New Malicious Code Detection Based on N-Gram Analysis and Rough Set Theory

Authors:
Boyun Zhang;Jianping Yin;Jingbo Hao;Shulin Wang;Dingxing Zhang
Affiliations:
School of Computer Science, National University of Defense Technolgy, Changsha 410073, China and Department of Computer Science, Hunan Public Security College, Changsha 410138, China;School of Computer Science, National University of Defense Technolgy, Changsha 410073, China;School of Computer Science, National University of Defense Technolgy, Changsha 410073, China;School of Computer Science, National University of Defense Technolgy, Changsha 410073, China;School of Computer Science, National University of Defense Technolgy, Changsha 410073, China
Venue:
Computational Intelligence and Security
Year:
2007

Citing 3
Cited 0

Intelligent Decision Support: Handbook of Applications and Advances of the Rough Sets Theory

Intelligent Decision Support: Handbook of Applications and Advances of the Rough Sets Theory
Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Using fuzzy pattern recognition to detect unknown malicious executables code

FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part I

Quantified Score

Hi-index	0.01

Visualization

Abstract

Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the N-gram analysis. The method is based on statistical learning and not strictly dependent on certain viruses. We propose the use of rough set theory to reduce the feature dimension. An efficient implementation to calculate relative core, based on positive region definition is presented also. The k nearest neighbor and support vector machine classifiers are used to categorize a program as either normal or abnormal. The experimental results are promising and show that the proposed scheme results in low rate of false positive.