|
Trudy SPIIRAN, 2013, Issue 26, Pages 115–125
(Mi trspy607)
|
|
|
|
Detecting and identifying malicious executable binaries with Data Mining methods
D. V. Komashinskiy St. Petersburg Institute for Informatics and Automation of RAS
Abstract:
The paper touches on the problem of improving vital characteristics of Data Mining - based systems responsible for detecting and identifying malicious executable binaries (malware). The common structure of learning and operating procedures for such systems is defined. The main non-functional requirements to the systems are specified on this structure's basis. The research's task is formulated as a look for a new, efficient representatin models for executable binaries. The models are to give compact, informative description vectors for such file objects. The essence of suggested approaches is expounded: the first one is focused on malware detection and based on positionally-dependent static data; the second uses dynamic low-level execution data for malware identification. The architecture of the developed system is represented as well as validation results for the developed representation models.
Keywords:
malicious software, executable binaries analysis, data mining.
Received: 26.03.2013
Citation:
D. V. Komashinskiy, “Detecting and identifying malicious executable binaries with Data Mining methods”, Tr. SPIIRAN, 26 (2013), 115–125
Linking options:
https://www.mathnet.ru/eng/trspy607 https://www.mathnet.ru/eng/trspy/v26/p115
|
Statistics & downloads: |
Abstract page: | 287 | Full-text PDF : | 143 | References: | 39 | First page: | 1 |
|