Using IRP for Malware Detection

13 years 9 months ago

Download www.raid2010.org

Abstract. Run-time malware detection strategies are eﬃcient and robust, which get more and more attention. In this paper, we use I/O Request Package (IRP) sequences for malware detection. N-gram will be used to analyze IRP sequences for feature extraction. Integrated use of Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA), we get more than 96% true positive rate and 0% false positive rate, by a selection of n-gram sequences which only exist in malware IRP sequences.

FuYong Zhang, DeYu Qi, JingLin Hu

Real-time Traffic

Computer Networks | IRP Sequences | Malware Detection | RAID 2010 | Sequences |

claim paper

Post Info
More Details (n/a)

Added	30 Jan 2011
Updated	30 Jan 2011
Type	Journal
Year	2010
Where	RAID
Authors	FuYong Zhang, DeYu Qi, JingLin Hu

Comments (0)

Sciweavers

Using IRP for Malware Detection

Computer Networks | IRP Sequences | Malware Detection | RAID 2010 | Sequences |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers