Multi-context features for detecting malicious programs |
| |
| Authors: | Moustafa Saleh Tao Li Shouhuai Xu |
| |
| Affiliation: | 1.Microsoft Malware Protection Center,Microsoft,Redmond,USA;2.School of Computer Science,Florida International University,Miami,USA;3.Department of Computer Science,University of Texas at San Antonio,San Antonio,USA |
| |
| Abstract: | Malware detection is still an open problem. There are numerous attacks that take place every day where malware is used to steal private information, disrupt services, or sabotage industrial systems. In this paper, we combine three kinds of contextual information, namely static, dynamic, and instruction-based, for malware detection. This leads to the definition of more than thirty thousand features, which is a large features set that covers a wide range of a sample characteristics. Through experiments with one million files, we show that this features set leads to machine learning based models that can detect both malware seen roughly at the time when the models are built, and malware first seen even months after the models were built (i.e., the detection models remain effective months ahead of time). This may be due to the comprehensiveness of the features set. |
| |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! |
|
