Application of PrefixSpan* Algorithm in Malware Detection Expert System

Author

Wang, Lina ; Tan, Xiaobin ; Pan, Jianfeng ; Xi, Hongsheng

Author_Institution

Dept. of Autom., Univ. of Sci. & Technol. of China, Hefei

Volume

3

fYear

2009

fDate

7-8 March 2009

Firstpage

448

Lastpage

452

Abstract

Malware detection is an important application of data mining. Most of the previously developed sequential pattern mining methods are Apriori-like, which still encounters problems when a sequence database is large and/or when sequential patterns to be mined are numerous and/or long. So we need a novel sequential pattern mining method, called PrefixSpan*, which uses brief projection database in stead of projection database in PrefixSpan. In this paper, we propose a behavior-based detection system, which combines data mining and expert system technique to detect malware in our hosts. The PrefixSpan* algorithm mines association rules in the malware behavior sequence database to form malware behavior pattern database; the expert system matches facts and rules and gives the final result. To verify the correctness and effectiveness of our algorithm, we test and analyze some samples in the experiment section.

Keywords

data mining; invasive software; PrefixSpan* algorithm; association rules; behavior-based detection system; data mining; malware behavior pattern database; malware behavior sequence database; malware detection expert system; projection database; sequential pattern mining; Algorithm design and analysis; Application software; Association rules; Data mining; Databases; Detectors; Educational technology; Event detection; Expert systems; Pattern matching; PrefixSpan* Algorithm; Projected database; malware detection; sequential Pattern Mining;

fLanguage

English

Publisher

ieee

Conference_Titel

Education Technology and Computer Science, 2009. ETCS '09. First International Workshop on

Conference_Location

Wuhan, Hubei

Print_ISBN

978-1-4244-3581-4

Type

conf

DOI

10.1109/ETCS.2009.629

Filename

4959350