OS X Malware Dataset – 2018

Introduction:

Malicious software (malware) is a serious threat to the security of computing systems. The increasing Mac OS X market size (second after Microsoft Windows) and its fast adoption rate motivate cyber threat actors to shift their focus to developing OS X malware. The “myth” that OS X is a more secure system only further increases malware success rate. For example, the OS X Flashback Trojan successfully infected over 700,000 machines in 2012.

This project aims to generate a state-of-the-art dataset for OS X malware detection based on the Radial Base Function (RBF) using machine learning (more specifically, using SVM technique). This provides a novel measure based on the application’s library calls to detect malware from benign samples. Test results indicated that increasing sample size increased the detection accuracy, but decreased the FPR. Combining static and dynamic features, using other techniques such as fuzzy classification and deep learning can increase the performance

Dataset Details:

This dataset includes 152 malware samples. These samples were collected between Jan 2012 and June 2016, thus the OS versions which can run them are in the following order:

  • OS X 10.8 (Mountain Lion)
  • OS X 10.9 (Mavericks)
  • OS X 10.10 (Yosemite)
  • OS X 10.11 (El Clapton)

Duplicate samples were detected by performing a SHA-256 hash comparison and removed from the datasets. Among the malware in our dataset are the following known OS X malware:

  • WireLurker
  • MacVX
  • LaoShu
  • Kitmos

To ensure that the dataset is unbiased, three times (456) goodware was used in the dataset.

Acknowledgements:

We thank VirusTotal for providing us with a private API key to access their data for constructing our dataset. This work is partially supported by the European Council International Incoming Fellowship (FP7-PEOPLE-2013-IIF) grant.

Citations:

Plain Text:

Haddadpajouh, Hamed & Dehghantanha, Ali & Khayami, Raouf & Choo, Kim-Kwang Raymond. (2018). Intelligent OS X malware threat detection with code inspection. Journal of Computer Virology and Hacking Techniques. 14. 10.1007/s11416-017-0307-5.

BibText:

​​@article{article, author = {Haddadpajouh, Hamed and Dehghantanha, Ali and Khayami, Raouf and Choo, Kim-Kwang Raymond}, year = {2018}, month = {08}, pages = {}, title = {Intelligent OS X malware threat detection with code inspection}, volume = {14}, journal = {ournal of Computer Virology and Hacking Techniques}, doi = {10.1007/s11416-017-0307-5}}

Download dataset: https://github.com/CyberScienceLab/Our-Datasets/tree/master/OSX