An incremental associative classification algorithm used for malware detection

Associative classification(AC) is a promising approach used for auto malware detection. However, when data operation occurs (training data added over time), traditional AC algorithms have to re-learn repetitive which is expensive or even become invalidly because of massive data and limited computing resource. To resolve the challenges above, an efficient incremental associative classification algorithm (EIAC) is proposed which can keep the last mining results and learn from the new data set. First, EIAC learns new potential rule items from the new data set; and then updates the frequent count of original and potential rule items by constructing and searching two trees based on FP-Tree respectively; at last, updates the classification association rules with the frequent information of updated rule items. The promising studies on real daily data collection and prediction illustrate that: compared with the traditional AC and other classification methods, EIAC can maintain the classification association rules effectively and ensure a higher predictability of the classification model. So it can be well used for malware detection.