Advertisement

Computer Virus Detection Method Using Feature Extraction of Specific Malicious Opcode Sets Combine with aiNet and Danger Theory

  • Vu Thanh Nguyen
  • Cao Ngoc Tuan
  • Ly Tan Dung
  • Vo Minh Hai
  • Toan Tan Nguyen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10018)

Abstract

Nowadays, many methods of detecting computer viruses are researched towards machine learning and data mining. Among these are the topics related to the automated search algorithm characteristic of the virus. The feature extraction of virus opcode method is proposed in this paper is statistical combinations of x86 machine instruction. The selected instructions are common in a set of virus files and less common in benign files, using some machine learning and data mining algorithms to support. The frequent combination of instruction sets are seen as the operational characteristics of the virus files. Artificial Immune System in combination with Danger Theory will be used for the training of the selected instruction sets into building up a classification system detecting a new file is a virus or not.

Keywords

Feature extraction x86 opcode Data mining Artificial immune network (aiNet) Danger theory 

Notes

Acknowledgement

This research is funded by Vietnam National University, Ho Chi Minh City (VNU-HCM) under grant number C2016-26-05.

References

  1. 1.
    Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables, pp. 6–7 (2001)Google Scholar
  2. 2.
    Read, M., Andrews, P., Timmis, J.: Artificial immune systems, pp. 4–5 (2012)Google Scholar
  3. 3.
    Rad, B.B., Masrom, M.: Metamorphic virus variants classification using opcode frequency histogram, pp. 147–152 (2010)Google Scholar
  4. 4.
    Chao, R., Tan, Y.: A virus detection system based on artificial immune system, pp. 3–5 (2010)Google Scholar
  5. 5.
    Lu, T., Zheng, K., Fu, R., Liu, Y., Wu, B., Guo, S.: A danger theory based mobile virus detection model and its application in inhibiting virus, pp. 2–5 (2012)Google Scholar
  6. 6.
    Bilar, D.: Opcodes as predictor for malware, pp. 4–9 (2007)Google Scholar
  7. 7.
    Agrawal, R., Srikant, R.: Fast algorithms for mining association rules, pp. 3–6 (1994)Google Scholar
  8. 8.
    Aickelin, U., Cayzer, S.: The danger theory and its application to artificial immune systems, pp. 4–6 (2008)Google Scholar
  9. 9.
    Ali, H.A., Hussain, D.J.: Computer virus detection based on artificial immunity concept, pp. 68–74 (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Vu Thanh Nguyen
    • 1
  • Cao Ngoc Tuan
    • 1
  • Ly Tan Dung
    • 1
  • Vo Minh Hai
    • 2
  • Toan Tan Nguyen
    • 1
  1. 1.University of Information TechnologyVietnam National UniversityHCM CityVietnam
  2. 2.The Immigration Office of Police Station in HCMCHo Chi MinhVietnam

Personalised recommendations