论文信息 - A Feature Representation and Extraction Method for Malicious Code Detection Based on LZW Compression Algorithm

A Feature Representation and Extraction Method for Malicious Code Detection Based on LZW Compression Algorithm

Differing in traditional methods which extracted too much features or filtered valuable items, we proposed a feature representation and extraction method based on LZW compression algorithm to detect malicious codes. The compression algorithm not only reduces the number of features, but also is enough to cover malicious codes. In this paper, we described the process of our feature extraction in detail, including 0-data processing, fix-length coding and threshold setting. The experimental results show that our method outperforms other methods based on Bayes and SVM in DR and AR.

[1] Liu Jing. Unknown Malicious Codes Detection Based on LZW Compression Algorithm , 2012 .

[2] Salvatore J. Stolfo,et al. Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3] Marcus A. Maloof,et al. Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[4] Wang Fang-xiu. An improved algorithm based on LZW code , 2009 .

[5] Marcus A. Maloof,et al. Learning to detect malicious executables in the wild , 2004, KDD.

[6] Arun K. Pujari,et al. New Malicious Code Detection Using Variable Length n-grams , 2006, ICISS.

[7] Jianping Yin,et al. Intelligent Detection Computer Viruses Based on Multiple Classifiers , 2007, UIC.