Abstract
Conference Title: 2018 10th Computer Science and Electronic Engineering (CEEC) Conference Start Date: 2018, Sept. 19 Conference End Date: 2018, Sept. 21 Conference Location: Colchester, United Kingdom Mutable malware including metamorphic malware evades detection by mutating and altering its code structure in each infection. To provide a first line of defense against malware, this paper proposes a strategy to detect the malware contents at the network level as the first line of defense to protect systems connected to the network from being infected. This detection strategy is a combination of machine learning classification and malware sub-signature. This allows the detection of mutated malware from packet payload. To detect previously unseen or mutated malware, the frequency distribution of informative inherited mutated (n-gram) malware features are extracted. These extracted features are then classified using Support Vector Machine classifier. The proposed technique has been tested and verified using (DARPA, and metamorphic malware dataset) for the packet level and flow level. Experimental results showed that the proposed technique has been detected and dropped more than 97% of malware packets as well as metamorphic malware packets in the network level with low FPR around 3⊠10-3.