An experimental comparative study on three classification algorithms on unknown malicious code identification

Dynamic behavior analysis is the direction of unknown malicious code identification. Taking API function called by malicious code as the research object during the peiriod of it being implanted and running, applying three classification algorithms: Decision Tree C4.5, NaiveBayes and Minmum Distance Classification to the identification of unknown malicous code, this paper compare and analyse their performances. The experients result show that, according to practical identification demand, choosing different identification algorithm will have a great effect on identification of unknown malicious code.

[1]  L. Lei,et al.  A Detection of Malicious Code Based on Minimum Distance Classifier , 2009 .

[2]  Obfuscated Malicious Executable Scanner , 2007, J. Res. Pract. Inf. Technol..

[3]  Diomidis Spinellis,et al.  Reliable identification of bounded-length viruses is NP-complete , 2003, IEEE Trans. Inf. Theory.

[4]  Liang Chen,et al.  Unknown Malicious Executables Detection Based on Run-Time Behavior , 2008, 2008 Fifth International Conference on Fuzzy Systems and Knowledge Discovery.

[5]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .