Malicious sequential pattern mining for automatic malware detection |
| |
| Affiliation: | 1. School of Mathematics and Computer Science, Fujian Normal University, Fuzhou, China;2. Department of Computer Science and Electrical Engineering, West Virginia University, Morgantown, USA;3. Department of Computer Science, University of Sherbrooke, Sherbrooke, Canada;1. Department of Mathematics, School of Science, Wuhan University of Technology, Luoshi Road 122, Wuhan, Hubei 430070, People’s Republic of China;2. Signal Processing Group, Department of Electronics and Telecommunications, Norwegian University of Science and Technology, Trondheim N-7491, Norway;1. Computer Science and Engineering, Siksha ‘O’ Anusandhan University, Bhubaneswar, India\n;2. Multidisciplinary Research Cell, Siksha O Anusandhan University, Bhubaneswar, India;1. Department of Management, IESEG School of Management (LEM-CNRS), 3, rue de la Digue, 59000 Lille, France\n;2. Department of Industrial and Systems Engineering, The Hong Kong Polytechnic University, Hong Kong, China\n;1. Department of Economics and Statistics, University of Naples Federico II, Via Cinthia, 80126 Naples, Italy;2. Faculté des Sciences Sociales, Université de Liège, Place des Orateurs 3, 4000 Liège, Belgium;3. Department of Industrial Engineering, University of Naples Federico II, Piazzale Tecchio, 80125 Naples, Italy |
| |
| Abstract: | Due to its damage to Internet security, malware (e.g., virus, worm, trojan) and its detection has caught the attention of both anti-malware industry and researchers for decades. To protect legitimate users from the attacks, the most significant line of defense against malware is anti-malware software products, which mainly use signature-based method for detection. However, this method fails to recognize new, unseen malicious executables. To solve this problem, in this paper, based on the instruction sequences extracted from the file sample set, we propose an effective sequence mining algorithm to discover malicious sequential patterns, and then All-Nearest-Neighbor (ANN) classifier is constructed for malware detection based on the discovered patterns. The developed data mining framework composed of the proposed sequential pattern mining method and ANN classifier can well characterize the malicious patterns from the collected file sample set to effectively detect newly unseen malware samples. A comprehensive experimental study on a real data collection is performed to evaluate our detection framework. Promising experimental results show that our framework outperforms other alternate data mining based detection methods in identifying new malicious executables. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
