Abstract
Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the N-gram analysis. The method is based on statistical learning and not strictly dependent on certain viruses. We propose the use of rough set theory to reduce the feature dimension. An efficient implementation to calculate relative core, based on positive region definition is presented also. The k nearest neighbor and support vector machine classifiers are used to categorize a program as either normal or abnormal. The experimental results are promising and show that the proposed scheme results in low rate of false positive.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kephart, J., Arnold, W.: Automatic Extraction of Computer Virus Signatures. In: Proceedings.of the 4th Virus Bulletin International Conference, Abingdon, pp. 178–184 (1994)
Lo, R., Levitt, K., Olsson, R.: MCF: A Malicious Code Filter. Computers and Security 14, 541–566 (1995)
Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert. 8, 5–6 (1996)
Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data mining methods for detection of new malicious executables. In: Proceedings of the, IEEE Symposium on Security and Privacy, Los Alamitos, pp. 38–49 (2001)
Kephart, J.: A Biologically Inspired Immune System for Computers, In: Proceedings of the Fourth International Workshop on Synthesis and Simulation of Living Systems, Massachusetts, pp. 130–139 (1994)
Damashek, M.: Gauging similarity with n-grams: language independent categorization of text. Science 267, 843–848 (1995)
Skowron, A., Rauszer, C. (eds.): Intelligent decision support: Handbook of applications and advances of the Rough Set Theory. Kluwer Academic Publishers, Boston (1992)
Perl package Text: Ngrams: http://search.cpan.org/author/vlado/Text-Ngrams-0.03Ngrams.pm
LIBSVM Tools Home Page: http://www.csie.ntu.edu.tw/~cjlin/
RSES Tools Home Page: http://logic.mimuw.edu.pl/~rses
Zhang, B., Yin, J., Hao, J.: Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code. In: Wang, L., Jin, Y. (eds.) FSKD 2005. LNCS (LNAI), vol. 3613, pp. 629–634. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, B., Yin, J., Hao, J., Wang, S., Zhang, D. (2007). New Malicious Code Detection Based on N-Gram Analysis and Rough Set Theory. In: Wang, Y., Cheung, Ym., Liu, H. (eds) Computational Intelligence and Security. CIS 2006. Lecture Notes in Computer Science(), vol 4456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74377-4_65
Download citation
DOI: https://doi.org/10.1007/978-3-540-74377-4_65
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74376-7
Online ISBN: 978-3-540-74377-4
eBook Packages: Computer ScienceComputer Science (R0)