Malicious Codes Re-grouping Methods using Fuzzy Clustering based on Native API Frequency
作者: O-chul Kwon , Seong-jae Bae , Jae-ik Cho , Jung-sub Moon , None
DOI:
关键词: Detection rate 、 Data mining 、 Population data 、 Fuzzy clustering 、 Native API 、 Authentication 、 Computer science 、 Supervised learning 、 System call
摘要: The Native API is a system call which can only be accessed with the authentication of administrator. It used to detect variety malicious codes executed administrator's authority. Therefore, much research being done on detection methods using characteristics API. Most these researches are by supervised learning machine learning. However, classification standards Anti-Virus companies do not reflect As result population data in accurate. more needed topic for detection. This paper proposes method re-grouping fuzzy clustering standard. accuracy proposed uses compare rates previous classifying evaluation.
koreascience.or.kr
koreascience.kr参考文章(11)
Aditya P. Mathur, Nwokedi Idika, A Survey of Malware Detection Techniques ,(2007)
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Steven L. Salzberg, Alberto Segre, Programs for Machine Learning ,(1994)
Niranjan K. Boora, Chiranjib Bhattacharyya, K. Gopinath, Efficient Algorithms for Intrusion Detection Distributed Computing and Internet Technology. pp. 346- 352 ,(2004) , 10.1007/978-3-540-30555-2_40
A.A. Abimbola, J.M. Munoz, W.J. Buchanan, NetHost-sensor: Monitoring a target host's application via system calls Information Security Technical Report. ,vol. 11, pp. 166- 175 ,(2006) , 10.1016/J.ISTR.2006.10.003
Yoon-Keun Oh, Seung-Hyun Paek, Do-Hoon Lee, JooBeom Yun, The Architecture of Host-based Intrusion Detection Model Generation System for the Frequency Per System Call international conference on hybrid information technology. ,vol. 2, pp. 277- 283 ,(2006) , 10.1109/ICHIT.2006.235
Yihua Liao, V.Rao Vemuri, Use of K-Nearest Neighbor classifier for intrusion detection11An earlier version of this paper is to appear in the Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, August 2002 Computers & Security. ,vol. 21, pp. 439- 448 ,(2002) , 10.1016/S0167-4048(02)00514-X
Sung-Bae Cho, Hyuk-Jang Park, Efficient anomaly detection by modeling privilege flows using hidden Markov model Computers & Security. ,vol. 22, pp. 45- 55 ,(2003) , 10.1016/S0167-4048(03)00112-3
Nong Ye, Xiangyang Li, Qiang Chen, S.M. Emran, Mingming Xu, Probabilistic techniques for intrusion detection based on computer audit data systems man and cybernetics. ,vol. 31, pp. 266- 274 ,(2001) , 10.1109/3468.935043
Miao Wang, Jingjing Yu, Cheng Zhang, Native API based Windows anomaly intrusion detection method using SVM sensor networks ubiquitous and trustworthy computing. ,vol. 1, pp. 514- 519 ,(2006) , 10.1109/SUTC.2006.95