Intelligent automatic malicious code signatures extraction

@article{Deng2003IntelligentAM,
  title={Intelligent automatic malicious code signatures extraction},
  author={Peter Shaohua Deng and Jau-Hwang Wang and Wen-Gong Shieh and Chin-Pin Yen and Cheng-Tan Tung},
  journal={IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.},
  year={2003},
  pages={600-603}
}
  • P. Deng, Jau-Hwang Wang, C. Tung
  • Published 14 October 2003
  • Computer Science
  • IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings.
The computer malicious executable code has been with us for a quite long time. Since computer hardware and Internet is growing so fast today, security threats of malicious executable code are getting more serious. Basically, malicious executable codes are categorized into three kinds. The first is called virus, which always infect other benign programs. The second is called Trojan which always masquerade its malicious executable code inside a usefully utility or freeware program. And the last… 
Malware detection method based on the control-flow construct feature of software
TLDR
Experimental results illustrate that the proposed feature-selection approach can achieve the 97.0% malware detection accuracy and 3.2% false positive rate with the Random Forest classifier.
An unknown malware detection scheme based on the features of graph
TLDR
The function call graph of an executable, which includes the functions and the call relations between them, is selected as the representation of the executable in this method, and it can achieve as high as 96.8% accuracy.
Static detection and identification of X86 malicious executables: A multidisciplinary approach
TLDR
A novel approach to detect malicious executables in the network layer using a combination of techniques from bioinformatics, data mining and information retrieval and showed that 95% accuracy of detection is possible with an identification rate of 83%.
A malware detection model based on a negative selection algorithm with penalty factor
TLDR
Experimental results confirm that the proposed malware detection model achieves a better true positive rate on completely unknown malware and a better generalization ability while keeping a low false positive rate.
Generic unpacking techniques
  • K. Babar, Faiza Khalid
  • Computer Science, Business
    2009 2nd International Conference on Computer, Control and Communication
  • 2009
TLDR
A comprehensive summary of the currently published prevalent generic unpacking techniques and their effectiveness at dealing with the spreading nuisance of packed malware is provided.
Applied artificial immune on P2P network virus detection technology for information security
TLDR
An improved distributed network detection model of P2P network using immune and virus code relevance is proposed and the feature detection function and various parts such as feature extraction and information fusion are described.
Design and implementation of a malware detection system based on network behavior
TLDR
The proposed new method will detect the specific network behavior characteristics on three different stages as connection establishment, operating control, and connection maintenance, and a final detection decision will be concluded according to the results detected in the different stages before.
Design and implementation of a malware detection system based on network behavior
TLDR
The proposed new method will detect the specific network behavior characteristics on three different stages as connection establishment, operating control, and connection maintenance, and a final detection decision will be concluded according to the results detected in the different stages before.
A Hierarchical Artificial Immune Model for Virus Detection
TLDR
Experimental results indicate that the proposed AIS model can recognize obfuscated viruses efficiently with an averaged recognition rate of 94%, including new variants of viruses and unknown viruses.
...
1
2
...

References

SHOWING 1-10 OF 17 REFERENCES
Data mining methods for detection of new malicious executables
TLDR
This work presents a data mining framework that detects new, previously unseen malicious executables accurately and automatically and more than doubles the current detection rates for new malicious executable.
Automated assistance for detecting malicious code
TLDR
The MCT is a semi-automated tool that is capable of detecting many types of malicious code, such as viruses, Trojan horses, and time/logic bombs and allows security analysts to check a program before installation, thereby avoiding any damage a malicious program might inflict.
Neural networks for computer virus recognition
TLDR
The article discusses the methods for handling several challenges in taking the neural network from a research idea to a commercial product, including designing an appropriate input representation scheme; dealing with the scarcity of available training data; and making the software conform to strict constraints on memory and speed of computation needed to run on PCs.
Computer virus prevention and containment on mainframes
  • G.M. Al-Dossary
  • Computer Science
    Proceedings. International Carnahan Conference on Security Technology
  • 1989
TLDR
It is concluded that no working computer system is impregnable but that much can be done by industry to make most computer systems less inviting to attacks from viruses.
AUTOMATICALLY GENERATED WIN32 HEURISTIC VIRUS DETECTION
TLDR
This work automatically construct multiple neural network classifiers which can detect unknown Win32 viruses, following a technique described in previous work on boot virus heuristics, by combining the individual classifier outputs using a voting procedure.
Open Problems in Computer Virus Research
TLDR
This paper examines several open research problems in the area of protection from computer viruses, and suggests possible approaches to deal with these problems.
A data mining framework for building intrusion detection models
  • Wenke Lee, S. Stolfo, K. Mok
  • Computer Science
    Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)
  • 1999
TLDR
A data mining framework for adaptively building Intrusion Detection (ID) models is described, to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities.
Measuring and modeling computer virus prevalence
  • J. Kephart, S. R. White
  • Computer Science
    Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1993
TLDR
A statistical analysis of computer virus incidents in a large, stable sample population of PCs and new epidemiological models of virus spread are conducted and incorporated into a cost-effective anti-virus policy for organizations.
Exploring computer viruses
  • R. Davis
  • Computer Science
    [Proceedings 1988] Fourth Aerospace Computer Security Applications
  • 1988
The author presents some thoughts on viruses and explores the anatomy of a sample computer virus. He details, using C language programs, some of the fundamental parts associated with viruses and how
Blueprint for a Computer Immune System
TLDR
An immune system for computers that senses the presence of a previously unknown pathogen, and within minutes automatically automatically automatically generates and deploys a prescription for Entecting and removing it.
...
1
2
...