research-article

A survey of data mining techniques for malware detection using file features

Authors:

Muazzam Siddiqui,

Morgan C. Wang, and

Joohan LeeAuthors Info & Claims

ACM-SE 46: Proceedings of the 46th Annual Southeast Regional Conference on XX

March 2008

Pages 509 - 510

https://doi.org/10.1145/1593105.1593239

Published: 28 March 2008 Publication History

Abstract

This paper presents a survey of data mining techniques for malware detection using file features. The techniques are categorized based upon a three tier hierarchy that includes file features, analysis type and detection type. File features are the features extracted from binary programs, analysis type is either static or dynamic, and the detection type is borrowed from intrusion detection as either misuse or anomaly detection. It provides the reader with the major advancement in the malware research using data mining on file features and categorizes the surveyed work based upon the above stated hierarchy. This served as the major contribution of this paper.

References

[1]

T. Abou-Assaleh, N. Cercone, V. Keselj, and R. Sweidan. Detection of new malicious code using n-grams signatures. In Proceedings of Second Annual Conference on Privacy, Security and Trust, pages 193--196, 2004.

[2]

T. Abou-Assaleh, N. Cercone, V. Keselj, and R. Sweidan. N-gram-based detection of new malicious code. In Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - (COMPSAC'04) - Volume 02, pages 41--42, 2004.

Digital Library

[3]

W. Arnold and G. Tesauro. Automatically generated win32 heuristic virus detection. In Virus Bulletin Conference, pages 123--132, 2000.

[4]

J. O. K. Gerald J. Tesauro and G. B. Sorkin. Neural network for computer virus recognition. IEEE Expert, 11(4):5--6, 1996.

[5]

O. Henchiri and N. Japkowicz. A feature selection and evaluation scheme for computer virus detection. icdm, 0:891--895, 2006.

Digital Library

[6]

J. O. Kephart and B. Arnold. Automatic extraction of computer virus signatures. In Proceedings of the 4th Virus Bulletin Internation Conference, pages 178--184, 1994.

[7]

J. Z. Kolter and M. A. Maloof. Learning to detect malicious executables in the wild. In Proceedings of the 2004 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2004.

Digital Library

[8]

D. J. Malan and M. D. Smith. Host-based detection of worms through peer-to-peer cooperation. In WORM '05: Proceedings of the 2005 ACM workshop on Rapid malcode, pages 72--80. ACM, 2005.

Digital Library

[9]

A. L. Md. Enamul Karim, Andrew Walenstein and L. Parida. Malware phylogeny generation using permutations of code. Journal in Computer Virology, 1(1, 2):13--23, 2005.

[10]

L. K. Mohammad M. Masud and B. Thuraisingham. A scalable multi-level feature extraction technique to detect malicious executables. Information Systems Frontiers, 2007.

Digital Library

[11]

M. G. Schultz, E. Eskin, E. Zadok, M. Bhattacharyya, and S. J. Stolfo. MEF: Malicious email filter: A UNIX mail filter that detects malicious windows executables. pages 245--252, 2001.

[12]

M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo. Data mining methods for detection of new malicious executables. In Proceedings of the IEEE Symposium on Security and Privacy, pages 38--49, 2001.

Digital Library

[13]

M. Siddiqui, M. C. Wang, and J. Lee. Data mining methods for malware detection using instruction sequences. Accepted at IASTED AIA 2008, 2008.

Digital Library

[14]

A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala. Static analyzer of vicious executables. In 20th Annual Computer Security Applications Conference, pages 326--334, 2004.

Digital Library

[15]

M.-Y. S. C.-H. W. P.-C. W. Tzu-Yen Wang, Shi-Jinn Horng and W.-Z. Su. A surveillance spyware detection system based on data mining methods. In Evolutionary Computation, 2006. CEC 2006. IEEE Congress on, pages 3236-- 3241. IEEE, 2006.

[16]

M. Weber, M. Schmid, M. Schatz, and D. Geyer. A toolkit for detecting and analyzing malicious software. In Proceedings of the 18th Annual Computer Security Applications Conference, page 423, 2002.

Digital Library

[17]

Y. Ye, D. Wang, T. Li, and D. Ye. Imds: intelligent malware detection system. In KDD '07: Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1043--1047. ACM, 2007.

Digital Library

[18]

I. Yoo. Visualizing windows executable viruses using self-organizing maps. In Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 82--89, 2004.

Digital Library

[19]

I. Yoo and U. Ultes-Nitsche. Non-signature based virus detection: Towards establishing unknown virus detection technique using som. Journal in Computer Virology, 2(3):163--186, 2006.

