Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code

Zhang, Boyun; Yin, Jianping; Hao, Jingbo

doi:10.1007/11539506_78

Boyun Zhang^20,21,
Jianping Yin²⁰ &
Jingbo Hao²⁰

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3613))

Included in the following conference series:

International Conference on Fuzzy Systems and Knowledge Discovery

1128 Accesses
11 Citations

Abstract

An intelligent detect system to recognition unknown computer virus is proposed. Using the method based on fuzzy pattern recognition algorithm, a malicious executable code detection network model is designed also. This model target at Win32 binary viruses on Intel IA32 architectures. It could detect known and unknown malicious code by analyzing their behavior. We gathered 423 benign and 209 malicious executable programs that are in the Windows Portable Executable (PE) format as dataset for experiment . After extracting the most relevant API calls as feature, the fuzzy pattern recognition algorithm to detect computer virus was evaluated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 119.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

McGraw, G., Morisett, G.: Attacking malicious code: A report to the Infosec Research Council. IEEE Software 5, 33–41 (2000)
Article Google Scholar
Lo, R., Levitt, K., Olsson, R.: MCF: A malicious code filter. Computers & Security 14, 541–566 (1995)
Article Google Scholar
Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert 11, 5–6 (1996)
Article Google Scholar
Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 38–49. IEEE Press, Los Alamitos (2001)
Google Scholar
Zhang, B., Yin, J., Zhang, D., Hao, J.: Unkown computer virus detection based on K-nearest neighbor algorithm. Computer Engineering and Applications 6, 7–10 (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer Science, National University of Defense Technology, Changsha, 410073, China
Boyun Zhang, Jianping Yin & Jingbo Hao
Department of Computer Science, Hunan Public Security College, Changsha, 410138, China
Boyun Zhang

Authors

Boyun Zhang
View author publications
You can also search for this author in PubMed Google Scholar
Jianping Yin
View author publications
You can also search for this author in PubMed Google Scholar
Jingbo Hao
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Electrical and Electronic Engineering, Nanyang Technological University, Block S1, Nanyang Avenue, 639798, Singapore
Lipo Wang
Honda Research Institute Europe GmbH, Offenbach/Main, Germany
Yaochu Jin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zhang, B., Yin, J., Hao, J. (2005). Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code. In: Wang, L., Jin, Y. (eds) Fuzzy Systems and Knowledge Discovery. FSKD 2005. Lecture Notes in Computer Science(), vol 3613. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11539506_78

Download citation

DOI: https://doi.org/10.1007/11539506_78
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28312-6
Online ISBN: 978-3-540-31830-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics