Malware Detection by Data Mining Techniques Based on Positionally Dependent Features

@article{Komashinskiy2010MalwareDB,
  title={Malware Detection by Data Mining Techniques Based on Positionally Dependent Features},
  author={Dmitriy Komashinskiy and Igor Kotenko},
  journal={2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing},
  year={2010},
  pages={617-623}
}
  • Dmitriy Komashinskiy, Igor Kotenko
  • Published 17 February 2010
  • Computer Science
  • 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing
The challenges being thrown to modern world by the need to counteract against malicious software (malware) are going on to increase own importance. This fact stays actual, in spite of obvious great results in improving the efficacy of procedures of malware propagation detection, analysis and updating the bases of signatures and detection rules. The important aspect of this problem is looking for more reliable heuristic detection methods. These methods focus on recognition of new (unknown before… 

Figures and Tables from this paper

A Lifecycle Based Approach for Malware Analysis
  • S. Pandey, B. Mehtre
  • Computer Science
    2014 Fourth International Conference on Communication Systems and Network Technologies
  • 2014
TLDR
A new approach for malware analysis and detection that consist of the following twelve stages Inbound Scan, Inbound Attack, Spontaneous Attack, Client-Side Exploit, Egg Download, Device Infection, Local Reconnaissance, Network Surveillance, & Communications, Peer Coordination, Attack Preparation, and Malicious Outbound Propagation is proposed.
An Efficient Mining Based Approach Using PSO Selection Technique For Analysis and Detection of Obfuscated Malware
TLDR
This research focuses on improving accuracy and reducing processing time in the classification phase of malware and benign dataset by using Particle Swarm Optimization (PSO) for best attribute selection from the features set extracted from the packed and non-packed Portable Executable (PE) file format.
Learning Attack Features from Static and Dynamic Analysis of Malware
TLDR
A reverse engineering process to extract static and behavioral features from malware based on an assumption that behavior of a malware can be revealed by executing it and observing its effects on the operating environment and preliminary results indicate that BLEM2 rules may provide interesting insights for essential feature identification.
Detection of Malware and Malicious Executables Using E-Birch Algorithm
TLDR
The purpose of the research is to apply the enhanced Birch algorithm to find the malware and modified executables of Windows and Android operating system.
Dynamic Analysis of Malware using Decision Trees
TLDR
This work applied a reversed engineering process to extract static and behavioural features from malware to identify essential features and shows that Naïve Bayes classifier has better performance on the data set created from the API Call data set with 141 features.
Classification of Malware Family Using Decision Tree Algorithm
TLDR
An improve decision tree algorithm is used to classify malware correctly, and the result of accuracy on classifying into its family are higher than others machine learning being tested.
On the Comparison of Malware Detection Methods Using Data Mining with Two Feature Sets
TLDR
From the comparison experiments, it is found that the approach that considers the instruction set feature performs better and the test with the application set can give up to 100% correctness using the instructions.
Finding contextual clues to malware using a large corpus
  • N. Rowe
  • Computer Science
    2015 IEEE Symposium on Computers and Communication (ISCC)
  • 2015
TLDR
With three random subsets of the authors' corpus, methods gave 51 times better precision (fraction of malware in files identified as malware) with 70% better recall than the approach of inspecting executables alone and ran significantly faster than signature checking, and can be used before other kinds of malware analysis.
Performance of malware detection tools: A comparison
  • S. Pandey, B. Mehtre
  • Computer Science
    2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies
  • 2014
TLDR
A performance comparison of existing tools and techniques for malware detection finds that the top three tools (based on certain parameters and the given data set) are the Regshot, Process Monitor and Process Explorer.
Ensemble based categorization and adaptive model for malware detection
TLDR
An ensemble categorization is proposed by using ensemble classification and clustering together with adaptive learning model for malware detection by exploiting the vulnerability of the target victim's operating system or application.
...
1
2
3
4
...

References

SHOWING 1-10 OF 14 REFERENCES
Data mining methods for detection of new malicious executables
TLDR
This work presents a data mining framework that detects new, previously unseen malicious executables accurately and automatically and more than doubles the current detection rates for new malicious executable.
Virus detection using data mining techinques
TLDR
An automatic heuristic method to detect unknown computer virus based on data mining techniques, namely decision tree and naive Bayesian network algorithms, is proposed and experiments are carried to evaluate the effectiveness the proposed approach.
Efficient Virus Detection Using Dynamic Instruction Sequences
TLDR
A novel approach to detect unknown virus using dynamic instruction sequences mining techniques and building a program monitor which is able to capture runtime instruction sequences of an arbitrary program is presented.
Using Support Vector Machine to Detect Unknown Computer Viruses
TLDR
It is found that the detection system based on SVM needs less priori knowledge than other methods and can shorten the training time under the same detection performance condition.
Learning to detect malicious executables in the wild
TLDR
A fielded application for detecting malicious executables in the wild is described using techniques from machine learning and data mining, and boosted decision trees outperformed other methods with an area under the roc curve of 0.996.
Intrusion detection using data mining techniques
TLDR
This work aims to use data mining techniques including classification tree and support vector machines for intrusion detection, and results indicate, C4.5 algorithm is better than SVM in detecting network intrusions and false alarm rate in KDD CUP 99 dataset.
The Handbook of Data Mining
  • N. Ye
  • Computer Science
  • 2003
TLDR
This chapter discusses the methodology and applications of Data Mining, as well as the management of data mining, in the context of distributed data mining.
The Power of Decision Tables
TLDR
Experimental results show that on artificial and real-world domains containing only discrete features, IDTM, an algorithm inducing decision tables, can sometimes outperform state-of-the-art algorithms such as C4.5.
Programs for Machine Learning
TLDR
In his new book, C4.5: Programs for Machine Learning, Quinlan has put together a definitive, much needed description of his complete system, including the latest developments, which will be a welcome addition to the library of many researchers and students.
Random Forests
TLDR
Internal estimates monitor error, strength, and correlation and these are used to show the response to increasing the number of features used in the forest, and are also applicable to regression.
...
1
2
...