Skip to main content
SpringerLink
Log in

Using RS and SVM to Detect New Malicious Executable Codes

  • Conference paper
Rough Sets and Knowledge Technology (RSKT 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4062))

Included in the following conference series:

Abstract

A hybrid algorithm based on attribute reduction of Rough Sets(RS) and classification principles of Support Vector Machine (SVM) to detect new malicious executable codes is present. Firstly, the attribute reduction of RS has been applied as preprocessor so that we can delete redundant attributes and conflicting objects from decision making table but remain efficient information lossless. Then, we realize classification modeling and forecasting test based on SVM. By this method, we can reduce the dimension of data, decrease the complexity in the process. Finally, comparison of detection ability between the above detection method and others is given. Experiment result shows that the present method could effectively use to discriminate normal and abnormal executable codes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wildlist Organization Home Page: http://www.wildlist.org

  2. Lo, R., Levitt, K., Olsson, R.: MCF: A Malicious Code Filter. Computers and Security 14, 541–566 (1995)

    Article  Google Scholar 

  3. Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert 8, 5–6 (1996)

    Article  Google Scholar 

  4. Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Los Alamitos, pp. 38–49 (2001)

    Google Scholar 

  5. Vmware: http://www.vmware.com

  6. Pawlak, Z.: Rough sets theoretical aspests of reasoning about data. Kluwer academic publishers, Boston (1991)

    Google Scholar 

  7. Zhang, B., Yin, Y., Hao, J.: J.: Using Fuzzy Pattern Recognition to Detect Unknown Ma-licious Executables Code. In: Proceedings of the Second International Conference on Fuzzy Systems and Knowledge Discovery, Changsha, pp. 629–634 (2005)

    Google Scholar 

  8. Zhang, B.Y., Yin, J., Zhang, D., Hao, j.: Unknown Computer Virus Detection Based on K-Nearest Neighbor Algorithm. Computer Engineering and Aplications 6, 7–10 (2005)

    Google Scholar 

  9. Rewat, S., Gulati, V.P., Pujari, A.K.: A Fast Host-based IntrusionDetection Using Rough Set Theory. In: Peters, J.F., Skowron, A. (eds.) Transactions on Rough Sets IV. LNCS, vol. 3700, pp. 144–162. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, National University of Defense Technology, Changsha, 410073, China

    Boyun Zhang, Jianping Yin & Jinbo Hao

  2. Department of Computer Science, Hunan Public Security College, Changsha, 410138, China

    Boyun Zhang

Authors
  1. Boyun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianping Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jinbo Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computer Science and Technology, Chongqing, University of Posts and Telecommunication, 400065, Chongqing, P.R. China

    Guo-Ying Wang

  2. Department of Electrical and Computer Engineering, University of Manitoba, R3T 5V6, Winnipeg, Manitoba, Canada

    James F. Peters

  3. Institute of Mathematics, Warsaw University, Banacha 2, 02-097, Warsaw, Poland

    Andrzej Skowron

  4. Department of Computer Science, University of Regina, Regina,, S4S 0A2, Saskatchewan, Canada

    Yiyu Yao

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, B., Yin, J., Hao, J. (2006). Using RS and SVM to Detect New Malicious Executable Codes. In: Wang, GY., Peters, J.F., Skowron, A., Yao, Y. (eds) Rough Sets and Knowledge Technology. RSKT 2006. Lecture Notes in Computer Science(), vol 4062. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11795131_83

Download citation

  • DOI: https://doi.org/10.1007/11795131_83

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36297-5

  • Online ISBN: 978-3-540-36299-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation