Sciweavers

RAID
2010
Springer

Using IRP for Malware Detection

13 years 11 months ago
Using IRP for Malware Detection
Abstract. Run-time malware detection strategies are efficient and robust, which get more and more attention. In this paper, we use I/O Request Package (IRP) sequences for malware detection. N-gram will be used to analyze IRP sequences for feature extraction. Integrated use of Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA), we get more than 96% true positive rate and 0% false positive rate, by a selection of n-gram sequences which only exist in malware IRP sequences.
FuYong Zhang, DeYu Qi, JingLin Hu
Added 30 Jan 2011
Updated 30 Jan 2011
Type Journal
Year 2010
Where RAID
Authors FuYong Zhang, DeYu Qi, JingLin Hu
Comments (0)