Title

Detecting Internet Worms Using Data Mining Techniques

Keywords

Binary classification; Data mining; Disassembly; Instruction sequences; Static analysis; Worm detection

Abstract

Internet worms pose a serious threat to computer security. Traditional approaches using signatures to detect worms pose little danger to the zero day attacks. The focus of malware research is shifting from using signature patterns to identifying the malicious behavior displayed by the malwares. This paper presents a novel idea of extracting variable length instruction sequences that can identify worms from clean programs using data mining techniques. The analysis is facilitated by the program control flow information contained in the instruction sequences. Based upon general statistics gathered from these instruction sequences we formulated the problem as a binary classification problem and built tree based classifiers including decision tree, bagging and random forest. Our approach showed 95.6% detection rate on novel worms whose data was not used in the model building process. Copyright © 2008 by the International Institute of Informatics and Systemics.

Publication Date

12-1-2008

Publication Title

IMETI 2008 - International Multi-Conference on Engineering and Technological Innovation, Proceedings

Volume

1

Number of Pages

129-134

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

Socpus ID

84893199469 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84893199469

This document is currently not available here.

Share

COinS