A Novel Data Mining Method for Malware Detection
نویسندگان
چکیده
Losses caused by malware are irrecoverable. Detection of malicious activity is the most challenge in the security of computing systems because current virulent executable are using sophisticated polymorphism and metamorphism techniques. It make difficult for analyzers to investigate their code statically. In this paper, we present a data mining approach to predict executable behavior. We provide an Application Programming Interface (API) which provides sequences captured of a running process with the aim of its predicting intention. Although API calls are commonly analyzed by existing anti-viruses and sandboxes, our work presents for the first time that using an API and the number of iteration as a countermeasure for malware detection in the API. The experiments have shown the effectiveness of our method on polymorphic and metamorphic malware by achieving an accuracy of 93.5% while keeping detection rate as
منابع مشابه
A Novel Hybrid Approach for Email Spam Detection based on Scatter Search Algorithm and K-Nearest Neighbors
Because cyberspace and Internet predominate in the life of users, in addition to business opportunities and time reductions, threats like information theft, penetration into systems, etc. are included in the field of hardware and software. Security is the top priority to prevent a cyber-attack that users should initially be detecting the type of attacks because virtual environments are not moni...
متن کاملDetection of Malware and Malicious Executables Using E-Birch Algorithm
Malware detection is one of the challenges to the modern computing world. Web mining is the subset of data mining used to provide solutions for complex problems. Web intelligence is the new hope for the field of computer science to bring solution for the malware detection. Web mining is the method of web intelligence to make web as an intelligent tool to combat malware and phishing websites. Ge...
متن کاملMalware Detection using Classification of Variable-Length Sequences
In this paper, a novel method based on the graph is proposed to classify the sequence of variable length as feature extraction. The proposed method overcomes the problems of the traditional graph with variable length of data, without fixing length of sequences, by determining the most frequent instructions and insertion the rest of instructions on the set of “other”, save speed and memory. Acco...
متن کاملOpcode sequences as representation of executables for data-mining-based unknown malware detection
Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a critical topic in computer security. Currently, signature-based detection is the most widespread method used in commercial antivirus. In spite of the ...
متن کاملSemantic Malware Detection by Deploying Graph Mining
Today malware is a serious threat to our society. Several researchers are studying detection and mitigation of malware threats. On the other hand malware authors try to use obfuscation techniques for evading detection. Unfortunately usual approach (e.g., antivirus software) use signature based method which can easily be evaded. For addressing these shortcomings dynamic methods have been introdu...
متن کامل