An intelligent PE-malware detection system based on association mining

@article{Ye2008AnIP,
  title={An intelligent PE-malware detection system based on association mining},
  author={Yanfang Ye and Dingding Wang and Tao Li and Dongyi Ye and Qingshan Jiang},
  journal={Journal in Computer Virology},
  year={2008},
  volume={4},
  pages={323-334}
}
The proliferation of malware has presented a serious threat to the security of computer systems. Traditional signature-based anti-virus systems fail to detect polymorphic/metamorphic and new, previously unseen malicious executables. Data mining methods such as Naive Bayes and Decision Tree have been studied on small collections of executables. In this paper, resting on the analysis of Windows APIs called by PE files, we develop the Intelligent Malware Detection System (IMDS) using Objective… 
Cluster-oriented ensemble classifiers for intelligent malware detection
TLDR
This paper develops the intelligent malware detection system using cluster-oriented ensemble classifiers, to the best of the knowledge, this is the first work of applying such method for malware detection.
Associative classification and post-processing techniques used for malware detection
Numerous attacks made by the malware have presented serious threats to the security of computer users. Unfortunately, along with the development of the malware writing techniques, the number of file
Intelligent malware detection based on file relation graphs
TLDR
This paper studies how file relation graphs can be used for malware detection and proposes a novel Belief Propagation algorithm based on the constructed graphs to detect newly unknown malware.
CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection
TLDR
The efficiency and ability of detecting malware from the "gray list" of the CIMDS system outperform popular antivirus software tools, as well as previous data-mining-based detection systems, which employed Naive Bayes, support vector machine, and decision tree techniques.
Malware Detection using Windows Api Sequence and Machine Learning
TLDR
The key novelty of the proposed malware detection system is the iterative learning process combined with the run-time monitoring of program execution behavior which makes this as a dynamic malware detection System outperforms the existing malware detection systems.
Automatic Behaviour-based Analysis and Classification System for Malware Detection
TLDR
An automatised system for malware behaviour analysis based on emulation and simulation techniques is addressed, which can also generate evidences and classify the samples with several machine-learning algorithms.
A graph mining approach for detecting unknown malwares
A Comparative Analysis of Machine Learning Techniques for Classification and Detection of Malware
TLDR
A survey that determines the best features extraction and classification methods that result in the best accuracy in detecting malware and performs a base for further research in the field of malware analysis with machine learning methods.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 39 REFERENCES
IMDS: intelligent malware detection system
TLDR
Promising experimental results demonstrate that the accuracy and efficiency of the IMDS system out perform popular anti-virus software such as Norton AntiVirus and McAfee VirusScan, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine and Decision Tree techniques.
Polymorphic malicious executable scanner by API sequence analysis
TLDR
This paper proposes a new approach for detecting polymorphic malware in the Windows platform based on an analysis based on the Windows API calling sequence that reflects the behavior of a piece of particular code.
Virus detection using data mining techinques
TLDR
An automatic heuristic method to detect unknown computer virus based on data mining techniques, namely decision tree and naive Bayesian network algorithms, is proposed and experiments are carried to evaluate the effectiveness the proposed approach.
Static analyzer of vicious executables (SAVE)
TLDR
This paper presents a robust signature-based malware detection technique, with emphasis on detecting obfuscated malware and mutated (or metamorphic) malware.
Malware Pattern Scanning Schemes Secure Against Black-box Analysis
  • E. Filiol
  • Computer Science
    Journal in Computer Virology
  • 2006
TLDR
This paper presents a new model of malware detection pattern based on Boolean functions and identifies some properties that a reliable detection pattern should have and describes a combinatorial, probabilistic malware pattern scanning scheme that can incidentally provide some useful technical information to malware crime investigators, thus allowing a faster identification of copycats.
Data mining methods for detection of new malicious executables
TLDR
This work presents a data mining framework that detects new, previously unseen malicious executables accurately and automatically and more than doubles the current detection rates for new malicious executable.
Automatic Extraction of Computer Virus SignaturesJe
TLDR
A statistical method for automatically extracting good signatures from the machine code of a virus, which obviates the need for a small army of virus analysts, permitting IBM's signature database to be maintained by a single virus expert working halftime.
Evaluation methodology and theoretical model for antiviral behavioural detection strategies
TLDR
This paper presents an evaluation methodology of the real capabilities of antivirus software with respect to the behavioral analysis and proposes a generalised, theoretical detection model which considers at the same time both form-based and function-based detection and gives some essential properties this model should exibhit to achieve a real behavioural-based Detection.
Learning to detect malicious executables in the wild
TLDR
A fielded application for detecting malicious executables in the wild is described using techniques from machine learning and data mining, and boosted decision trees outperformed other methods with an area under the roc curve of 0.996.
Static Analysis of Executables to Detect Malicious Patterns
TLDR
An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
...
1
2
3
4
...