Using Support Vector Machine to Detect Unknown Computer Viruses

Zhang, Boyun; Yin, Jianping; Hao, Jinbo; Zhang, Ding-xing; Wang, Shuling

doi:10.5019/j.ijcir.2006.51

Cited by 22 publications

(8 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…That fact favorably distinguishes the approach offered from that described in [9]. That fact favorably distinguishes the approach offered from that described in [9].…”

mentioning

confidence: 88%

See 1 more Smart Citation

Integrated Usage of Data Mining Methodsfor Malware Detection

Komashinskiy

Kotenko

2009

Lecture Notes in Geoinformation and Cartography

View full text Add to dashboard Cite

remains a real one in all computer systems, including Geographical Information Systems (GIS), despite the obv ious successes of antivirus vendors in technologies aimed at early recognition of malware propagation, code analysis, and malware rapid updating of databases. The basic issue of that problem is the quality of heuristic detection methods. The goal of these methods is to provide recognition of unknown malware samples; therefore heuristic detection is the last defense line of any critical object in IT infrastructure. The paper is devoted to the application of data mining methods to heuristic detector development. The offered approach differs from existing ones by cyclic interactive covert processing of behavioral information, and integrated use of different methods of data mining for various classes of malware. The paper discusses research into how a family of different data mining methods based on Bayes approach, decision trees and neural networks were implemented and investigated. The paper proposes a general integrated approach to realization of malware detection methods.Abstract. The problem of counteracting malicious software (malware)

show abstract

“…That fact favorably distinguishes the approach offered from that described in [9]. That fact favorably distinguishes the approach offered from that described in [9].…”

mentioning

confidence: 88%

“…Zhang, et al [9] considered the design of the DM-based detection model based on support vector machine (SVM) classifier. Zhang, et al [9] considered the design of the DM-based detection model based on support vector machine (SVM) classifier.…”

Section: Related Workmentioning

confidence: 99%

Integrated Usage of Data Mining Methodsfor Malware Detection

Komashinskiy

Kotenko

2009

Lecture Notes in Geoinformation and Cartography

View full text Add to dashboard Cite

show abstract

“…SVMs with tree kernel functions are then applied to the trees in order to classify the sentences or sequences according to their similarity. In computer security, SVMs are mainly used for intrusion detection [7,22] or for detecting anomalies [4] in noisy data.…”

Section: Related Workmentioning

confidence: 99%

Malware analysis with graph kernels and support vector machines

Wagner

Wagener

State

et al. 2009

2009 4th International Conference on Malicious and Unwanted Software (MALWARE)

View full text Add to dashboard Cite

This paper addresses a fundamentally new method for analyzing the behavior of executed applications and sessions. We describe a modeling framework capable of representing relationships among processes belonging to the same session in an integrated way, as well as the information related to the underlying system calls executed. We leverage for this purpose graph-based kernels and Support Vector Machines (SVM) in order to classify either individually monitored applications or more comprehensive user sessions. Our approach can serve both as a host-level intrusion detection and application level monitoring and as an adaptive jail framework.

show abstract

“…Наиболее показательными из них являются работы [1,3,[5][6][7]. В работе [1] рассматривается подход, реализующий статический анализ исполняемых файлов.…”

unclassified

“…В работе [6] использовал-ся подход, базирующийся на более сложной технике анализа испол-няемых файлов с привлечением отладочных средств. В работе [7] ис-следовалась применимость метода SVM для построения модели детек-тирования приложений на основе собираемой при их выполнении по-веденческой информации.…”

unclassified

Approach to detect malware based on postionally dependent information

Комашинский¹,

Kotenko²,

Шоров³

2014

Тр. СПИИРАН

View full text Add to dashboard Cite

УДК 004.49 Комашинский Д.В., Котенко И.В., Шоров А.В. Подход к обнаружению вредоносного программного обеспечения на основе позиционно-зависимой информации. Аннотация. Проблема противодействия вредоносному программному обеспечению (ПО), остается довольно острой, несмотря на появление более эффективных механизмов его выявления, анализа, обновления баз его описаний и правил обнаружения. Важным аспектом этой проблемы является поиск эвристических методов детектирования, обла-дающих большей точностью обнаружения. В работе рассматривается применение мето-дов интеллектуального анализа данных (Data Mining) для создания эвристических детек-торов вредоносного ПО. Описываемый подход отличается от существующих направлен-ностью на обработку статической информации, обеспечивающей формирование отдель-ных функциональных элементов эффективной модели детектирования вредоносных исполняемых объектов. В работе реализована и исследована общая методология форми-рования системы детектирования на базе применения методов выделения значимых признаков и методов классификации. Ключевые слова: защита информации, вредоносное ПО, обнаружение вредоносного ПО, интеллектуальный анализ данных, методы статического анализа.Komashinskiy D.V., Kotenko I.V., Shorov A.V. Approach to detect malware based on postionally dependent information. Abstract. The problem of counteraction to malware remains quite severe, despite the emergence of more effective mechanisms for its identification, analysis, updating the database of its descriptions and detection rules. An important aspect of this problem is to find heuristic detection methods with better accuracy. This paper considers the application of data mining methods to create heuristic malware detectors. The described approach differs from existing by focusing on processing of static information, ensuring the formation of particular functional elements of an effective model to detect malicious executables. We implemented and studied a general methodology for creating detection system based on application of methods for selecting significant features and classification.

show abstract

Using Support Vector Machine to Detect Unknown Computer Viruses

Cited by 22 publications

References 6 publications

Integrated Usage of Data Mining Methodsfor Malware Detection

Integrated Usage of Data Mining Methodsfor Malware Detection

Malware analysis with graph kernels and support vector machines

Approach to detect malware based on postionally dependent information

Contact Info

Product

Resources

About