Cited By

Aggarwal SDi Troia F(2024)Malware Classification Using Dynamically Extracted API Call EmbeddingsApplied Sciences10.3390/app1413573114:13(5731)Online publication date: 30-Jun-2024
https://doi.org/10.3390/app14135731
Chughtai MBibi IKarim SShah SLaghari AKhan A(2024)Deep learning trends and future perspectives of web security and vulnerabilitiesJournal of High Speed Networks10.3233/JHS-23003730:1(115-146)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-230037
Rahman MAhmed AKhan MMahin MKibria FKarim DKaykobad M(2023)CNN vs Transformer Variants: Malware Classification Using Binary Malware Images2023 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT)10.1109/COMNETSAT59769.2023.10420585(308-315)Online publication date: 23-Nov-2023
https://doi.org/10.1109/COMNETSAT59769.2023.10420585
Show More Cited By

Index Terms

A survey of data mining techniques for malware detection using file features

Recommendations

A Survey on Malware Detection Using Data Mining Techniques

In the Internet age, malware (such as viruses, trojans, ransomware, and bots) has posed serious and evolving security threats to Internet users. To protect legitimate users from these threats, anti-malware software products from different companies, ...
Read More
Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a ...
Read More
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACM-SE 46: Proceedings of the 46th Annual Southeast Regional Conference on XX

March 2008

548 pages

ISBN:9781605581057

DOI:10.1145/1593105

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM SE08

ACM SE08: ACM Southeast Regional Conference

March 28 - 29, 2008

Alabama, Auburn

Acceptance Rates

Overall Acceptance Rate 178 of 377 submissions, 47%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
2,190
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Aggarwal SDi Troia F(2024)Malware Classification Using Dynamically Extracted API Call EmbeddingsApplied Sciences10.3390/app1413573114:13(5731)Online publication date: 30-Jun-2024
https://doi.org/10.3390/app14135731
Chughtai MBibi IKarim SShah SLaghari AKhan A(2024)Deep learning trends and future perspectives of web security and vulnerabilitiesJournal of High Speed Networks10.3233/JHS-23003730:1(115-146)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-230037
Rahman MAhmed AKhan MMahin MKibria FKarim DKaykobad M(2023)CNN vs Transformer Variants: Malware Classification Using Binary Malware Images2023 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT)10.1109/COMNETSAT59769.2023.10420585(308-315)Online publication date: 23-Nov-2023
https://doi.org/10.1109/COMNETSAT59769.2023.10420585
Prachi. Dabas NSharma P(2023)MalAnalyserExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.120756230:COnline publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1016/j.eswa.2023.120756
Belaoued MDerhab AChekkai NRamdane CSeddari NBouras AGuessoum Z(2023)Deep Learning for Windows Malware AnalysisCyber Malware10.1007/978-3-031-34969-0_6(119-164)Online publication date: 3-Jul-2023
https://doi.org/10.1007/978-3-031-34969-0_6
Yadav KSethi AKaur MPerakovic D(2022)Machine Learning for Malware AnalysisAdvances in Malware and Data-Driven Network Security10.4018/978-1-7998-7789-9.ch001(1-18)Online publication date: 2022
https://doi.org/10.4018/978-1-7998-7789-9.ch001
Narayan VShaju B(2022)Malware and Anomaly Detection Using Machine Learning and Deep Learning MethodsResearch Anthology on Machine Learning Techniques, Methods, and Applications10.4018/978-1-6684-6291-1.ch010(149-176)Online publication date: 13-May-2022
https://doi.org/10.4018/978-1-6684-6291-1.ch010
Soni J(2022)Deep Learning-Based Understanding of the Complex Patterns of Cyber AttacksMachine Learning for Societal Improvement, Modernization, and Progress10.4018/978-1-6684-4045-2.ch005(93-111)Online publication date: 24-Jun-2022
https://doi.org/10.4018/978-1-6684-4045-2.ch005
Yang FChen ZGangopadhyay A(2022)Using Randomness to Improve Robustness of Tree-Based Models Against Evasion AttacksIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2020.298729934:2(969-982)Online publication date: 1-Feb-2022
https://doi.org/10.1109/TKDE.2020.2987299
Kinger SHambarde K(2022)Predictive Analysis of Malware using Machine Learning Techniques2022 International Conference on Smart Generation Computing, Communication and Networking (SMART GENCON)10.1109/SMARTGENCON56628.2022.10083771(1-8)Online publication date: 23-Dec-2022
https://doi.org/10.1109/SMARTGENCON56628.2022.10083771
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents