Browsing by Author "Kaawaase, Kyanda Swaib"
Now showing 1 - 5 of 5
Results Per Page
Sort Options
Item Improvement of Malware Classification Using Hybrid Feature Engineering(SN Computer Science, 2020) Masabo, Emmanuel; Kaawaase, Kyanda Swaib; Sansa‑Otim, Julianne; Ngubiri, John; Hanyurwimfura, DamienPolymorphic malware has evolved as a major threat in Computer Systems. Their creation technology is constantly evolving using sophisticated tactics to create multiple instances of the existing ones. Current solutions are not yet able to sufficiently address this problem. They are mostly signature based; however, a changing malware means a changing signature. They, therefore, easily evade detection. Classifying them into their respective families is also hard, thus making elimination harder. In this paper, we propose a new feature engineering (NFE) approach for a better classification of polymorphic malware based on a hybrid of structural and behavioural features. We use accuracy, recall, precision, and F score to evaluate our approach. We achieve an improvement of 12% on accuracy between raw features and NFE features. We also demonstrated the robustness of NFE on feature selection as compared to other feature selection techniques.Item Integrated Feature Extraction Approach Towards Detection of Polymorphic Malware In Executable Files(International Journal of Computer Science and Security (IJCSS, 2016) Masabo, Emmanuel; Kaawaase, Kyanda Swaib; Sansa-Otim, Julianne; Hanyurwimfura, DamienSome malware are sophisticated with polymorphic techniques such as self-mutation and emulation based analysis evasion. Most anti-malware techniques are overwhelmed by the polymorphic malware threats that self-mutate with different variants at every attack. This research aims to contribute to the detection of malicious codes, especially polymorphic malware by utilizing advanced static and advanced dynamic analyses for extraction of more informative key features of a malware through code analysis, memory analysis and behavioral analysis. Correlation based feature selection algorithm will be used to transform features; i.e. filtering and selecting optimal and relevant features. A machine learning technique called K-Nearest Neighbor (K-NN) will be used for classification and detection of polymorphic malware. Evaluation of results will be based on the following measurement metrics—True Positive Rate (TPR), False Positive Rate (FPR) and the overall detection accuracy of experimentsItem Pricing Scheme for Heterogeneous Multiserver Cloud Computing System(Australasian Journal of Computer Science, 2017) Nansamba, Barbara; Kaawaase, Kyanda Swaib; Okopa, Michael; Asingwire, Barbara K.Previous works on pricing in cloud computing environments assumed cloud servers are homogeneous. The assumption of homogeneous servers was not realistic and cannot accurately model practical deployment scenarios of cloud servers since cloud providers deploy heterogeneous servers with different service rates and capacities. The objective of this study was to model a pricing scheme for heterogeneous cloud computing servers based on response time and slow down. To overcome the above challenge, this study proposed a pricing model for heterogeneous multiserver cloud computing system. Heterogeneous multiserver cloud computing systems had different capacities in terms of service rate and processing power. The proposed pricing mechanism was charged based on mean response time and mean slowdown. Mean slowdown was introduced as a performance metric because it was representative of the size of all requests in the system unlike mean response time used in previous studies which was representative of the size of requests which were larger in size and not representative of all requests. Queueing theory was employed to derive expressions for revenue in terms of mean response time and mean slowdown. The performance of the heterogeneous multiserver system was compared to homogeneous system using MATLAB. Numerical results showed that heterogeneous multiserver system generated more revenue than homogeneous multiserver system especially at high load and high arrival rate values for both pricing mechanisms based on response time and slow down. It was further observed that more revenue generated when mean slowdown was used as a charging metric than when mean response time was used, especially at high load values and high arrival rates. Heterogeneous multiserver system generated more revenue than homogeneous multiserver system. In addition, mean slowdown generated more revenue when used as a charging metric than mean response time.Item A State of the Art Survey on Polymorphic Malware Analysis and Detection Techniques(Journal of Soft Computing, 2018) Masabo, Emmanuel; Kaawaase, Kyanda Swaib; Sansa-Otim, Julianne; Ngubiri, John; Hanyurwimfura, DamienNowadays, systems are under serious security threats caused by malicious software, commonly known as malware. Such malwares are sophisticatedly created with advanced techniques that make them hard to analyse and detect, thus causing a lot of damages. Polymorphism is one of the advanced techniques by which malware change their identity on each time they attack. This paper presents a detailed systematic and critical review that explores the available literature, and outlines the research efforts that have been made in relation to polymorphic malware analysis and their detection.Item Structural Feature Engineering approach for detecting polymorphic malware(IEEE, 2017) Masabo, Emmanuel; Kaawaase, Kyanda Swaib; Sansa-Otim, Julianne; Hanyurwimfura, DamienCurrently, malware are distributed in a polymorphic form. There are very smart and obfuscated. This serves the purpose of hardening detection or simply making it impossible. Researchers have mainly resorted to static analysis, dynamic analysis or a combination of both in attempting to find advanced solutions to polymorphic malware detection problems. This paper presents a novel simple feature engineering approach in terms of extracting, analyzing and processing static based features for efficient detection of polymorphic malware. K-NN algorithm is used to build the detection model. Our experiments achieve a detection accuracy of 98.7% with 0.014% False Positive Rate (FPR) on a relatively small dataset.