A fast malware detection algorithm based on objective-oriented association mining
作者: Yuxin Ding , Xuebing Yuan , Ke Tang , Xiao Xiao , Yibin Zhang
DOI: 10.1016/J.COSE.2013.08.008
关键词:
摘要: Objective-oriented association (OOA) mining has been successfully applied in malware detection. One problem of OOA is that the number rules very large, and many are redundant have little capacity to distinguish from benign files. This circumstance seriously affects running speed for In this paper, an API (Application Programming Interface)-based method proposed detecting malware. To increase detection OOA, different strategies presented: improve rule quality, criteria selection remove APIs cannot become frequent items; find strong discrimination power, we define utility evaluate rules; accuracy, a classification based on multiple adopted. The experiments show can significantly OOA. our time cost data reduced by thirty-two percent, fifty percent.
acm.org
elsevier.com
sci-hub.se 参考文章(34)
Tal Garfinkel, Keith Adams, Jason Franklin, Andrew Warfield, Compatibility is not transparency: VMM detection myths and realities HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems. pp. 6- ,(2007)
N. Tawbi, M. Debbabi, J. Desharnais, Y. Lavoie, J. Bergeron, M. M. Erhioui, Static Detection of Malicious Code in Executable Programs ,(2000)
Virginia Ann Johnson, A state of the art survey Diamond ordnance fuze laboratories. ,(1962)
A.H. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE) annual computer security applications conference. pp. 326- 334 ,(2004) , 10.1109/CSAC.2004.37
Subrat Kumar Dash, Krupa Sagar Reddy, Arun K. Pujari, Episode Based Masquerade Detection Information Systems Security. pp. 251- 262 ,(2005) , 10.1007/11593980_19
Ed Skoudis, Lenny Zeltser, Malware: Fighting Malicious Code ,(2003)
Fredrik Valeur, Christopher Kruegel, Giovanni Vigna, William Robertson, Static disassembly of obfuscated binaries usenix security symposium. pp. 18- 18 ,(2004)
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Jiawei Han, Xiaoxin Yin, CPAR: Classification based on Predictive Association Rules. siam international conference on data mining. pp. 331- 335 ,(2003)
Mihai Christodorescu, Somesh Jha, Testing malware detectors international symposium on software testing and analysis. ,vol. 29, pp. 34- 44 ,(2004) , 10.1145/1007512.1007518