Malware detection based on objective-oriented association mining

Signature matching methods are inadequate to detect unseen malwares. In this paper an API (Application Programming Interface) based data mining method is proposed to detect unseen malwares. The data mining algorithm, objective-oriented associate mining (OOA), is employed to mine association rules for detecting malwares. To find association rules with strong discrimination power, an improved algorithm for frequent item generation is presented. In this algorithm a frequent item is evaluated by its support and its classification capability. The experiments prove that the proposed methods are effective and can be used to detect malware variants and unknown malicious executable.

[1]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[2]  Zhou Di,et al.  Feature representation and selection in malicious code detection methods based on static system calls , 2011 .

[3]  Jiawei Han,et al.  Discriminative Frequent Pattern Analysis for Effective Classification , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[4]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  Jiawei Han,et al.  Data Mining: Concepts and Techniques, Second Edition , 2006, The Morgan Kaufmann series in data management systems.

[6]  Shaomin Mu,et al.  High-order Markov kernels for intrusion detection , 2008, Neurocomputing.

[7]  Qiang Yang,et al.  Objective-oriented utility-based association mining , 2002, 2002 IEEE International Conference on Data Mining, 2002. Proceedings..

[8]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[9]  Tao Li,et al.  An intelligent PE-malware detection system based on association mining , 2008, Journal in Computer Virology.

[10]  Wynne Hsu,et al.  Integrating Classification and Association Rule Mining , 1998, KDD.

[11]  Andrew H. Sung,et al.  Static analyzer of vicious executables (SAVE) , 2004, 20th Annual Computer Security Applications Conference.

[12]  Yuxin Ding,et al.  Host-based intrusion detection using dynamic and static behavioral models , 2003, Pattern Recognit..

[13]  Jules Desharnais,et al.  Static Detection of Malicious Code in Executable Programs , 2000 .