Title

Efficient Virus Detection Using Dynamic Instruction Sequences

Keywords

Data mining; Feature selection; Instruction sequence; Malicious software; Virus detection

Abstract

In this paper, we present a novel approach to detect unknown virus using dynamic instruction sequences mining techniques. We collect runtime instruction sequences from unknown executables and organize instruction sequences into basic blocks. We extract instruction sequence patterns based on three types of instruction associations within derived basic blocks. Following a data mining process, we perform feature extraction, feature selection and then build a classification model to learn instruction association patterns from both benign and malicious dataset automatically. By applying this classification model, we can predict the nature of an unknown program. We also build a program monitor which is able to capture runtime instruction sequences of an arbitrary program. The monitor utilizes the derived classification model to make an intelligent guess based on the information extracted from instruction sequences to decide whether the tested program is benign or malicious. Our result shows that our approach is accurate, reliable and efficient. © 2009 ACADEMY PUBLISHER.

Publication Date

1-1-2009

Publication Title

Journal of Computers

Volume

4

Issue

5

Number of Pages

405-414

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.4304/jcp.4.5.405-414

Socpus ID

77952602657 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/77952602657

This document is currently not available here.

Share

COinS