Unknown malcode detection - A chronological evaluation

Research output: Contribution to conferencePaperpeer-review

10 Scopus citations


Signature-based anti-viruses are very accurate, but are limited in detecting new malicious code. Dozens of new malicious codes are created every day, and the rate is expected to increase in coming years. To extend the generalization to detect unknown malicious code, heuristic methods are used; however, these are not successful enough. Recently, classification algorithms were used successfully for the detection of unknown malicious code. We earlier investigated the optimized conditions in which highest-level accuracy is achieved, in terms of the percentage of malicious files. In this paper we describe the methodology of detection of malicious code based on static analysis and a chronological evaluation, in which a classifier is trained on flies till year k and tested on the following years. The evaluation was performed in two setups, in which the percentage of the malicious flies in the training set was 50% or 16%. Using 16% malicious files in the training set showed a clear trend, in which the performance improves as the training set is more updated.

Original languageEnglish
Number of pages2
StatePublished - 22 Sep 2008
EventIEEE International Conference on Intelligence and Security Informatics, 2008, IEEE ISI 2008 - Taipei, Taiwan, Province of China
Duration: 17 Jun 200820 Jun 2008


ConferenceIEEE International Conference on Intelligence and Security Informatics, 2008, IEEE ISI 2008
Country/TerritoryTaiwan, Province of China


  • Classification algorithms
  • Malicious code detection

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems


Dive into the research topics of 'Unknown malcode detection - A chronological evaluation'. Together they form a unique fingerprint.

Cite this