SUSPEND: Determining software suspiciousness by non-stationary time series modeling of entropy signals

作者：

Highlights：

• Software entropy is traditionally used for packer detection.

• Here, software entropy is represented as a non-stationary time series.

• Features are extracted using wavelets, change point models, and detrended fluctuation analysis.

• These features improve large-scale discrimination between malicious and clean files.

摘要

•Software entropy is traditionally used for packer detection.•Here, software entropy is represented as a non-stationary time series.•Features are extracted using wavelets, change point models, and detrended fluctuation analysis.•These features improve large-scale discrimination between malicious and clean files.

论文关键词：Malware,Machine learning,Time series,Wavelet,Change points,Detrended fluctuation analysis

论文评审过程：Received 26 April 2016, Revised 15 October 2016, Accepted 19 November 2016, Available online 1 December 2016, Version of Record 7 December 2016.

论文官网地址：https://doi.org/10.1016/j.eswa.2016.11.027