Open AccessAn Experience in Enhancing Machine Learning Classifier Against Low-Entropy Packed Malwares
Author(s) -
Shang-Wen Chen,
Tzu-Hsien Chuang,
ChinWei Tien,
ChihWei Chen
Publication year - 2021
Publication title -
computer science and information technology ( cs and it )
Language(s) - English
Resource type - Conference proceedings
DOI - 10.5121/csit.2021.110406
Subject(s) - malware , ransomware , computer science , entropy (arrow of time) , machine learning , artificial intelligence , android malware , classifier (uml) , pattern recognition (psychology) , data mining , computer security , physics , quantum mechanics
Both benign applications and malwares would take packing for their different purposes to conceal the real part of the program processes. According to recent research reports, existing machine learning (ML) approach-based malware detection engines are difficult to effectively classify the packed malwares, especially when they are in low entropy packed. Recently, we counted and found that the ratio of low-entropy packed ransomware is extremely high. This would cause a high error rate of the result on currently used ML approaches. Thus, we propose a new method to extract entropy-related features and use a stack model to build up an ML malware engine to effectively detect low-entropy packed malwares. We evaluate our method by using over 15,000 malware samples collected from VirusTotal and compare the result to related researches. This experience reports our adopted model and features can significantly lower the error rate of low-entropy packed detection from 11% to 1%.