{"title":"基于关联挖掘的字节N-Gram恶意软件检测","authors":"Bowei Li, Yongzheng Zhang, Junliang Yao, Tao Yin","doi":"10.1109/ICT.2019.8798828","DOIUrl":null,"url":null,"abstract":"Malware has always threatened the security of networks and computer systems. The traditional methods for malware detection are signature-based with manually designed rules. Some recent methods involving static or dynamic analysis require professional tools to extract features, while feature engineering is time-consuming and labor-intensive. In this paper, we propose MDBA, the Malware Detection based on Association mining method. Our approach only takes bytes n-grams from PE binaries as features, which can be easily obtained. By mining the n-gram features, we can produce association rules that satisfy the minimum support and the minimum confidence constraints. Based on the association rules, a classifier is built to detect whether a PE executable is malicious or not. To demonstrate the capability of our MDBA approach, we organize a large dataset with more than 10,000 PE files and conduct series of experiments on the dataset. The results show that our approach not only achieves high performance of malware detection, but also is capable of discovering malware of unknown types.","PeriodicalId":127412,"journal":{"name":"2019 26th International Conference on Telecommunications (ICT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"MDBA: Detecting Malware based on Bytes N-Gram with Association Mining\",\"authors\":\"Bowei Li, Yongzheng Zhang, Junliang Yao, Tao Yin\",\"doi\":\"10.1109/ICT.2019.8798828\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware has always threatened the security of networks and computer systems. The traditional methods for malware detection are signature-based with manually designed rules. Some recent methods involving static or dynamic analysis require professional tools to extract features, while feature engineering is time-consuming and labor-intensive. In this paper, we propose MDBA, the Malware Detection based on Association mining method. Our approach only takes bytes n-grams from PE binaries as features, which can be easily obtained. By mining the n-gram features, we can produce association rules that satisfy the minimum support and the minimum confidence constraints. Based on the association rules, a classifier is built to detect whether a PE executable is malicious or not. To demonstrate the capability of our MDBA approach, we organize a large dataset with more than 10,000 PE files and conduct series of experiments on the dataset. The results show that our approach not only achieves high performance of malware detection, but also is capable of discovering malware of unknown types.\",\"PeriodicalId\":127412,\"journal\":{\"name\":\"2019 26th International Conference on Telecommunications (ICT)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-04-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 26th International Conference on Telecommunications (ICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICT.2019.8798828\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 26th International Conference on Telecommunications (ICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICT.2019.8798828","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
MDBA: Detecting Malware based on Bytes N-Gram with Association Mining
Malware has always threatened the security of networks and computer systems. The traditional methods for malware detection are signature-based with manually designed rules. Some recent methods involving static or dynamic analysis require professional tools to extract features, while feature engineering is time-consuming and labor-intensive. In this paper, we propose MDBA, the Malware Detection based on Association mining method. Our approach only takes bytes n-grams from PE binaries as features, which can be easily obtained. By mining the n-gram features, we can produce association rules that satisfy the minimum support and the minimum confidence constraints. Based on the association rules, a classifier is built to detect whether a PE executable is malicious or not. To demonstrate the capability of our MDBA approach, we organize a large dataset with more than 10,000 PE files and conduct series of experiments on the dataset. The results show that our approach not only achieves high performance of malware detection, but also is capable of discovering malware of unknown types.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
