Using qualia and multi-layered relationships in malware detection

Author

Birrer, Bobby D. ; Raines, Richard A. ; Baldwin, Rusty O. ; Oxley, Mark E. ; Rogers, Steven K.

Author_Institution

Center for Cyberspace Res., Air Force Inst. of Technol., Dayton, OH

fYear

2009

fDate

March 30 2009-April 2 2009

Firstpage

91

Lastpage

98

Abstract

Detecting network intruders and malicious software is a significant problem for network administrators and security experts. New threats are emerging at an increasing rate, and current signature and statistics-based techniques are failing to keep pace. Intelligent systems that can adapt to new threats are needed to mitigate these new strains of malware as they are released. This research develops a system that uses contextual relationships and information across different layers of abstraction to detect malware based on its qualia, or essence. By looking for the underlying concepts that make a piece of software malicious, this system avoids the pitfalls of static solutions that focus on predefined signatures or anomaly thresholds. This type of qualia-based system provides a framework for developing intelligent classification and decision-making systems for any number of application areas.

Keywords

decision making; digital signatures; invasive software; pattern classification; statistical analysis; decision making; intelligent classification; intelligent system; malicious software; malware detection; multilayered relationship; network administrator; network intruder detection; qualia-based system; security expert; statistics-based technique; Capacitive sensors; Current measurement; Fingerprint recognition; Humans; Intelligent sensors; Intelligent systems; Protection; Robustness; Strain control; Viruses (medical);

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence in Cyber Security, 2009. CICS '09. IEEE Symposium on

Conference_Location

Nashville, TN

Print_ISBN

978-1-4244-2769-7

Type

conf

DOI

10.1109/CICYBS.2009.4925095

Filename

4925095