Using IRP for malware detection

Authors:
FuYong Zhang;DeYu Qi;JingLin Hu
Affiliations:
Research Institute of Computer Systems at South China University of Technology, GuangZhou, GuangDong, China;Research Institute of Computer Systems at South China University of Technology, GuangZhou, GuangDong, China;Research Institute of Computer Systems at South China University of Technology, GuangZhou, GuangDong, China
Venue:
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Year:
2010

Citing 1
Cited 0

A Sense of `Danger' for Windows Processes

ICARIS '09 Proceedings of the 8th International Conference on Artificial Immune Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Run-time malware detection strategies are efficient and robust, which get more and more attention. In this paper, we use I/O Request Package (IRP) sequences for malware detection. N-gram will be used to analyze IRP sequences for feature extraction. Integrated use of Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA), we get more than 96% true positive rate and 0% false positive rate, by a selection of n-gram sequences which only exist in malware IRP sequences.