Skip to main content
SpringerLink
Log in

New Malicious Code Detection Based on N-Gram Analysis and Rough Set Theory

  • Conference paper
Computational Intelligence and Security (CIS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4456))

Included in the following conference series:

Abstract

Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the N-gram analysis. The method is based on statistical learning and not strictly dependent on certain viruses. We propose the use of rough set theory to reduce the feature dimension. An efficient implementation to calculate relative core, based on positive region definition is presented also. The k nearest neighbor and support vector machine classifiers are used to categorize a program as either normal or abnormal. The experimental results are promising and show that the proposed scheme results in low rate of false positive.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kephart, J., Arnold, W.: Automatic Extraction of Computer Virus Signatures. In: Proceedings.of the 4th Virus Bulletin International Conference, Abingdon, pp. 178–184 (1994)

    Google Scholar 

  2. Lo, R., Levitt, K., Olsson, R.: MCF: A Malicious Code Filter. Computers and Security 14, 541–566 (1995)

    Article  Google Scholar 

  3. Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert. 8, 5–6 (1996)

    Article  Google Scholar 

  4. Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings of the, IEEE Symposium on Security and Privacy, Los Alamitos, pp. 38–49 (2001)

    Google Scholar 

  5. Kephart, J.: A Biologically Inspired Immune System for Computers, In: Proceedings of the Fourth International Workshop on Synthesis and Simulation of Living Systems, Massachusetts, pp. 130–139 (1994)

    Google Scholar 

  6. Damashek, M.: Gauging similarity with n-grams: language independent categorization of text. Science 267, 843–848 (1995)

    Article  Google Scholar 

  7. Skowron, A., Rauszer, C. (eds.): Intelligent decision support: Handbook of applications and advances of the Rough Set Theory. Kluwer Academic Publishers, Boston (1992)

    Google Scholar 

  8. Perl package Text: Ngrams: http://search.cpan.org/author/vlado/Text-Ngrams-0.03Ngrams.pm

  9. LIBSVM Tools Home Page: http://www.csie.ntu.edu.tw/~cjlin/

  10. RSES Tools Home Page: http://logic.mimuw.edu.pl/~rses

  11. Zhang, B., Yin, J., Hao, J.: Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code. In: Wang, L., Jin, Y. (eds.) FSKD 2005. LNCS (LNAI), vol. 3613, pp. 629–634. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, National University of Defense Technolgy, Changsha 410073, China

    Boyun Zhang, Jianping Yin, Jingbo Hao, Shulin Wang & Dingxing Zhang

  2. Department of Computer Science, Hunan Public Security College, Changsha 410138, China

    Boyun Zhang

Authors
  1. Boyun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianping Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jingbo Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shulin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dingxing Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science and Technology , Xidian University, 710071, Xi’an, China

    Yuping Wang

  2. Department of Computer Science , Hong Kong Baptist University, Hong Kong, China

    Yiu-ming Cheung

  3. Faculty of Applied Mathematics , Guangdong University of Technology, 5100006, Guangzhou, China

    Hailin Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhang, B., Yin, J., Hao, J., Wang, S., Zhang, D. (2007). New Malicious Code Detection Based on N-Gram Analysis and Rough Set Theory. In: Wang, Y., Cheung, Ym., Liu, H. (eds) Computational Intelligence and Security. CIS 2006. Lecture Notes in Computer Science(), vol 4456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74377-4_65

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74377-4_65

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74376-7

  • Online ISBN: 978-3-540-74377-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation