Data mining methods for malware detection using instruction sequences

Proceedings of the IASTED International Conference on Artificial Intelligence and Applications, AIA 2008

Volumn , Issue , 2008, Pages 358-363

  Siddiqui, Muazzam ^a   Wang, Morgan C ^a   Lee, Joohan ^a  

^a UNIVERSITY OF CENTRAL FLORIDA   (United States)

Author keywords

Binary classification; Data mining; Disassembly; Instruction sequences; Malware detection; Static analysis

Indexed keywords

BINARY CLASSIFICATION; BINARY CLASSIFICATION PROBLEMS; BUILDING PROCESS; COMPUTER SECURITIES; DATA MINING METHODS; DATA MINING TECHNIQUES; DECISION TREE MODELS; DISASSEMBLY; INSTRUCTION SEQUENCES; LOGISTIC REGRESSIONS; MALICIOUS BEHAVIORS; MALWARE DETECTION;

COMPUTER CRIME; DATA MINING; DECISION TREES; INFORMATION MANAGEMENT; MINING; NEURAL NETWORKS; SECURITY OF DATA; STATIC ANALYSIS;

BINARY SEQUENCES;

EID: 62849117735     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (20)

1. IDA Pro Disassembler. http://www.datarescue.com/idabase/index.htm.
2. PEiD. http://peid.has.it/.
3. VMware. http://www.vmware.com/.
4. VX Heavens. http://vx.netlux.org.
5. T. Abou-Assaleh, N. Cercone, V. Keselj, and R. Sweidan. N-gram-based detection of new malicious code. In Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - (COMPSAC'04) - Volume 02, pages 41-42, 2004.
6. F. Apap, A. Honig, S. Hershkop, E. Eskin, and S. Stolfo. Detecting malicious software by monitoring anomalous windows registry accesses. Technical report, 2001.
7. W. Arnold and G. Tesauro. Automatically generated win32 heuristic virus detection. In Virus Bulletin Conference, pages 123-132, 2000.
8. J. Bergeron, M. Debbabi, J. Desharnais, M. M. Erhioui, Y. Lavoie, and N. Tawbi. Static detection of malicious code in executable programs. Symposium on Requirements Engineering for Information Security (SREIS'01), 2001.
9. M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. In Proceedings of the 12th USENIX Security Symposium (Security' 03), pages 169-186, 2003.
10. F. Cohen. Computer Viruses. PhD thesis, University of Southern California, 1985.
11. J. Z. Kolter and M. A. Maloof. Learning to detect malicious executables in the wild. In Proceedings of the 2004 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2004.
12. R. W. Lo, K. N. Levitt, and R. A. Olsson. Mcf: A malicious code filter. Computers and Security, 14(6):541-566, 1995.
13. A. Mori. Detecting unknown computer viruses - a new approach -. Lecture Notes in Computer Science, pages 226-241, 2004.
14. J. C. Rabek, R. I. Khazan, S. M. Lewandowski, and R. K. Cunningham. Detection of injected, dynamically generated, and obfuscated malicious code. In Proceedings of the 2003 ACM Workshop on Rapid Malcode, pages 76-82, 2003.
15. M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo. Data mining methods for detection of new malicious executables. In Proceedings of the IEEE Symposium on Security and Privacy, pages 38-49, 2001.
16. A. H. Sung, J. Xu, P. Chavez, and S.Mukkamala. Static analyzer of vicious executables. In 20th Annual Computer Security Applications Conference, pages 326-334, 2004.
17. Symantec. Understanding heuristics: Symantec's bloodhound technology. Technical report, Symantec Corporation, 1997.
18. P. Szor. The Art of Computer Virus Research and Defense. AddisonWesley for Symantec Press, New Jersey, 2005.
19. M. Weber, M. Schmid, M. Schatz, and D. Geyer. A toolkit for detecting and analyzing malicious software. In Proceedings of the 18th Annual Computer Security Applications Conference, page 423, 2002.
20. Y. Yang and J. O. Pedersen. A comparative study on feature selection in text categorization. In Proceedings of the Fourteenth International Conference on Machine Learning, pages 412-420, 1997.