A chronological evaluation of unknown malcode detection

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

14 Scopus citations

Abstract

Signature-based anti-viruses are very accurate, but are limited in detecting new malicious code. Dozens of new malicious codes are created every day, and the rate is expected to increase in coming years. To extend the generalization to detect unknown malicious code, heuristic methods are used; however, these are not successful enough. Recently, classification algorithms were used successfully for the detection of unknown malicious code. In this paper we describe the methodology of detection of malicious code based on static analysis and a chronological evaluation, in which a classifier is trained on files till year k and tested on the following years. The evaluation was performed in two setups, in which the percentage of the malicious files in the training set was 50% and 16%. Using 16% malicious files in the training set for some classifiers showed a trend, in which the performance improves as the training set is more updated.

Original languageEnglish
Title of host publicationIntelligence and Security Informatics - Pacific Asia Workshop, PAISI 2009, Proceedings
Pages112-117
Number of pages6
DOIs
StatePublished - 13 Jul 2009
EventPacific Asia Workshop on Intelligence and Security Informatics, PAISI 2009 - Bangkok, Thailand
Duration: 27 Apr 200927 Apr 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5477
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferencePacific Asia Workshop on Intelligence and Security Informatics, PAISI 2009
Country/TerritoryThailand
CityBangkok
Period27/04/0927/04/09

Keywords

  • Classification
  • Unknown malicious file detection

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'A chronological evaluation of unknown malcode detection'. Together they form a unique fingerprint.

Cite this