Title :
A Virus Prevention Model Based on Static Analysis and Data Mining Methods
Author :
Wang, Tzu-Yen ; Wu, Chin-Hsiung ; Hsieh, Chu-Cheng
Author_Institution :
Dept. of Comput. Sci., Nat. Chiao Tung Univ., Hsinchu
Abstract :
Owing to the lack of prevention ability of traditional anti-virus methods, a behavior-based virus prevention model for detecting unknown virus is proposed in this study. We first defined the behaviors of an executable by observing its usage of dynamically linked libraries and Application Programming Interfaces. Then, information gain and support vector machines were applied to filter out the redundant behavior attributes and select informative feature for training a virus classifier. The performance of our model was evaluated by a dataset contains 1,758 benign executables and 846 viruses. The experiment results are promising, and the overall accuracies are 99% and 96.66% for detecting the known viruses and the previously unseen viruses respectively.
Keywords :
application program interfaces; computer viruses; data mining; program diagnostics; support vector machines; application programming interfaces; behavior-based virus prevention model; data mining; dynamically linked libraries; information gain; static analysis; support vector machine; unknown virus detection; behavior-based; information gain; static analysis; support vector machines; virus prevention;
Conference_Titel :
Computer and Information Technology Workshops, 2008. CIT Workshops 2008. IEEE 8th International Conference on
Conference_Location :
Sydney, QLD
Print_ISBN :
978-0-7695-3242-4
Electronic_ISBN :
978-0-7695-3239-1
DOI :
10.1109/CIT.2008.Workshops.102
