Change search
ReferencesLink to record
Permanent link

Direct link
Detecting Scareware by Mining Variable Length Instruction Sequences
Responsible organisation
2011 (English)Conference paper (Refereed) Published
Abstract [en]

Scareware is a recent type of malicious software that may pose financial and privacy-related threats to novice users. Traditional countermeasures, such as anti-virus software, require regular updates and often lack the capability of detecting novel (unseen) instances. This paper presents a scareware detection method that is based on the application of machine learning algorithms to learn patterns in extracted variable length opcode sequences derived from instruction sequences of binary files. The patterns are then used to classify software as legitimate or scareware but they may also reveal interpretable behavior that is unique to either type of software. We have obtained a large number of real world scareware applications and designed a data set with 550 scareware instances and 250 benign instances. The experimental results show that several common data mining algorithms are able to generate accurate models from the data set. The Random Forest algorithm is shown to outperform the other algorithms in the experiment. Essentially, our study shows that, even though the differences between scareware and legitimate software are subtler than between, say, viruses and legitimate software, the same type of machine learning approach can be used in both of these dissimilar cases.

Place, publisher, year, edition, pages
Johannesburg: IEEE Press , 2011.
Keyword [en]
Scareware, Instruction Sequences, Classification
National Category
Computer Science
URN: urn:nbn:se:bth-7464Local ID: 978-1-4577-1482-5OAI: diva2:835086
Information Security for South Africa
Available from: 2012-09-18 Created: 2011-08-30 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(234 kB)52 downloads
File information
File name FULLTEXT01.pdfFile size 234 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Lavesson, Niklas
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 52 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 26 hits
ReferencesLink to record
Permanent link

Direct link