Author(s): Priyank Singhal | Nataasha Raul
Journal: International Journal of Network Security & Its Applications
ISSN 0975-2307
Volume: 4;
Issue: 1;
Start page: 61;
Date: 2012;
VIEW PDF
DOWNLOAD PDF 
Original page
Keywords: Malware detection | virus | data mining | Information gain | random forest | machine learning | classification | enterprise | network | security.
ABSTRACT
Malicious software is abundant in a world of innumerable computer users, who are constantly faced withthese threats from various sources like the internet, local networks and portable drives. Malware is potentially low to high risk and can cause systems to function incorrectly, steal data and even crash.Malware may be executable or system library files in the form of viruses, worms, Trojans, all aimed atbreaching the security of the system and compromising user privacy. Typically, anti-virus software is based on a signature definition system which keeps updating from the internet and thus keeping track of known viruses. While this may be sufficient for home-users, a security risk from a new virus could threaten an entire enterprise network. This paper proposes a new and more sophisticated antivirus engine that can not only scan files, but also build knowledge and detect files as potential viruses. This is done by extracting system API calls made by various normal and harmful executable, and using machine learning algorithms to classify and hence, rank files on a scale of security risk. While such a system is processor heavy, it is very effective when used centrally to protect an enterprise network which maybe more prone to such threats.
Journal: International Journal of Network Security & Its Applications
ISSN 0975-2307
Volume: 4;
Issue: 1;
Start page: 61;
Date: 2012;
VIEW PDF
DOWNLOAD PDF Original pageKeywords: Malware detection | virus | data mining | Information gain | random forest | machine learning | classification | enterprise | network | security.
ABSTRACT
Malicious software is abundant in a world of innumerable computer users, who are constantly faced withthese threats from various sources like the internet, local networks and portable drives. Malware is potentially low to high risk and can cause systems to function incorrectly, steal data and even crash.Malware may be executable or system library files in the form of viruses, worms, Trojans, all aimed atbreaching the security of the system and compromising user privacy. Typically, anti-virus software is based on a signature definition system which keeps updating from the internet and thus keeping track of known viruses. While this may be sufficient for home-users, a security risk from a new virus could threaten an entire enterprise network. This paper proposes a new and more sophisticated antivirus engine that can not only scan files, but also build knowledge and detect files as potential viruses. This is done by extracting system API calls made by various normal and harmful executable, and using machine learning algorithms to classify and hence, rank files on a scale of security risk. While such a system is processor heavy, it is very effective when used centrally to protect an enterprise network which maybe more prone to such threats.
