Malware detection using statistical analysis of byte-level file content

Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD in Conjunction with SIGKDD'09

Volumn , Issue , 2009, Pages 23-31

  Tabish, S Momina ^a   Shafiq, M Zubair ^a   Farooq, Muddassar ^a  

^a NATIONAL UNIVERSITY OF COMPUTER AND EMERGING SCIENCES   (Pakistan)

Author keywords

Computer malware; Data mining; Forensics

Indexed keywords

ANTIVIRUS SOFTWARES; APRIORI; CLASSIFICATION RESULTS; COMPUTER MALWARE; CONTENT-BASED; DATA MINING ALGORITHM; DATA SETS; DETECTION ACCURACY; FILE CONTENTS; MALWARE DETECTION; MALWARES; STATISTICAL ANALYSIS; TROJANS;

CHANNEL STATE INFORMATION; DATA MINING; INFORMATION THEORY; ONLINE SEARCHING; PROBABILITY DENSITY FUNCTION;

COMPUTER WORMS;

EID: 70449633109     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1599272.1599278     Document Type: Conference Paper

References (31)

1. Symantec Internet Security Threat Reports I-XI (Jan 2002-Jan 2008).
2. F-Secure Corporation, "F-Secure Reports Amount of Malware Grew by 100% during 2007", Press release, 2007.
3. A. Stepan, "Improving Proactive Detection of Packed Malware", Virus Buletin, March 2006, available at http://www.virusbtn.com/virusbulletin/ archive/2006/03/vb200603-packed.dkb
4. R. Perdisci, A. Lanzi, W. Lee, "Classification of Packed Executables for Accurate Computer Virus Detection", Pattern Recognition Letters, 29(14), pp. 1941-1946, Elsevier, 2008.
5. AVG Free Antivirus, available at http://free.avg.com/.
6. Panda Antivirus, available at http://www.pandasecurity.com/.
7. M.G. Schultz, E. Eskin, E. Zadok, S.J. Stolfo, "Data mining methods for detection of new malicious executables", IEEE Symposium on Security and Privacy, pp. 38-49, USA, IEEe Press, 2001.
8. J.Z. Kolter, M.A. Maloof, "Learning to detect malicious executables in the wild", ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470-478, USA, 2004.
9. J. Kephart, G. Sorkin, W. Arnold, D. Chess, G. Tesauro, S. White, "Biologically inspired defenses against computer viruses", International Joint Conference on Artificial Intelligence (IJCAI), pp. 985-996, USA, 1995.
10. R.W. Lo, K.N. Levitt, R.A. Olsson, "MCF: A malicious code filter", Computers & Security, 14(6):541-566, Elseveir, 1995.
11. O. Henchiri, N. Japkowicz, "A Feature Selection and Evaluation Scheme for Computer Virus Detection", IEEE International Conference on Data Mining (ICDM), pp. 891-895, USA, IEEE Press, 2006.
12. P. Kierski, M. Okoniewski, P. Gawrysiak, "Automatic Classification of Executable Code for Computer Virus Detection", International Conference on Intelligent Information Systems, pp. 277-284, Springer, Poland, 2003.
13. T. Abou-Assaleh, N. Cercone, V. Keselj, R. Sweidan. "Detection of New Malicious Code Using N-grams Signatures", International Conference on Intelligent Information Systems, pp. 193-196, Springer, Poland, 2003.
14. J.H. Wang, P.S. Deng, "Virus Detection using Data Mining Techniques", IEEE International Carnahan Conference on Security Technology, pp. 71-76, IEEE Press, 2003.
15. W.J. Li, K. Wang, S.J. Stolfo, B. Herzog, "Fileprints: identifying filetypes by n-gram analysis", IEEE Information Assurance Workshop, USA, IEEE Press, 2005.
16. S.J. Stolfo, K. Wang, W.J. Li, "Towards Stealthy Malware Detection", Advances in Information Security, Vol. 27, pp. 231-249, Springer, USA, 2007.
17. W.J. Li, S.J. Stolfo, A. Stavrou, E. Androulaki, A.D. Keromytis, "A Study of Malcode-Bearing Documents", International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), pp. 231-250, Springer, Switzerland, 2007.
18. M.Z. Shafiq, S.A. Khayam, M. Farooq, "Embedded Malware Detection using Markov n-Grams", International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), pp. 88-107, Springer, France, 2008.
19. M. Christodorescu, S. Jha, and C. Kruegal, "Mining Specifications of Malicious Behavior", European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2007), pp. 5-14, Croatia, 2007.
20. Frans Veldman, "Heuristic Anti-Virus Technology", International Virus Bulletin Conference, pp. 67-76, USA, 1993, available at http://mirror.sweon.net/madchat/vxdevl/vdat/epheurs1.htm.
21. Jay Munro, "Antivirus Research and Detection Techniques", Antivirus Research and Detection Techniques, ExtremeTech, 2002, available at http://www.extremetech.com/article2/0,2845,367051,00.asp.
22. D.W. Aha, D. Kibler, M.K. Albert, "Instance-based learning algorithms", Journal of Machine Learning, Vol. 6, pp. 37-66, 1991.
23. M.E. Maron, J.L. Kuhns, "On relevance, probabilistic indexing and information retrieval", Journal of the Association of Computing Machinery, 7(3), pp.216-244, 1960.
24. Y. Freund, R. E. Schapire, "A decision-theoretic generalization of on-line learning and an application to boosting", Journal of Computer and System Sciences, No. 55, pp. 23-37, 1997
25. J.R. Quinlan, "C4.5: Programs for machine learning", Morgan Kaufmann, USA, 1993.
26. I.H. Witten, E. Frank, "Data mining: Practical machine learning tools and techniques", Morgan Kaufmann, 2nd edition, USA, 2005.
27. VX Heavens Virus Collection, VX Heavens website, available at http://vx.netlux.org
28. J. Oberheide, E. Cooke, F. Jahanian. "CloudAV: N-Version Antivirus in the Network Cloud", USENIX Security Symposium, pp. 91-106, USA, 2008.
29. T. Fawcett, "ROC Graphs: Notes and Practical Considerations for Researchers", TR HPL-2003-4, HP Labs, USA, 2004.
30. S.D. Walter, "The partial area under the summary ROC curve", Statistics in Medicine, 24(13), pp. 2025-2040, 2005.
31. T.M. Cover, J.A. Thomas, "Elements of Information Theory", Wiley-Interscience, 1991.