论文信息 - Towards establishing a unknown virus detection technique using SOM

Towards establishing a unknown virus detection technique using SOM

A non-signature-based virus detection approach using Self-Organizing Maps (SOMs) is pre- sented in this paper. Unlike classical virus detection techniques using virus signatures, this SOM-based ap- proach can detect virus-infected files without any prior knowledge of virus signatures. Exploiting the fact that virus code is inserted into a complete file which was built using a certain compiler, an untrained SOM can be trained in one go with a single virus-infected file and will then present an area of high density data, iden- tifying the virus code through SOM projection. The virus detection approach presented in this paper has been tested on 790 different virus-infected files, includ- ingpolymorphicandencryptedviruses.Itdetectsviruses without any prior knowledge - e.g. without knowledge of virus signatures or similar features - and is there- fore assumed to be highly applicable to the detection of new, unknown viruses. This non-signature-based virus detection approach was capable of detecting 84% of the virus-infected files in the sample set which included, as already mentioned, polymorphic and encrypted viruses. The false positive rate was 30%. The combination of the classicalvirusdetectiontechniqueforknownvirusesand thisSOM-basedtechniqueforunknownvirusescanhelp systems be even more secure.

Ulrich Ultes-Nitsche | In Seon Yoo

[1] Simon Haykin,et al. Neural Networks: A Comprehensive Foundation , 1998 .

[2] Ulrich Ultes-Nitsche,et al. How to predict e-mail viruses under uncertainty , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[3] Teuvo Kohonen,et al. Self-Organizing Maps , 2010 .

[4] T. Kohonen. Self-Organized Formation of Correct Feature Maps , 1982 .

[5] Ulrich Ultes-Nitsche,et al. How to Predict Email Viruses Under Uncertainty , 2004 .

[6] InSeon Yoo,et al. Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[7] Teuvo Kohonen,et al. Self-organized formation of topologically correct feature maps , 2004, Biological Cybernetics.

[8] Charles P. Pfleeger,et al. Security in computing , 1988 .

[9] Geoffrey E. Hinton,et al. Unsupervised learning : foundations of neural computation , 1999 .

[10] Teuvo Kohonen,et al. Self-Organization and Associative Memory , 1988 .