Title :
Rootkit (malicious code) prediction through data mining methods and techniques
Author :
Ramani, R. Geetha ; Kumar, Sahoo Subhendu ; Jacob, Shomona Gracia
Author_Institution :
Dept. of Inf. Sci. & Technol., Anna Univ., Chennai, India
Abstract :
Rootkits refer to software that is used to hide the presence and activity of malware and permit an attacker to take control of a computer system by affecting the kernel. This paper explores the application of data mining methods to predict rootkits based on the attributes extracted from the information contained in the log files. The rootkit records were categorized as Inline and Others based on the attribute values. Nine classification algorithm were investigated to identify the most accurate and efficient classifier for rootkit prediction. The Correlation Bayes algorithm was found to attain the maximum level of prediction accuracy (87.4%) through 10-fold cross-validation. Moreover, inorder to affirm the performance of the algorithm on unbalanced data, the Mathews Correlation Coefficient was also calculated. The Correlation Bayes algorithm yielded the highest MCC of 0.679 on the Rootkit dataset.
Keywords :
data mining; invasive software; pattern classification; Mathews correlation coefficient; Rootkit dataset; Rootkit prediction; classification algorithm; computer system; correlation Bayes algorithm; data mining methods; information extraction; log files; malicious code prediction; malware activity; Accuracy; Classification algorithms; Correlation; Data mining; Jacobian matrices; Malware; Prediction algorithms; computer security; data mining; prediction; rootkits;
Conference_Titel :
Computational Intelligence and Computing Research (ICCIC), 2013 IEEE International Conference on
Conference_Location :
Enathi
Print_ISBN :
978-1-4799-1594-1
DOI :
10.1109/ICCIC.2013.6724243
