Design and Implementation of a Data Mining System for Malware Detection

This paper describes the design and implementation of a data mining system called SNODMAL Stream based novel class detection for malware for malware detection. SNODMAL extends our data mining system called SNOD Stream-based Novel Class Detection for detecting malware. SNOD is a powerful system as it can detect novel classes. We also describe the design of SNODMAL++ which is an extended version of SNODMAL.

[1]  Somesh Jha,et al.  Mining specifications of malicious behavior , 2008, ISEC '08.

[2]  André Carlos Ponce de Leon Ferreira de Carvalho,et al.  OLINDDA: a cluster-based approach for detecting novelty and concept drift in data streams , 2007, SAC '07.

[3]  Lawrence B. Holder,et al.  Discovering Anomalies to Multiple Normative Patterns in Structural and Numeric Data , 2009, FLAIRS.

[4]  Bhavani M. Thuraisingham,et al.  A scalable multi-level feature extraction technique to detect malicious executables , 2007, Inf. Syst. Frontiers.

[5]  Bhavani M. Thuraisingham,et al.  Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints , 2011, IEEE Transactions on Knowledge and Data Engineering.

[6]  Latifur Khan,et al.  Learning-based geospatial schema matching guided by external knowledge , 2011 .

[7]  Bhavani M. Thuraisingham,et al.  Classification and Novel Class Detection of Data Streams in a Dynamic Feature Space , 2010, ECML/PKDD.

[8]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[9]  Ming-Yang Kao,et al.  Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  Marcus A. Maloof,et al.  Using additive expert ensembles to cope with concept drift , 2005, ICML.

[12]  Bhavani M. Thuraisingham,et al.  Exploiting an antivirus interface , 2009, Comput. Stand. Interfaces.

[13]  Marcus A. Maloof,et al.  Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[14]  Bhavani M. Thuraisingham,et al.  Semantic Schema Matching without Shared Instances , 2009, 2009 IEEE International Conference on Semantic Computing.

[15]  Charu C. Aggarwal,et al.  Detecting Recurring and Novel Classes in Concept-Drifting Data Streams , 2011, 2011 IEEE 11th International Conference on Data Mining.

[16]  Philip S. Yu,et al.  Mining concept-drifting data streams using ensemble classifiers , 2003, KDD '03.

[17]  Charu C. Aggarwal,et al.  Addressing Concept-Evolution in Concept-Drifting Data Streams , 2010, 2010 IEEE International Conference on Data Mining.

[18]  Xindong Wu,et al.  Combining proactive and reactive predictions for data streams , 2005, KDD '05.