Abstract
Run-time malware detection strategies are efficient and robust, which get more and more attention. In this paper, we use I/O Request Package (IRP) sequences for malware detection. N-gram will be used to analyze IRP sequences for feature extraction. Integrated use of Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA), we get more than 96% true positive rate and 0% false positive rate, by a selection of n-gram sequences which only exist in malware IRP sequences.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, F.Y., Qi, D.Y., Hu, J.L.: MBMAS: A System for Malware Behavior Monitor and Analysis. In: International Symposium on Computer Network and Multimedia Technology (CNMT 2009), pp. 1–4 (2009)
Manzoor, S., Shafiq, M.Z., Tabish, S.M., Farooq, M.: A sense of ‘danger’ for windows processes. In: Andrews, P.S., Timmis, J., Owens, N.D.L., Aickelin, U., Hart, E., Hone, A., Tyrrell, A.M. (eds.) Artificial Immune Systems. LNAI, LNBI, vol. 5666, pp. 220–233. Springer, Heidelberg (2009)
VX Heaven, http://vx.netlux.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, F., Qi, D., Hu, J. (2010). Using IRP for Malware Detection. In: Jha, S., Sommer, R., Kreibich, C. (eds) Recent Advances in Intrusion Detection. RAID 2010. Lecture Notes in Computer Science, vol 6307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15512-3_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-15512-3_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15511-6
Online ISBN: 978-3-642-15512-3
eBook Packages: Computer ScienceComputer Science (R0)