Detecting malicious behaviour using supervised learning algorithms of the function calls

Mamoun Alazab, Sitalakshmi Venkatraman

Research output: Contribution to journalArticle

Abstract

This paper describes our research in evaluating the use of supervised data mining algorithms for an effective detection of zero-day malware. Our aim is to design the tasks of certain popular types of supervised data mining algorithms for zero-day malware detection and compare their performance in terms of accuracy and efficiency. In this context, we propose and evaluate a novel method of employing such data mining techniques based on the frequency of Windows function calls. Our experimental investigations using large data sets to train the classifiers with a design tool to compare the performance of various data mining algorithms. Analysis of the results suggests the advantages of one data mining algorithm over the other for malware detection. Overall, data mining algorithms are employed with true positive rate as high as 98.5%, and low false positive rate of less than 0.025, indicating good applicability and future enhancements for detecting unknown and infected files with embedded stealthy malcode.
Original languageEnglish
Pages (from-to)90-109
Number of pages20
JournalInternational Journal of Electronic Security and Digital Forensics
Volume5
Issue number2
DOIs
Publication statusPublished - 2013
Externally publishedYes

Keywords

  • Zero-day malware
  • Cybercrime
  • Obfuscation
  • Function calls
  • Intrusion detection
  • Data mining

Fingerprint Dive into the research topics of 'Detecting malicious behaviour using supervised learning algorithms of the function calls'. Together they form a unique fingerprint.

  • Cite this