Using RS and SVM to Detect New Malicious Executable Codes
نویسندگان
چکیده
A hybrid algorithm based on attribute reduction of Rough Sets(RS) and classification principles of Support Vector Machine (SVM) to detect new malicious executable codes is present. Firstly, the attribute reduction of RS has been applied as preprocessor so that we can delete redundant attributes and conflicting objects from decision making table but remain efficient information lossless. Then, we realize classification modeling and forecasting test based on SVM. By this method, we can reduce the dimension of data, decrease the complexity in the process. Finally, comparison of detection ability between the above detection method and others is given. Experiment result shows that the present method could effectively use to discriminate normal and abnormal executable codes.
منابع مشابه
Adaboost and SVM based cybercrime detection and prevention model
This paper aims to propose cybercrime detection and prevention model by using Support Vector Machine (SVM) and AdaBoost algorithm in order to reduce data damaging due to running of malicious codes. The performance of this model will be evaluated on a Facebook dataset, which includes benign executable and malicious codes. The main objective of this paper is to find the effectiveness of different...
متن کاملAnalyzing new features of infected web content in detection of malicious web pages
Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...
متن کاملReverse Engineering for Malicious Code Behavior Analysis using Virtual Security Patching
Computer hardware and Internet is growing so fast today, security threats of malicious executable code are getting more serious. Basically, malicious executable codes are categorized into three kinds – virus, Spam, Trojan horse, and worm. Current anti-virus products cannot detect all the malicious codes, especially for those unseen, polymorphism malicious
متن کاملDetecting a malicious executable without prior knowledge of its patterns
To detect malicious executables, often spread as email attachments, two types of algorithms are usually applied under instance-based statistical learning paradigms: 1) Signature-based template matching, which finds unique tell-tale characteristics of a malicious executable and thus is capable of matching those with known signatures; 2) Two-class supervised learning, which determines a set of fe...
متن کاملStudy of Dataset Feature Filtering of OpCode for Malware Detection Using SVM Training Phase
Malware can be defined as any type of malicious code that has the potential to harm a computer or network. To detect unknown malware families, the frequency of the appearance of Opcode (Operation Code) sequences are used through dynamic analysis. Opcode n-gram analysis used to extract features from the inspected files. Opcode n-grams are used as features during the classification process with t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006