Classification of Polymorphic Virus Based on Integrated Features

Isredza Rahmi A Hamid, Sharmila Subramaniam, Zubaile Abdullah


Standard virus classification relies on the use of virus function, which is a small number of bytes written in assembly language. The addressable problem with current malware intrusion detection and prevention system is having difficulties in detecting unknown and multipath polymorphic computer virus solely based on either static or dynamic features. Thus, this paper presents an effective and efficient polymorphic classification technique based on integrated features. The integrated feature is selected based on Information Gain (IG) rank value between static and dynamic features. Then, all datasets are tested on Naïve Bayes and Random Forest classifiers. We extracted 49 features from 700 polymorphic computer virus samples from Netherland Net Lab and VXHeaven, which includes benign and polymorphic virus function. We spilt the dataset based on 60:40 split ratio sizes for training and testing respectively. Our proposed integrated features manage to achieve 98.9% of accuracy value.


Classification, Polymorphic Virus, Integrated Features.

Full Text:



S. Chaumette, O. Ly, and R. Tabary, “Automated extraction of polymorphic virus signatures using abstract interpretation,†Proc. - 2011 5th Int. Conf. Netw. Syst. Secure. NSS 2011, pp. 41–48, 2011.

A. A. E. Elhadi, “Malware Detection Based on Hybrid Signature Behaviour Application Programming Interface Call Graph,†Am. J. Appl. Sci., vol. 9, no. 3, pp. 283–288, 2012.

H. Lim, Y. Yamaguchi, H. Shimada, and H. Takakura, “Malware classification method based on sequence of traffic flow BT - 1st International Conference on Information Systems Security and Privacy, ICISSP 2015, February 9, 2015 - February 11, 2015,†2015, pp. 230–237.

G. Nascimento and M. Correia, “Anomaly-based intrusion detection in software as a service,†Proc. Int. Conf. Dependable Syst. Networks, pp. 19–24, 2011.

R. Islam, R. Tian, L. Batten, and S. Versteeg, “Classification of Malware Based on String and Function Feature Selection,†2010 Second Cybercrime Trust. Comput. Work., pp. 9–17, 2010.

A. Tang, S. Sethumadhavan, and S. Stolfo, “Unsupervised Anomaly-based Malware Detection using Hardware Features,†Proc. Int. Symp. Res. Attacks, Intrusion Detect., p. 1, 2014.

R. Sekar, a Gupta, J. Frullo, T. Shanbhag, a Tiwari, H. Yang, and S. Zhou, “Specification-based anomaly detection: a new approach for detecting network intrusions,†CCS ’02 Proc. 9th ACM Conf. Comput. Commun. Secur., pp. 265–274, 2002.

E. Al Daoud, I. Jebril, and B. Zaqaibeh, “Computer virus strategies and detection methods,†Int. J. Open Probl. Comput. Math., vol. 1, no. 2, pp. 122–129, 2008.

A. Techniques, “MALWARE: Threats and Attacks Part 1-D: How to protect from Malware attacks, Antivirus Techniques Malware threats and attacks,†2012.

Idika, N. (2007). A Survey of Malware Detection Techniques.

R. Islam, R. Tian, L. Batten, and S. Versteeg, “Classification of Malware Based on String and Function Feature Selection,†2010.

F. Leder, B. Steinbock, and P. Martini, "Classification and detection of metamorphic malware using value set analysis," 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), Montreal, QC, 2009, pp. 39-46.

Y. Ye, T. Li, Q. Jiang, and Y. Wang, "CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection," in IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), vol. 40, no. 3, pp. 298-307, May 2010.

K. Huang, Y. Ye and Q. Jiang, "ISMCS: An intelligent instruction sequence based malware categorization system," 2009 3rd International Conference on Anti-counterfeiting, Security, and Identification in Communication, Hong Kong, 2009, pp. 509-512.

N. Bayes, “Naive Bayes classifier,†pp. 1–9, 2006.

“VXHeaven_Dataset,†2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), 2014.

A. R. Kakad, S. G. Kamble, S. S. Bhuvad, and V. N. Malavade, “Study and Comparison of Virus Detection Techniques,†Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 4, no. 3, pp. 251–253, 2014.

R. Tian, R. Islam, L. Batten, and S. Versteeg, “Differentiating Malware from Cleanware Using Behavioural Analysis,†pp. 23–30, 2010.

R. Islam, R. Tian, L. M. Batten, and S. Versteeg, “Journal of Network and Computer Applications Classification of malware based on integrated static and dynamic features,†vol. 36, pp. 646–656, 2013.

H. Zhao, M. Xu, N. Zheng, J. Yao and Q. Ho, "Malicious Executables Classification Based on Behavioral Factor Analysis," 2010 International Conference on e-Education, e-Business, e-Management and e-Learning, Sanya, 2010, pp. 502-506.

Grégoire Jacob, Hervé Debar, Eric Filiol, "Malware detection using attribute-automata to parse abstract behavioral descriptions," CoRR abs/0902.0322, 2009.

I.R.A Hamid, N.S Khalid, N.A. Abdullah, N. H. Ab Rahman, C.C. Wen, “Android Malware Classification Using K-Means Clustering Algorithm,†2017 IOP: Conference Series: Materials Science and Engineering, Melaka, 2017, vol. 226.

A. Zulkifli, I.R.A Hamid, W.M Shah, and Z. Abdullah, “Android Malware Detection Based on Network Traffic Using Decision Tree Algorithm,†2018 International Conference on Soft Computing and Data Mining, pp. 485-494.



  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development