Computer Virus Detection Method Using Feature Extraction of Specific Malicious Opcode Sets Combine with aiNet and Danger Theory
Nowadays, many methods of detecting computer viruses are researched towards machine learning and data mining. Among these are the topics related to the automated search algorithm characteristic of the virus. The feature extraction of virus opcode method is proposed in this paper is statistical combinations of x86 machine instruction. The selected instructions are common in a set of virus files and less common in benign files, using some machine learning and data mining algorithms to support. The frequent combination of instruction sets are seen as the operational characteristics of the virus files. Artificial Immune System in combination with Danger Theory will be used for the training of the selected instruction sets into building up a classification system detecting a new file is a virus or not.
KeywordsFeature extraction x86 opcode Data mining Artificial immune network (aiNet) Danger theory
This research is funded by Vietnam National University, Ho Chi Minh City (VNU-HCM) under grant number C2016-26-05.
- 1.Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables, pp. 6–7 (2001)Google Scholar
- 2.Read, M., Andrews, P., Timmis, J.: Artificial immune systems, pp. 4–5 (2012)Google Scholar
- 3.Rad, B.B., Masrom, M.: Metamorphic virus variants classification using opcode frequency histogram, pp. 147–152 (2010)Google Scholar
- 4.Chao, R., Tan, Y.: A virus detection system based on artificial immune system, pp. 3–5 (2010)Google Scholar
- 5.Lu, T., Zheng, K., Fu, R., Liu, Y., Wu, B., Guo, S.: A danger theory based mobile virus detection model and its application in inhibiting virus, pp. 2–5 (2012)Google Scholar
- 6.Bilar, D.: Opcodes as predictor for malware, pp. 4–9 (2007)Google Scholar
- 7.Agrawal, R., Srikant, R.: Fast algorithms for mining association rules, pp. 3–6 (1994)Google Scholar
- 8.Aickelin, U., Cayzer, S.: The danger theory and its application to artificial immune systems, pp. 4–6 (2008)Google Scholar
- 9.Ali, H.A., Hussain, D.J.: Computer virus detection based on artificial immunity concept, pp. 68–74 (2014)Google Scholar