Title :
Behavior-based malicious executables detection by multi-class SVM
Author :
Zou, Meng-song ; Han, Lan-sheng ; Liu, Qi-wen ; Liu, Ming
Author_Institution :
Lab. for Inf. Security, Huazhong Univ. of Sci.&Technol., Wuhan, China
Abstract :
As more polymorphic malicious codes coming into being, traditional anti-virus methods can not satisfy the current need. In order to achieve some specific functions, malicious codes must have some behaviors which are different from that of the normal programs. Focus on the difference between normal programs and the malicious codes the paper applies support vector machine (SVM) and creates a space of virus API feature vector and a hyper-plane to divide the API space into two parts: malicious codes and normal program. Moreover, behaviors of different kinds of malicious codes are collected and 1-v-1 multi-class SVM is introduced to detect those behaviors. Furthermore the paper constructs the application structure and selects large amount of test executable samples. Through statistics, analysis and calculation on those samples, the results verify our method.
Keywords :
application program interfaces; computer viruses; statistical analysis; support vector machines; API space; antivirus method; behavior-based malicious executables detection; multiclass SVM; normal program; polymorphic malicious code; statistics; support vector machine; virus API feature vector; Computer science; Data mining; Feature extraction; Information security; Laboratories; Statistical analysis; Statistics; Support vector machine classification; Support vector machines; Testing; Behavior-based detection; Feature extraction; Malicious executable; Multi-class SVM;
Conference_Titel :
Information, Computing and Telecommunication, 2009. YC-ICT '09. IEEE Youth Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-5074-9
Electronic_ISBN :
978-1-4244-5076-3
DOI :
10.1109/YCICT.2009.5382354
