Sciweavers

KDD
2009
ACM

Malware detection using statistical analysis of byte-level file content

14 years 5 months ago
Malware detection using statistical analysis of byte-level file content
Commercial anti-virus software are unable to provide protection against newly launched (a.k.a “zero-day”) malware. In this paper, we propose a novel malware detection technique which is based on the analysis of byte-level file content. The novelty of our approach, compared with existing content based mining schemes, is that it does not memorize specific byte-sequences or strings appearing in the actual file content. Our technique is non-signature based and therefore has the potential to detect previously unknown and zero-day malware. We compute a wide range of statistical and information-theoretic features in a block-wise manner to quantify the byte-level file content. We leverage standard data mining algorithms to classify the file content of every block as normal or potentially malicious. Finally, we correlate the block-wise classification results of a given file to categorize it as benign or malware. Since the proposed scheme operates at the byte-level file content; the...
S. Momina Tabish, M. Zubair Shafiq, Muddassar Faro
Added 26 Jul 2010
Updated 26 Jul 2010
Type Conference
Year 2009
Where KDD
Authors S. Momina Tabish, M. Zubair Shafiq, Muddassar Farooq
Comments (0)