Using RS and SVM to detect new malicious executable codes

Authors:
Boyun Zhang;Jianping Yin;Jinbo Hao
Affiliations:
School of Computer Science, National University of Defense Technology, Changsha, China;School of Computer Science, National University of Defense Technology, Changsha, China;School of Computer Science, National University of Defense Technology, Changsha, China
Venue:
RSKT'06 Proceedings of the First international conference on Rough Sets and Knowledge Technology
Year:
2006

Citing 4
Cited 0

Rough Sets: Theoretical Aspects of Reasoning about Data

Rough Sets: Theoretical Aspects of Reasoning about Data
Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Using fuzzy pattern recognition to detect unknown malicious executables code

FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part I
A fast host-based intrusion detection system using rough set theory

Transactions on Rough Sets IV

Quantified Score

Hi-index	0.00

Visualization

Abstract

A hybrid algorithm based on attribute reduction of Rough Sets(RS) and classification principles of Support Vector Machine (SVM) to detect new malicious executable codes is present. Firstly, the attribute reduction of RS has been applied as preprocessor so that we can delete redundant attributes and conflicting objects from decision making table but remain efficient information lossless. Then, we realize classification modeling and forecasting test based on SVM. By this method, we can reduce the dimension of data, decrease the complexity in the process. Finally, comparison of detection ability between the above detection method and others is given. Experiment result shows that the present method could effectively use to discriminate normal and abnormal executable codes