Title

Data Mining Methods For Malware Detection Using Instruction Sequences

Keywords

Binary classification; Data mining; Disassembly; Instruction sequences; Malware detection; Static analysis

Abstract

Malicious programs pose a serious threat to computer security. Traditional approaches using signatures to detect malicious programs pose little danger to new and unseen programs whose signatures are not available. The focus of the research is shifting fromusing signature patterns to identify a specific malicious program and/or its variants to discover the general malicious behavior in the programs. This paper presents a novel idea of automatically identifying critical instruction sequences that can classify between malicious and clean programs using data mining techniques. Based upon general statistics gathered from these instruction sequences we formulated the problem as a binary classification problem and built logistic regression, neural networks and decision tree models. Our approach showed 98.4% detectionrate on new programs whose data was not used in the model building process.

Publication Date

12-1-2008

Publication Title

Proceedings of the IASTED International Conference on Artificial Intelligence and Applications, AIA 2008

Number of Pages

358-363

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

Socpus ID

62849117735 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/62849117735

This document is currently not available here.

Share

COinS