Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
N-Gram-Based Detection of New Malicious Code
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Static Analyzer of Vicious Executables (SAVE)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
IMDS: intelligent malware detection system
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
On Malicious Software Classification
IITAW '08 Proceedings of the 2008 International Symposium on Intelligent Information Technology Application Workshops
Improving malware detection by applying multi-inducer ensemble
Computational Statistics & Data Analysis
vEye: behavioral footprinting for self-propagating worm detection and profiling
Knowledge and Information Systems
Using API Sequence and Bayes Algorithm to Detect Suspicious Behavior
ICCSN '09 Proceedings of the 2009 International Conference on Communication Software and Networks
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Data mining methods for malware detection using instruction sequences
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
Malicious Executables Classification Based on Behavioral Factor Analysis
IC4E '10 Proceedings of the 2010 International Conference on e-Education, e-Business, e-Management and e-Learning
RBACS: Rootkit Behavioral Analysis and Classification System
WKDD '10 Proceedings of the 2010 Third International Conference on Knowledge Discovery and Data Mining
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Automatic malware categorization using cluster ensemble
Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
Fast malware classification by automated behavioral graph matching
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Classification of Malware Based on String and Function Feature Selection
CTC '10 Proceedings of the 2010 Second Cybercrime and Trustworthy Computing Workshop
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Early detection of malicious behavior in JavaScript code
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Evaluation of malware clustering based on its dynamic behaviour
AusDM '08 Proceedings of the 7th Australasian Data Mining Conference - Volume 87
| Hi-index | 0.00 |
Collection of dynamic information requires that malware be executed in a controlled environment; the malware unpacks itself as a preliminary to the execution process. On the other hand, while execution of malware is not needed in order to collect static information, the file must first be unpacked manually. None-the-less, if a file has been executed, it is possible to use both static and dynamic information in designing a single classification method. In this paper, we present the first classification method integrating static and dynamic features into a single test. Our approach improves on previous results based on individual features and reduces by half the time needed to test such features separately. Robustness to changes in malware development is tested by comparing results on two sets of malware, the first collected between 2003 and 2007, and the second collected between 2009 and 2010. When classifying the older set as compared to the entire data set, our integrated test demonstrates significantly more robustness than previous methods by losing just 2.7% in accuracy as opposed to a drop of 7%. We conclude that to achieve acceptable accuracy in classifying the latest malware, some older malware should be included in the set of data.