Article

IMDS: intelligent malware detection system

Authors:

Dongyi YeAuthors Info & Claims

KDD '07: Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining

Pages 1043 - 1047

https://doi.org/10.1145/1281192.1281308

Published: 12 August 2007 Publication History

Abstract

The proliferation of malware has presented a serious threat to the security of computer systems. Traditional signature-based anti-virus systems fail to detect polymorphic and new, previously unseen malicious executables. In this paper, resting on the analysis of Windows API execution sequences called by PE files, we develop the Intelligent Malware Detection System (IMDS) using Objective-Oriented Association (OOA) mining based classification. IMDS is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier. An OOA_Fast_FP-Growth algorithm is adapted to efficiently generate OOA rules for classification. A comprehensive experimental study on a large collection of PE files obtained from the anti-virus laboratory of King-Soft Corporation is performed to compare various malware detection approaches. Promising experimental results demonstrate that the accuracy and efficiency of our IMDS system out perform popular anti-virus software such as Norton AntiVirus and McAfee VirusScan, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine (SVM) and Decision Tree techniques.

References

[1]

R. Agrawal and R. Srikant. Fast algorithms for association rule mining. In Proceedings of VLDB-94, 1994.

Digital Library

[2]

H. Cheng, X. Yan, J. Han, and C. Hsu. Discriminative frequent pattern analysis for effective classification. In ICDE-07, 2007.

[3]

M. Christodorescu and S. Jha. Static analysis of executables to detect malicious patterns. In Proceedings of the 12th USENIX Security Symposium, 2003.

Digital Library

[4]

M. Fan and C. Li. Mining frequent patterns in an fp-tree without conditional fp-tree generation. Journal of Computer Research and Development, 40:1216--1222, 2003.

[5]

J. Han and M. Kamber. Data mining: Concepts and techniques, 2nd edition. Morgan Kaufmann, 2006.

Digital Library

[6]

J. Han, J. Pei, and Y. Yin. Mining frequent patterns without candidate generation. In Proceedings of SIGMOD, pages 1--12, May 2000.

Digital Library

[7]

C. Hsu and C. Lin. A comparison of methods for multiclass support vector machines. IEEE Trans. Neural Networks, 13:415--425, 2002.

Digital Library

[8]

J. Kephart and W. Arnold. Automatic extraction of computer virus signatures. In Proceedings of 4th Virus Bulletin International Conference, pages 178--184, 1994.

[9]

J. Kolter and M. Maloof. Learning to detect malicious executables in the wild. In Proceedings of KDD'04, 2004.

Digital Library

[10]

B. Liu, W. Hsu, and Y. Ma. Integrating classification and association rule mining. In Proceedings of KDD'98, 1998.

[11]

H. Peng, F. Long, and C. Ding. Feature selection based on mutual information: Criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans. Pattern Analysis and Machine Intelligence, 27, 2005.

Digital Library

[12]

J. Rabek, R. Khazan, S. Lewandowski, and R. Cunningham. Detection of injected, dynamically generated, and obfuscated malicious code. In Proceedings of the 2003 ACM workshop on Rapid malcode, pages 76--82, 2003.

Digital Library

[13]

M. Schultz, E. Eskin, and E. Zadok. Data mining methods for detection of new malicious executables. In Proceedings of IEEE International Conference on Data Mining, 2001.

[14]

Y. Shen, Q. Yang, and Z. Zhang. Objective-oriented utility-based association mining. In Proceedings of IEEE International Conference on Data Mining, 2002.

Digital Library

[15]

A. Sung, J. Xu, P. Chavez, and S. Mukkamala. Static analyzer of vicious executables (save). In Proceedings of the 20th Annual Computer Security Applications Conference, 2004.

Digital Library

[16]

J. Swets and R. Pickett. Evaluation of diagnostic system: Methods from signal detection theory. Acdemic Press, 1982.

[17]

P. Tan, M. Steinbach, and V. Kumar. Introduction to data mining. Addison Wesley, 2005.

Digital Library

[18]

J. Wang, P. Deng, Y. Fan, L. Jaw, and Y. Liu. Virus detection using data mining techniques. In Proceedings of IEEE International Conference on Data Mining, 2003.

[19]

H. Witten and E. Frank. Data mining: Practical machine learning tools with Java implementations. Morgan Kaufmann, 2005.

Digital Library

[20]

J. Xu, A. Sung, P. Chavez, and S. Mukkamala. Polymorphic malicous executable sanner by api sequence analysis. In Proceedings of the International Conference on Hybrid Intelligent Systems, 2004.

