Title :
Study of fuzzy clustering methods for malicious codes using native API call frequency
Author :
Kwon, Ochul ; Bae, Seongjae ; Cho, Jaeik ; Moon, Jongsub
Author_Institution :
Center for Inf. Security Technol., Korea Univ., Seoul
fDate :
March 30 2009-April 2 2009
Abstract :
The Native API is a system call which can only be accessed with the authentication of the administrator. It can be used to detect a variety of malicious codes which can only be executed with the administrator´s authority. Therefore, much research is being done on detection methods using the characteristics of the Native API. Most of these researches are being done by using supervised learning methods of machine learning. However, the classification standards of Anti-Virus companies do not reflect the characteristics of the Native API Call. As a result the population data used in the supervised learning methods is not accurate. Therefore, more research is needed on the topic of classification standards using the Native API for detection. This paper proposes a method for classifying malicious codes using a fuzzy clustering method with the Native API Call standard. The accuracy of the proposed method uses machine learning to compare detection rates with previous classifying methods for evaluation.
Keywords :
application program interfaces; fuzzy set theory; learning (artificial intelligence); message authentication; pattern classification; pattern clustering; administrator authority; anti-virus company; application programming interface; fuzzy clustering; machine learning; malicious code; supervised learning; Authentication; Clustering methods; Code standards; Frequency; Fuzzy systems; Information security; Machine learning; Moon; Operating systems; Supervised learning;
Conference_Titel :
Computational Intelligence in Cyber Security, 2009. CICS '09. IEEE Symposium on
Conference_Location :
Nashville, TN
Print_ISBN :
978-1-4244-2769-7
DOI :
10.1109/CICYBS.2009.4925086
