IMDS: intelligent malware detection system

@inproceedings{Ye2007IMDSIM,
  title={IMDS: intelligent malware detection system},
  author={Yanfang Ye and Dingding Wang and Tao Li and Dongyi Ye},
  booktitle={KDD '07},
  year={2007}
}
The proliferation of malware has presented a serious threat to the security of computer systems. [] Key Method IMDS is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier. An OOA_Fast_FP-Growth algorithm is adapted to efficiently generate OOA rules for classification. A comprehensive experimental study on a large collection of PE files obtained from the anti-virus laboratory of King-Soft Corporation is performed to compare various malware detection…

Figures and Tables from this paper

An intelligent PE-malware detection system based on association mining
TLDR
The Intelligent Malware Detection System (IMDS) is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier, and an OOA_Fast_FP-Growth algorithm is adapted to efficiently generate OOA rules for classification.
Classification of Malware based on Data Mining Approach
TLDR
The Intelligent Malware Detection System (IMDS) is developed using ObjectiveOriented Association (OOA) mining based classification, an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier.
Associative classification and post-processing techniques used for malware detection
Numerous attacks made by the malware have presented serious threats to the security of computer users. Unfortunately, along with the development of the malware writing techniques, the number of file
CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection
TLDR
The efficiency and ability of detecting malware from the "gray list" of the CIMDS system outperform popular antivirus software tools, as well as previous data-mining-based detection systems, which employed Naive Bayes, support vector machine, and decision tree techniques.
To Incorporate Sequential Dynamic Features in Malware Detection Engines
TLDR
This paper proposes a novel feature extraction approach for modeling malwares' behavior which utilizes N-grams method to preserve call ordering sequence of API's.
A review of polymorphic malware detection techniques
TLDR
A brief review of the latest applied techniques against this type of malware with more focus on the machine learning method for analysing and detecting polymorphic malware is presented.
Cluster-oriented ensemble classifiers for intelligent malware detection
TLDR
This paper develops the intelligent malware detection system using cluster-oriented ensemble classifiers, to the best of the knowledge, this is the first work of applying such method for malware detection.
Intelligent malware detection based on file relation graphs
TLDR
This paper studies how file relation graphs can be used for malware detection and proposes a novel Belief Propagation algorithm based on the constructed graphs to detect newly unknown malware.
HDM-Analyser: a hybrid analysis approach based on data mining techniques for malware detection
TLDR
A novel hybrid approach, HDM-Analyser, is presented which takes advantages of dynamic and static analysis methods for rising speed while preserving the accuracy in a reasonable level and achieves better overall accuracy and time complexity than static and dynamic analysis methods.
Malware Detection using Windows Api Sequence and Machine Learning
TLDR
The key novelty of the proposed malware detection system is the iterative learning process combined with the run-time monitoring of program execution behavior which makes this as a dynamic malware detection System outperforms the existing malware detection systems.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 24 REFERENCES
Polymorphic malicious executable scanner by API sequence analysis
TLDR
This paper proposes a new approach for detecting polymorphic malware in the Windows platform based on an analysis based on the Windows API calling sequence that reflects the behavior of a piece of particular code.
Static analyzer of vicious executables (SAVE)
TLDR
This paper presents a robust signature-based malware detection technique, with emphasis on detecting obfuscated malware and mutated (or metamorphic) malware.
Virus detection using data mining techinques
TLDR
An automatic heuristic method to detect unknown computer virus based on data mining techniques, namely decision tree and naive Bayesian network algorithms, is proposed and experiments are carried to evaluate the effectiveness the proposed approach.
Automatic Extraction of Computer Virus SignaturesJe
TLDR
A statistical method for automatically extracting good signatures from the machine code of a virus, which obviates the need for a small army of virus analysts, permitting IBM's signature database to be maintained by a single virus expert working halftime.
Data mining methods for detection of new malicious executables
TLDR
This work presents a data mining framework that detects new, previously unseen malicious executables accurately and automatically and more than doubles the current detection rates for new malicious executable.
Static Analysis of Executables to Detect Malicious Patterns
TLDR
An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
Learning to detect malicious executables in the wild
TLDR
A fielded application for detecting malicious executables in the wild is described using techniques from machine learning and data mining, and boosted decision trees outperformed other methods with an area under the roc curve of 0.996.
Detection of injected, dynamically generated, and obfuscated malicious code
TLDR
DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, and then monitors the executables at runtime to verify that every observed system call is made from a location identified using static analysis.
Mining Frequent Patterns in an FP-tree Without Conditional FP-tree Generation
TLDR
The structure of a traditional FP-tree is improved and an efficient frequent pattern-mining algorithm based on constrained sub-tree (consisting of three small arrays) is proposed, which greatly improves the mining efficiency in both time and space.
Integrating Classification and Association Rule Mining
TLDR
The integration is done by focusing on mining a special subset of association rules, called class association rules (CARs), and shows that the classifier built this way is more accurate than that produced by the state-of-the-art classification system C4.5.
...
1
2
3
...