Abstract

The advent of internet protocol version 6 (IPv6) as a replacement of internet protocol version 4 (ipv4) has raised the necessity for efficient and effective malware detection techniques for IPv6 networks. Because of the evolvable and polymorphic malware, current malware detection technologies cannot cope with the exponential growth of malwares. This paper proposes a new intelligent approach based on adapted evolving classification function, for malware detection in dual stackIPv4/IPv6 networks, the proposed integrated approach consist of three modules, the first module is a malware portable executable (PE) file analyzer which generates a features of a malware from its executable file; the second module is a feature selector which selects the most important and informative features; and third module is an adapted evolving classification function that uses genetic algorithm to detect the malware in evolvable manner. A controlled environment of a dual stack IP4/IPv6 network was deployed to conduct a comprehensive experiment to validate our proposed intelligent malware detection approach. It is demonstrated, through experiments, that the proposed evolutionary approach for malware detection in dual stack IPv4/IPv6 networks successfully evolved, and detect known and new, previously-unseen malware with high detection accuracy of 98.59% and low false positive rate of 0.26.

Key words: Malware detection, evolving classification, genetic algorithm.