2011 CombiningFileContentandFileRela
- (Ye et al., 2011) ⇒ Yanfang Ye, Tao Li, Shenghuo Zhu, Weiwei Zhuang, Egemen Tas, Umesh Gupta, and Melih Abdulhayoglu. (2011). “Combining File Content and File Relations for Cloud based Malware Detection.” In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-2011) Journal. ISBN:978-1-4503-0813-7 doi:10.1145/2020408.2020448
Subject Headings:
Notes
Cited By
- http://scholar.google.com/scholar?q=%222011%22+Combining+File+Content+and+File+Relations+for+Cloud+based+Malware+Detection
- http://dl.acm.org/citation.cfm?id=2020408.2020448&preflayout=flat#citedby
Quotes
Author Keywords
- Algorithms; cloud based malware detection; concept learning; experimentation; file content; file relation; invasive software; security; semi-parametric model for learning from graph
Abstract
Due to their damages to Internet security, malware (such as virus, worms, trojans, spyware, backdoors, and rootkits) detection has caught the attention not only of anti-malware industry but also of researchers for decades. Resting on the analysis of file contents extracted from the file samples, like Application Programming Interface (API) calls, instruction sequences, and binary strings, data mining methods such as Naive Bayes and Support Vector Machines have been used for malware detection. However, besides file contents, relations among file samples, such as a “Downloader” is always associated with many Trojans, can provide invaluable information about the properties of file samples. In this paper, we study how file relations can be used to improve malware detection results and develop a file verdict system (named “Valkyrie") building on a semi-parametric classifier model to combine file content and file relations together for malware detection. To the best of our knowledge, this is the first work of using both file content and file relations for malware detection. A comprehensive experimental study on a large collection of PE files obtained from the clients of anti-malware products of Comodo Security Solutions Incorporation is performed to compare various malware detection approaches. Promising experimental results demonstrate that the accuracy and efficiency of our Valkyrie system outperform other popular anti-malware software tools such as Kaspersky AntiVirus and McAfee VirusScan, as well as other alternative data mining based detection systems.
References
;
| Author | volume | Date Value | title | type | journal | titleUrl | doi | note | year | |
|---|---|---|---|---|---|---|---|---|---|---|
| 2011 CombiningFileContentandFileRela | Shenghuo Zhu Yanfang Ye Tao Li Weiwei Zhuang Egemen Tas Umesh Gupta Melih Abdulhayoglu | Combining File Content and File Relations for Cloud based Malware Detection | 10.1145/2020408.2020448 | 2011 |