Paper Info
Title
A malware detection algorithm based on multi-view fusion
Abstract
One of the major problems concerning information assurance is malicious code. In order to detect them, many existing run-time intrusion or malware detection techniques utilize information available in Application Programming Interface (API) call sequences to discriminate between benign and malicious processes. Although some great progresses have been made, the new research results of ensemble learning make it possible to design better malware detection algorithm. This paper present a novel approach of detecting malwares using API call sequences. Basing on the fact that the API call sequences of a software show local property when doing network, file IO and other operations, we first divide the API call sequences of a malware into seven subsequences, and then use each subsequence to build a classification model. After these building models are used to classify software, their outputs are combined by using BKS and the final fusion results will be used to label whether a software is malicious or not. Experiments show that our algorithm can detect known malware effectively.
Year
DOI
Venue
2010
10.1007/978-3-642-17534-3_32
ICONIP
Keywords
Field
DocType
malicious process,api call sequence,classification model,application programming,multi-view fusion,malware detection technique,malware detection algorithm,building model,information assurance,call sequence,malicious code
Data mining,Cryptovirology,Information assurance,Computer science,Software,Application programming interface,Artificial intelligence,Ensemble learning,Intrusion,Algorithm,Malware,Subsequence,Machine learning
Conference
Volume
ISSN
ISBN
6444
0302-9743
3-642-17533-3
Citations 
PageRank 
References 
3
0.38
8
Authors
5
Name
Order
Citations
PageRank
Shanqing Guo113427.26
Qixia Yuan2317.44
Fengbo Lin351.44
Fengyu Wang493.60
Tao Ban510225.58