摘要: The proliferation of malware has presented a serious threat to the security computer systems. Traditional signature-based anti-virus systems fail detect polymorphic and new, previously unseen malicious executables. In this paper, resting on analysis Windows API execution sequences called by PE files, we develop Intelligent Malware Detection System (IMDS) using Objective-Oriented Association (OOA) mining based classification. IMDS is an integrated system consisting three major modules: parser, OOA rule generator, classifier. An OOA_Fast_FP-Growth algorithm adapted efficiently generate rules for A comprehensive experimental study large collection files obtained from laboratory King-Soft Corporation performed compare various detection approaches. Promising results demonstrate that accuracy efficiency our out perform popular software such as Norton AntiVirus McAfee VirusScan, well previous data which employed Naive Bayes, Support Vector Machine (SVM) Decision Tree techniques.
acm.org
sci-hub.se 参考文章(20)
A.H. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE) annual computer security applications conference. pp. 326- 334 ,(2004) , 10.1109/CSAC.2004.37
Ramakrishnan Srikant, Rakesh Agrawal, Fast Algorithms for Mining Association Rules in Large Databases very large data bases. pp. 487- 499 ,(1994)
John Arthur Swets, Ronald M. Pickett, Evaluation of diagnostic systems : methods from signal detection theory Academic Press. ,(1982)
Mihai Christodorescu, Somesh Jha, Static analysis of executables to detect malicious patterns usenix security symposium. pp. 12- 12 ,(2003) , 10.21236/ADA449067
Vipin Kumar, Pang-Ning Tan, Michael M. Steinbach, Introduction to Data Mining ,(2013)
J.-Y. Xu, A.H. Sung, P. Chavez, S. Mukkamala, Polymorphic malicious executable scanner by API sequence analysis international conference hybrid intelligent systems. pp. 378- 383 ,(2004) , 10.1109/ICHIS.2004.75
Pang-Ning Tan, Vipin Kumar, Michael Steinbach, Introduction to Data Mining, (First Edition) Addison-Wesley Longman Publishing Co., Inc.. ,(2005)
Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandowski, Robert K. Cunningham, Detection of injected, dynamically generated, and obfuscated malicious code workshop on rapid malcode. pp. 76- 82 ,(2003) , 10.1145/948187.948201
Jiawei Han, Jian Pei, Yiwen Yin, Mining frequent patterns without candidate generation international conference on management of data. ,vol. 29, pp. 1- 12 ,(2000) , 10.1145/335191.335372
Jeremy Z. Kolter, Marcus A. Maloof, Learning to detect malicious executables in the wild knowledge discovery and data mining. pp. 470- 478 ,(2004) , 10.1145/1014052.1014105