TY - GEN
T1 - A chronological evaluation of unknown malcode detection
AU - Moskovitch, Robert
AU - Feher, Clint
AU - Elovici, Yuval
PY - 2009/7/13
Y1 - 2009/7/13
N2 - Signature-based anti-viruses are very accurate, but are limited in detecting new malicious code. Dozens of new malicious codes are created every day, and the rate is expected to increase in coming years. To extend the generalization to detect unknown malicious code, heuristic methods are used; however, these are not successful enough. Recently, classification algorithms were used successfully for the detection of unknown malicious code. In this paper we describe the methodology of detection of malicious code based on static analysis and a chronological evaluation, in which a classifier is trained on files till year k and tested on the following years. The evaluation was performed in two setups, in which the percentage of the malicious files in the training set was 50% and 16%. Using 16% malicious files in the training set for some classifiers showed a trend, in which the performance improves as the training set is more updated.
AB - Signature-based anti-viruses are very accurate, but are limited in detecting new malicious code. Dozens of new malicious codes are created every day, and the rate is expected to increase in coming years. To extend the generalization to detect unknown malicious code, heuristic methods are used; however, these are not successful enough. Recently, classification algorithms were used successfully for the detection of unknown malicious code. In this paper we describe the methodology of detection of malicious code based on static analysis and a chronological evaluation, in which a classifier is trained on files till year k and tested on the following years. The evaluation was performed in two setups, in which the percentage of the malicious files in the training set was 50% and 16%. Using 16% malicious files in the training set for some classifiers showed a trend, in which the performance improves as the training set is more updated.
KW - Classification
KW - Unknown malicious file detection
UR - http://www.scopus.com/inward/record.url?scp=67649964792&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-01393-5_12
DO - 10.1007/978-3-642-01393-5_12
M3 - Conference contribution
AN - SCOPUS:67649964792
SN - 9783642013928
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 112
EP - 117
BT - Intelligence and Security Informatics - Pacific Asia Workshop, PAISI 2009, Proceedings
T2 - Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2009
Y2 - 27 April 2009 through 27 April 2009
ER -