Title :
New Malicious Code Detection Based on N-gram Analysis and Rough Set Theory
Author :
Boyun Zhang ; Jianping Yin ; Jingbo Hao ; Shulin Wang ; Dingxing Zhang ; WenSheng Tang
Author_Institution :
Sch. of Comput. Sci., National Univ. of Defense Technol., Changsha
Abstract :
Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the N-gram analysis. The method is based on statistical learning and not strictly dependent on certain viruses. We propose the use of rough set theory (RST) to reduce the feature dimension. An efficient implementation to calculate relative core, based on positive region definition is presented also. The k nearest neighbor (KNN) and support vector machine (SVM) classifiers are used to categorize a program as either normal or abnormal. The experimental results are promising and show that the proposed scheme results in low rate of false positive
Keywords :
computer viruses; pattern classification; rough set theory; statistical analysis; support vector machines; N-gram analysis; k nearest neighbor; malicious code detection; rough set theory; statistical learning; support vector machine classifier; Computer science; Computer security; Data mining; Entropy; Feature extraction; Machine learning; Set theory; Support vector machine classification; Support vector machines; Viruses (medical);
Conference_Titel :
Computational Intelligence and Security, 2006 International Conference on
Conference_Location :
Guangzhou
Print_ISBN :
1-4244-0605-6
Electronic_ISBN :
1-4244-0605-6
DOI :
10.1109/ICCIAS.2006.295252
