Using low-level dynamic attributes for malware detection based on data mining methods

Authors:
Dmitry Komashinskiy;Igor Kotenko
Affiliations:
St. Petersburg Institute for Informatics and Automation (SPIIRAS), St. Petersburg, Russia;St. Petersburg Institute for Informatics and Automation (SPIIRAS), St. Petersburg, Russia
Venue:
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Year:
2012

Citing 13
Cited 0

Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
An empirical comparison of supervised learning algorithms

ICML '06 Proceedings of the 23rd international conference on Machine learning
A scalable multi-level feature extraction technique to detect malicious executables

Information Systems Frontiers
McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Improving malware detection by applying multi-inducer ensemble

Computational Statistics & Data Analysis
Biologically inspired defenses against computer viruses

IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 1
Feature based techniques for auto-detection of novel email worms

PAKDD'07 Proceedings of the 11th Pacific-Asia conference on Advances in knowledge discovery and data mining
Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list

Journal of Intelligent Information Systems
Automatic malware categorization using cluster ensemble

Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
AccessMiner: using system-centric models for malware protection

Proceedings of the 17th ACM conference on Computer and communications security
Automatic analysis of malware behavior using machine learning

Journal of Computer Security
ELF-Miner: using structural knowledge and data mining methods to detect new (Linux) malicious executables

Knowledge and Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The modern methodologies of computer threats' detection traditionally include heuristic approaches of detecting malicious programs (malware) and their side effects. Usually these approaches are used in order to form some auxiliary classification and categorization systems which simplify procedures of processing previously unseen data sets and revealing previously non-obvious structural and behavioral dependencies for malware. Such systems have a number of issues caused by specificity of processes of their creation and functioning. One of such issues is looking for feature sets whose use increases accuracy of malware detection. The paper presents description and analysis of an approach focusing on this issue. It is based on instantiating a number of classifiers learned in a feature space representing low-level dynamic specificities of applications to be analyzed.