A Chronological Evaluation of Unknown Malcode Detection

Authors:
Robert Moskovitch;Clint Feher;Yuval Elovici
Affiliations:
Deutsche Telekom Laboratories at Ben Gurion University, Ben Gurion Univsersity of the negev, Beer Sheva, Israel 84105;Deutsche Telekom Laboratories at Ben Gurion University, Ben Gurion Univsersity of the negev, Beer Sheva, Israel 84105;Deutsche Telekom Laboratories at Ben Gurion University, Ben Gurion Univsersity of the negev, Beer Sheva, Israel 84105
Venue:
PAISI '09 Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics
Year:
2009

Citing 10
Cited 1

C4.5: programs for machine learning

C4.5: programs for machine learning
On the Optimality of the Simple Bayesian Classifier under Zero-One Loss

Machine Learning - Special issue on learning with probabilistic representations
Machine Learning

Machine Learning
Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
N-Gram-Based Detection of New Malicious Code

COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Malware prevalence in the KaZaA file-sharing network

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
A Feature Selection and Evaluation Scheme for Computer Virus Detection

ICDM '06 Proceedings of the Sixth International Conference on Data Mining
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Learning to Detect and Classify Malicious Executables in the Wild

The Journal of Machine Learning Research

The proactivity of Perceptron derived algorithms in malware detection

Journal in Computer Virology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Signature-based anti-viruses are very accurate, but are limited in detecting new malicious code. Dozens of new malicious codes are created every day, and the rate is expected to increase in coming years. To extend the generalization to detect unknown malicious code, heuristic methods are used; however, these are not successful enough. Recently, classification algorithms were used successfully for the detection of unknown malicious code. In this paper we describe the methodology of detection of malicious code based on static analysis and a chronological evaluation, in which a classifier is trained on files till year k and tested on the following years. The evaluation was performed in two setups, in which the percentage of the malicious files in the training set was 50% and 16%. Using 16% malicious files in the training set for some classifiers showed a trend, in which the performance improves as the training set is more updated.