Title :
Unknown Malicious Executable Defection
Author_Institution :
Coll. of Comput. Sci., Beijing Univ. of Technol., Beijing
Abstract :
Anti-virus systems traditionally use signatures to detect malicious executables, but this method beyond the capability of many existing detection approaches. In this paper, we present a data mining approach to detect unknown malicious executables. The feature set is a key to applying data mining or machine learning to successfully detect malicious executables. We propose a method to extract features which are most representative of viral properties. To improve the performance of the Bayesian classifier, we present a novel algorithm called half increment naive Bayes (HIB). We also evaluate the predictive power of the classifier, and show that our classifier yields high detection rates and works at a high learning speed.
Keywords :
Bayes methods; computer viruses; data mining; learning (artificial intelligence); pattern classification; Bayesian classifier; antivirus systems; data mining; half increment naive Bayes; machine learning; unknown malicious executable detection; Application software; Data mining; Face detection; Feature extraction; Intelligent systems; Machine learning; Machine learning algorithms; Neural networks; Support vector machine classification; Support vector machines; Half Increment Naïve Bayes; feature selection; unknown malicious detection;
Conference_Titel :
Intelligent Systems Design and Applications, 2008. ISDA '08. Eighth International Conference on
Conference_Location :
Kaohsiung
Print_ISBN :
978-0-7695-3382-7
DOI :
10.1109/ISDA.2008.170
