study the applicability of low-level features for multinomial malware classification. This research is a logical continuation of a previously published paper (Banin et al., 2016) where it was proved that memory access patterns can be successfully used for malware detection. In this research we use memory access patterns to distinguish between 10 malware families and 10 malware types. In the results, we show that our method works better for classifying malware into families than into types, and analyze our achievements in detail. With satisfying classification accuracy, we show that thorough feature selection can reduce data dimensionality by a magnitude of 3 without significant loss in classification performance.nb_NO
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internasjonal*
dc.titleMultinomial malware classification via low-level featuresnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.source.journalDigital Investigation. The International Journal of Digital Forensics and Incident Responsenb_NO
dc.description.localcode© 2018 The Author(s). Published by Elsevier Ltd on behalf of DFRWS. This is an open access article underthe CC BY-NC-ND license (
cristin.unitnameInstitutt for informasjonssikkerhet og kommunikasjonsteknologi

Files in this item


This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal