Title :
Neural networks for computer virus recognition
Author :
Tesauro, Gerald J. ; Kephart, Jeffrey O. ; Sorkin, Gregory B.
Author_Institution :
IBM Thomas J. Watson Res. Center, Yorktown Heights, NY, USA
fDate :
8/1/1996 12:00:00 AM
Abstract :
We have developed a neural network for generic detection of a particular class of computer viruses-the so called boot sector viruses that infect the boot sector of a floppy disk or a hard drive. This is an important and relatively tractable subproblem of generic virus detection. Only about 5% of all known viruses are boot sector viruses, yet they account for nearly 90% of all virus incidents. We have successfully deployed our neural network as a commercial product, distributing it to millions of PC users worldwide as part of the IBM AntiVirus software package. We faced several challenges in taking our neural network from a research idea to a commercial product. These included designing an appropriate input representation scheme; dealing with the scarcity of available training data; finding an appropriate trade off point between false positives and false negatives to conform to user expectations; and making the software conform to strict constraints on memory and speed of computation needed to run on PCs. The article discusses our methods for handling these challenges
Keywords :
computer bootstrapping; computer viruses; neural nets; software development management; systems analysis; IBM AntiVirus software package; PC users; boot sector viruses; commercial product; computer virus recognition; floppy disk; generic virus detection; hard drive; input representation scheme; neural network; tractable subproblem; user expectations; virus incidents; Computer networks; Computer viruses; Drives; Face detection; Floppy disks; Neural networks; Product design; Software packages; Training data; Viruses (medical);
Journal_Title :
IEEE Expert
