Minimal contrast frequent pattern mining for malware detection

Hellal, Aya; Romdhane, Lotfi

doi:10.1016/j.cose.2016.06.004

Cited by 33 publications

(20 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this pair, items are the items that compose product P k , and value is the profit value of the product P k . Table 1 shows the example datasets that have five items including a, b, c, d, e, f and the set of products P 1 , P 2 , … , P 10 .…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Efficient Method for Mining Erasable Itemsets Using Multicore Processor Platform

Huynh

2018

Complexity

View full text Add to dashboard Cite

Mining erasable itemset (EI) is an attracting field in frequent pattern mining, a wide tool used in decision support systems, which was proposed to analyze and resolve economic problem. Many approaches have been proposed recently, but the complexity of the problem is high which leads to time-consuming and requires large system resources. Therefore, this study proposes an effective method for mining EIs based on multicore processors (pMEI) to improve the performance of system in aspect of execution time to achieve the better user experiences. This method also solves some limitations of parallel computing approaches in communication, data transfers, and synchronization. A dynamic mechanism is also used to resolve the load balancing issue among processors. We compared the execution time and memory usage of pMEI to other methods for mining EIs to prove the effectiveness of the proposed algorithm. The experiments show that pMEI is better than MEI in the execution time while the memory usage of both methods is the same.

show abstract

Section: Related Workmentioning

confidence: 99%

“…There are many methods [4,5] for mining FPs in recent years. In addition, some issues related to FP mining has been proposed such as maximal frequent patterns [6], top-k cooccurrence items with sequential pattern [7], weightedbased patterns [8], periodic-frequent patterns [9], and their applications [10,11].…”

Section: Introductionmentioning

confidence: 99%

An Efficient Method for Mining Erasable Itemsets Using Multicore Processor Platform

Huynh

2018

Complexity

View full text Add to dashboard Cite

show abstract

“…Ding et al [17] proposed QOOA that is an API-based association mining method for malware detection. Hellal et al [18] presented a new graph mining method to detect variants of malware using static analysis. They proposed a novel algorithm, called minimal contrast frequent subgraph miner algorithm (MCFSM), for extracting minimal discriminative and widely employed malicious behavioral patterns which can identify an entire family of malicious programs.…”

Section: Static Analysis-based Methodsmentioning

confidence: 99%

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

Tajoddin

Jalili

2018

Applied Sciences

View full text Add to dashboard Cite

Abstract:Malware have been tremendously growing in recent years. Most malware use obfuscation techniques for evasion and hiding purposes, but they preserve the functionality and malicious behavior of original code. Although most research work has been mainly focused on program static analysis, some recent contributions have used program behavior analysis to detect malware at run-time. Extracting the behavior of polymorphic malware is one of the major issues that affects the detection result. In this paper, we propose HM 3 alD, a novel program behavior-aware hidden Markov model for polymorphic malware detection. The main idea is to use an effective clustering scheme to partition the program behavior of malware instances and then apply a novel hidden Markov model (called program behavior-aware HMM) on each cluster to train the corresponding behavior. Low-level program behavior, OS-level system call sequence, is mapped to high-level action sequence and used as transition triggers across states in program behavior-aware HMM topology. Experimental results show that HM 3 alD outperforms all current dynamic and static malware detection methods, especially in term of FAR, while using a large dataset of 6349 malware.

show abstract

“…Hellal and Romdhane statically extract function calls of system API from analysed programs and divide them into 32 main categories of behaviour, with additional 4 subcategories for 4 types of actions -open, read, write and close, so in total 128 behaviour categories are used [11]. They also observe sequence of function calls, which is statically extracted from a program as an API call graph.…”

Section: Related Workmentioning

confidence: 99%

High-Level Malware Behavioural Patterns: Extractability Evaluation

Stastna

Tomášek

2017

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-Many promising malware research projects focus on malware behaviour analysis, however, in the end they tend to build new detection systems and stick to measuring detection ratios. Our approach focuses on malware behavioural analysis for defining (characterising) malicious software on rather high level of abstraction, in order to break the endless cycle of evolving malware and malware analysts trying to catch up on new threats. As our research outlines, even such high-level behavioural information as numbers of occurrences of some behavioural events, can be successfully extracted from program samples and interpreted for extraction of repeating behavioural patterns. While this may seem simple at the first glance, there are plenty variables entering the process of behavioural data acquisition and pattern extraction.

show abstract

Minimal contrast frequent pattern mining for malware detection

Cited by 33 publications

References 11 publications

An Efficient Method for Mining Erasable Itemsets Using Multicore Processor Platform

An Efficient Method for Mining Erasable Itemsets Using Multicore Processor Platform

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

High-Level Malware Behavioural Patterns: Extractability Evaluation

Contact Info

Product

Resources

About