Integrated Usage of Data Mining Methodsfor Malware Detection

  • Dmitriy KomashinskiyEmail author
  • Igor Kotenko
Conference paper
Part of the Lecture Notes in Geoinformation and Cartography book series (LNGC)


The problem of counteracting malicious software (malware)remains a real one in all computer systems, including Geographical Information Systems (GIS), despite the obv ious successes of anti virus vendors in technologies aimed at early recognition of malwarepropagation, code analysis, and malware rapid updating of databases.The basic issue of that problem is the quality of heuristic detection methods. The goal of these methods is to provide recognition of unknown malware samples; therefore heuristic detection is the last defense line of any critical object in IT infrastructure. The paper is devoted to the application of data mining methods to heuristic detector development. The offered approach differs from existing ones by cyclic interactive covert processing of behavioral infor mation, and integrated use of different methods of data mining for various classes of malware. The paper discusses research into how a family of different data mining methods based on Bayes approach,decision trees and neural networks were implemented and investigated. The paper proposes a general integrated approach to realizationof malware detection methods.


Data mining Malware Behavior-based malware detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aycock J (2006) Computer Viruses and Malware, Advances in Information Security, vol 22, SpringerGoogle Scholar
  2. 2.
    CiosKJ, PedryczW, SwiniarskiRW, KurganLA (2007) Data Mining. AKnowledge Discovery Approach. Springer Science&Business MediaGoogle Scholar
  3. 3.
    Pietrek M (2002) An In-Depth Look into the Win32 Portable Executable File Format. MSDN MagazineGoogle Scholar
  4. 4..
    Raffetseder T, Krugel C, Kirda E (2007) Detecting System Emulators. LNCS, Springer, vol 4779Google Scholar
  5. 5.
    SchreiberSB (2002) Undocumented Windows 2000 secrets. A programming cookbook. Addison-WesleyGoogle Scholar
  6. 6.
    SchultzMG, EskinE, ZadokE, StolfoSJ (2005) Data Mining Methods for Detection of New Malicious Executables. J Informatics and Computer Science 172(1-2)Google Scholar
  7. 7..
    VX Heavens Site,
  8. 8.
    WangJ-H, DengPS, FanY-S, JawL-J, LiuY-C (2003) Virus Detection using Data Mining Techniques. IEEE 37th Annual International Carnahan Confe-renceGoogle Scholar
  9. 9.
    ZhangB-Y, YinJ-P, HaoJ-B, ZhangD-X, WangS-L (2006) Using Support Vector Machine to Detect Unknown Computer Viruses. J International Journal of Computational Intelligence Research 2(1)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  1. 1.St. Petersburg Institute for Informatics and Automation (SPIIRAS)PetersburgRussia

Personalised recommendations