2010
DOI: 10.1007/s11432-010-4123-5
|View full text |Cite
|
Sign up to set email alerts
|

A malware detection model based on a negative selection algorithm with penalty factor

Abstract: A malware detection model based on a negative selection algorithm with penalty factor (NSAPF) is proposed in this paper. This model extracts a malware instruction library (MIL), containing instructions that tend to appear in malware, through deep instruction analysis with respect to instruction frequency and file frequency. From the MIL, the proposed model creates a malware candidate signature library (MCSL) and a benign program malware-like signature library (BPMSL) by splitting programs orderly into various … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2011
2011
2016
2016

Publication Types

Select...
5
5

Relationship

1
9

Authors

Journals

citations
Cited by 27 publications
(8 citation statements)
references
References 13 publications
0
8
0
Order By: Relevance
“…A malware detection model based on a negative selection algorithm with penalty factor (NSAPF) was proposed [7]. The NSAPF punishes the features of nonself which match the features of self instead of deleting them directly.…”
Section: Related Workmentioning
confidence: 99%
“…A malware detection model based on a negative selection algorithm with penalty factor (NSAPF) was proposed [7]. The NSAPF punishes the features of nonself which match the features of self instead of deleting them directly.…”
Section: Related Workmentioning
confidence: 99%
“…Zhang et al [32] developed a malware detection model based on a negative selection algorithm with a penalty factor, which overcomes the drawback of the traditional negative selection algorithms in defining harmfulness of "self" and "nonself" by introducing the penalty factor. By adjusting the penalty factor, the model can achieve a tradeoff between true positive and false positive rates to satisfy the different requirements of users.…”
Section: Trustworthy Softwarementioning
confidence: 99%
“…In cases when a popular compromised site is used for malware propagation, many unaware site visitors can be attacked and become a part of a botnet. Binary checking and methods used in various solutions to malware detection (Li et al 2007;Juknius et al 2009;Zhang et al 2010) often fail to identify simple redirection schemes and JavaScript traps. While checking the source of the obviously attacked sites, we found that the website had no malware itself but acted as a redirector to source or performed browser exploitation.…”
Section: Botnet Propagation Via Website Detection Algorithmmentioning
confidence: 99%