Title :
Associative classification and post-processing techniques used for malware detection
Author :
Ye, Yanfang ; Jiang, Qingshan ; Zhuang, Weiwei
Author_Institution :
Dept. of Comput. Sci., Xiamen Univ., Xiamen
Abstract :
Numerous attacks made by the malware have presented serious threats to the security of computer users. Unfortunately, along with the development of the malware writing techniques, the number of file samples that need to be analyzed is constantly increasing on a daily basis. An automatic and robust tool to analyze and classify the file samples is the need of the hour. In this paper, resting on the analysis of Windows API execution sequences called by PE files, we use associative classification and post-processing techniques for malware detection. Promising experimental results demonstrate that the accuracy and efficiency of our malware detection method outperform popular anti-virus scanners such as Norton AntiVirus and Dr. Web, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine (SVM) and Decision Tree techniques. In particular, the post-processing techniques we adopt can greatly reduce the number of generated rules which make it easy for the human analysts to identify the useful ones.
Keywords :
application program interfaces; invasive software; pattern classification; PE files; Windows API execution sequences; antvirus scanners; associative classification; malware detection; post-processing techniques; security; Classification tree analysis; Computer science; Computer security; Data mining; Decision trees; Humans; Machine learning; Robustness; Support vector machine classification; Support vector machines; Associative Classification; Malware Detection; Post-processing; Windows API Sequence;
Conference_Titel :
Anti-counterfeiting, Security and Identification, 2008. ASID 2008. 2nd International Conference on
Conference_Location :
Guiyang
Print_ISBN :
978-1-4244-2584-6
Electronic_ISBN :
978-1-4244-2585-3
DOI :
10.1109/IWASID.2008.4688391