Digital Library

Cited By

Karthick Kumar MSivakumar N(2024)URL Phishing attack Detection using Machine Learning Algorithms2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.010.1109/OTCON60325.2024.10687804(1-8)Online publication date: 5-Jun-2024
https://doi.org/10.1109/OTCON60325.2024.10687804
Kale GBostancı GÇelebi F(2024)Evolutionary feature selection for machine learning based malware classificationEngineering Science and Technology, an International Journal10.1016/j.jestch.2024.10176256(101762)Online publication date: Aug-2024
https://doi.org/10.1016/j.jestch.2024.101762
Wang MZhang YWen W(2024)Improved capsule networks based on Nash equilibrium for malicious code classificationComputers and Security10.1016/j.cose.2023.103503136:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103503
Show More Cited By

Index Terms

IMDS: intelligent malware detection system
1. Computing methodologies
  1. Machine learning

Recommendations

File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for Enhancements
With the growing sophistication of malware, the need to devise improved malware detection schemes is crucial. The packing of executable files, which is one of the most common techniques for code protection, has been repurposed for code obfuscation by ...
Improving file-level fuzzy hashes for malware variant classification
Abstract
Malware analysts need to be able to accurately and swiftly predict family membership as well as to determine that a suspect file contains malicious content. Previous research has shown that fuzzy hashing can be used to determine ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

KDD '07: Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining

August 2007

1080 pages

ISBN:9781595936097

DOI:10.1145/1281192

General Chair:
Pavel Berkhin
Yahoo!, USA
,
Program Chairs:
Rich Caruana
Cornell University, USA
,
Xindong Wu
University of Vermont, USA

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 August 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

KDD07

Sponsor:

KDD07: The 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

August 12 - 15, 2007

California, San Jose, USA

Acceptance Rates

KDD '07 Paper Acceptance Rate 111 of 573 submissions, 19%;

Overall Acceptance Rate 1,133 of 8,635 submissions, 13%

Upcoming Conference

KDD '25

Sponsor:
sigkdd
sigkdd

The 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 3 - 7, 2025

Toronto , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

144
Total Citations
View Citations
2,819
Total Downloads

Downloads (Last 12 months)75
Downloads (Last 6 weeks)6

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Karthick Kumar MSivakumar N(2024)URL Phishing attack Detection using Machine Learning Algorithms2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.010.1109/OTCON60325.2024.10687804(1-8)Online publication date: 5-Jun-2024
https://doi.org/10.1109/OTCON60325.2024.10687804
Kale GBostancı GÇelebi F(2024)Evolutionary feature selection for machine learning based malware classificationEngineering Science and Technology, an International Journal10.1016/j.jestch.2024.10176256(101762)Online publication date: Aug-2024
https://doi.org/10.1016/j.jestch.2024.101762
Wang MZhang YWen W(2024)Improved capsule networks based on Nash equilibrium for malicious code classificationComputers and Security10.1016/j.cose.2023.103503136:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103503
Agzayal YBouhorma M(2024)AI-Driven Cyber Risk Management FrameworkInnovations in Smart Cities Applications Volume 710.1007/978-3-031-53824-7_51(571-584)Online publication date: 20-Feb-2024
https://doi.org/10.1007/978-3-031-53824-7_51
Diao LXu H(2024)Collaboration of Intelligent Systems to Improve Information SecurityMultimedia Technology and Enhanced Learning10.1007/978-3-031-50580-5_6(64-75)Online publication date: 21-Feb-2024
https://doi.org/10.1007/978-3-031-50580-5_6
P. S. L. Sravani K. Ramya K. Rajani K. Vani Varshini B. Sai Manoj Kumar (2023)Using MLT to Anticipate for Thyroid SicknessInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-9428(353-361)Online publication date: 25-Apr-2023
https://doi.org/10.48175/IJARSCT-9428
Aslan Ö(2023)Separating Malicious from Benign Software Using Deep Learning AlgorithmElectronics10.3390/electronics1208186112:8(1861)Online publication date: 14-Apr-2023
https://doi.org/10.3390/electronics12081861
Brezinski KFerens K(2023)Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation KitsSecurity and Communication Networks10.1155/2023/82277512023(1-41)Online publication date: 2-Sep-2023
https://doi.org/10.1155/2023/8227751
Sharif MAliMohammed MHassan SSharif M(2023)Comparative Study of Prognosis of Malware with PE Headers Based Machine Leaning Techniques2023 International Conference on Smart Computing and Application (ICSCA)10.1109/ICSCA57840.2023.10087532(1-6)Online publication date: 5-Feb-2023
https://doi.org/10.1109/ICSCA57840.2023.10087532
Garg UDutta SGupta ARawat SGupta AGupta N(2023)An Efficient and Resilient Technique for Malware Detection2023 International Conference on the Confluence of Advancements in Robotics, Vision and Interdisciplinary Technology Management (IC-RVITM)10.1109/IC-RVITM60032.2023.10435092(1-7)Online publication date: 28-Nov-2023
https://doi.org/10.1109/IC-RVITM60032.2023.10435092
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten