コンピュータ工学および情報技術ジャーナル

Significance of Feature Extraction in Classification of Rootkit Sub-Families of Malware

Prasenjit Das and Chetan Sharma

Modern malware sharing common code within sub-families, in order to nullify the anti-malware has redundant features in them. These features are added in the code to obfuscate the anti-malware. Feature selection techniques remove these redundant insignificant features from the binary exe. This leads to better classification results. We have shown experimentally that the classification of two classes of rootkit family of malware generate better accuracy when feature selection techniques have been applied. The accuracy of 84.17% as against 66.67% when feature selection is not applied shows the significance of feature selection in malware classification.