Title :
Malware Detection via Classifying with Compression
Author :
Gong, Tao ; Tan, Xiaobin ; Zhu, Ming
Author_Institution :
Dept. of Autom., Univ. of Sci. & Technol. of China, Hefei, China
Abstract :
The proliferation of malware has been causing great harm to computer and information systems. Traditional signature-based approaches fail to detect obfuscated malware and unknown malware. We present a preliminary study on classifying with compression of program instructions for malware detection. The code structure information was utilized to compress. The disassembled code is converted to its intermediate representation. We extract the opcode to form the stream for prediction by partial matching (PPM). The binaries are classified with this statistical compression algorithm. The preliminary experiment shows that our method can efficiently detect malware with high accuracy and low false positive rate.
Keywords :
data compression; digital signatures; information systems; invasive software; pattern classification; classification; information systems; malware detection; prediction by partial matching; signature based approaches; statistical compression algorithm; Automation; Compression algorithms; Computer security; Data compression; Data mining; Information science; Information systems; Internet; Learning systems; Probability distribution;
Conference_Titel :
Information Science and Engineering (ICISE), 2009 1st International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4244-4909-5
DOI :
10.1109/ICISE.2009.726
