A malicious code detection method based on statistical analysis

Author

Yunlong Wu ; Chen, Chen ; Huiquan Wang ; Jie Zhou ; Xinhai Xu

Author_Institution

Nat. Lab. for Parallel & Distrib. Process., Nat. Univ. of Defense Technol., Changsha, China

fYear

2012

fDate

29-31 May 2012

Firstpage

1452

Lastpage

1455

Abstract

The malicious code detection based on behaviors has proved effective. But there are high false positives and high false negatives when using this method. Because the behaviors are always out-of-order and redundant. To solve these problems, this paper proposes a detection method based on statistical analysis. Firstly, this method uses association rules to sort out the behaviors, and then we can get the integrated and accurate behavior sequences. Secondly, by using the association algorithm we can pick up the signatures of behavior sequences. In addition, this method can detect the signatures to judge the threat based on statistical analysis. Experimental results indicate that it can reduce both the false positives and the false negatives effectively.

Keywords

data mining; security of data; statistical analysis; association algorithm; association rules; behavior sequence signatures; false negatives; false positives; malicious code detection method; out-of-order behavior; redundant behavior; statistical analysis; Algorithm design and analysis; Association rules; Educational institutions; Equations; Estimation; Mathematical model; Statistical analysis; association rules; linear regression; malicious code; statistical analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Fuzzy Systems and Knowledge Discovery (FSKD), 2012 9th International Conference on

Conference_Location

Sichuan

Print_ISBN

978-1-4673-0025-4

Type

conf

DOI

10.1109/FSKD.2012.6233812

Filename

6233812