Title :
Malicious code forensics based on data mining
Author :
Xiaohua Li ; Xiaomei Dong ; Yulong Wang
Author_Institution :
Sch. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China
Abstract :
According to the characteristics of electronic evidence generated by malicious codes, a weighted FP-Growth frequent pattern mining algorithm was proposed for malicious code forensics. Different API call sequences were assigned different weights according to their threaten degree to obtain frequent patterns of serious malicious codes and more accurate analysis results. Based on the weighted FP-Growth algorithm, an analysis and forensics method for malicious codes was proposed. By monitoring the malicious code processes, registry, file recording and port number to record its behavior, electronic evidence of malicious codes was obtained and analyzed to generate the forensics report. Compared with the original FP-Growth algorithm, the weighted algorithm can obtain higher accuracy when used for evidence analysis. Specific examples also verified the feasibility of the method and the effect of the host.
Keywords :
data mining; digital forensics; API call sequences; data mining; electronic evidence; evidence analysis; file recording; malicious code forensics; malicious codes; port number; weighted FP-growth frequent pattern mining algorithm; Algorithm design and analysis; Data mining; Forensics; Malware; Monitoring; Ports (Computers); Software; API call sequence; computer forensics; data mining; malicious code; weighted FP-Growth algorithm;
Conference_Titel :
Fuzzy Systems and Knowledge Discovery (FSKD), 2013 10th International Conference on
Conference_Location :
Shenyang
DOI :
10.1109/FSKD.2013.6816337
