Unknown Malware Detection Based on IRP

doi:10.3969/j.issn.1000-565X.2011.04.003

Journal of South China University of Technology (Natural Science Edition) ›› 2011, Vol. 39 ›› Issue (4): 15-20.doi: 10.3969/j.issn.1000-565X.2011.04.003

• Electronics, Communication & Automation Technology • Previous Articles Next Articles

Unknown Malware Detection Based on IRP

Zhang Fu-yong Qi De-yu Hu Jing-Lin

Research Institute of Computer Systems,South China University of Technology,Guangzhou 510006,Guangdong,China

Received:2010-07-13 Revised:2010-10-26 Online:2011-04-25 Published:2011-03-01
Contact: 张福勇(1982-)，男，博士生，主要从事计算机安全研究 E-mail:fuyong1681@163.com
About author:张福勇(1982-)，男，博士生，主要从事计算机安全研究
Supported by:
国家技术创新基金项目（08C26214411198）；粤港关键领域重点突破项目（2008A011400010）

Abstract

Abstract:

As the malware detection method based on API can only detect the malware running in user mode and is noneffective for the malware running in kernel mode and calling kernel APIs,a novel detection method of unknown malware is proposed based on IRP（I/O Request Packet）.Then,the Nave Bayes,the Bayesian networks,the support vector machine,the C4.5 decision tree,the Boosting,the negative selection algorithm and an improved artificial immune system are used to classify IRP sequences for malware detection,and the detection rates of all the above-mentioned methods with different feature selection algorithms are compared.The results demonstrate that（1） the proposed method is effective in malware detection;（2） the Boosting decision tree with Fisher score feature selection algorithm outperforms other detection methods,with the highest detection rate of 98.3%;（3） the improved artificial immune system,which detects malware by selected IRP subsequences only existing in malware＇s IRP sequences,performs well,with a detection rate of 95.0% and a false detection rate of 0.

Key words: I/O Request Packet, artificial immune system, data mining, malware detection, feature selection, detection rate, false detection rate

Zhang Fu-yong Qi De-yu Hu Jing-Lin. Unknown Malware Detection Based on IRP[J]. Journal of South China University of Technology (Natural Science Edition), 2011, 39(4): 15-20.

[1]	CAI Xiaodong HONG Tao CAO Yi. Recommendation Model Based on Polarization Relation Representation and Low-Dimensional Data Association Learning [J]. Journal of South China University of Technology (Natural Science Edition), 2022, 50(1): 122-131.
[2]	ZHANG Ziye, LI Mingchang, LIANG Lingrui, et al. Improved Transfer Learning Algorithm Based on Cross-domain in Recommendation System [J]. Journal of South China University of Technology (Natural Science Edition), 2020, 48(11): 99-106.
[3]	WU Wenjing JING Peng JIA Hongfei ZHANG Minghang. Low Carbon Travel Intention Data Mining for Residents Based on K-means Clustering and Random Forest Algorithm [J]. Journal of South China University of Technology (Natural Science Edition), 2019, 47(7): 105-111.
[4]	CAI Zexiang MA Guolong SUN Yuyan HUANG Yuhan. Decision Analysis Method for Operation and Maintenance Management of Power Equipment Based on Data Mining [J]. Journal of South China University of Technology (Natural Science Edition), 2019, 47(6): 57-64,71.
[5]	. Elastic Property Prediction of Materials Based on Machine Learning and Feature Selection [J]. Journal of South China University of Technology (Natural Science Edition), 2019, 47(5): 48-55.
[6]	CHEN Jun-ying ZHOU Shun-feng MIN Hua-qing. “Word Frequency-Filtering”Hybrid Feature Selection Method Applied to Spam Identification [J]. Journal of South China University of Technology (Natural Science Edition), 2017, 45(3): 82-88.
[7]	Hu Bu-fa Huang Shou-ning. Selection and Recognition of 3D Facial Expression Feature Based on Bi-Objective Elitist Strategy [J]. Journal of South China University of Technology (Natural Science Edition), 2015, 43(5): 86-91.
[8]	Zheng Xiao- feng Wang Shu. Data Mining Method of Road Transportation Management Information Based on Rough Set and Association Rule [J]. Journal of South China University of Technology (Natural Science Edition), 2014, 42(2): 132-138.
[9]	Chen Xing- shu Zhang Shuai Tong Hao Cui Xiao- jing. FP- Growth Algorithm Based on Boolean Matrix and MapReduce [J]. Journal of South China University of Technology (Natural Science Edition), 2014, 42(1): 135-141.
[10]	Liang Jin Luo Fei Xu Yu-ge. Fuzzy Rough Monotone Dependence Algorithm Based on Decision Table and Its Application [J]. Journal of South China University of Technology (Natural Science Edition), 2011, 39(7): 7-12.
[11]	Zhang Fu-yong Qi De-yu Hu Jing-lin. Detection of Embedded Malware Based on C4.5 Decision Tree [J]. Journal of South China University of Technology (Natural Science Edition), 2011, 39(5): 68-72.
[12]	Zhang Fu-yong Qi De-yu Hu Jing-lin. Run-Time Malware Detection Based on IRP [J]. Journal of South China University of Technology (Natural Science Edition), 2011, 39(2): 113-117.
[13]	Jia Xi-ping Peng Hong Zheng Qi-lun Shi Shi-xu Jiang Zhuo-lin . Topic-Based Document Retrieval Model [J]. Journal of South China University of Technology (Natural Science Edition), 2008, 36(9): 37-42.
[14]	Jin Yi-fu Zhu Qing-sheng . An Extended Knowledge Discovery Framework for Outlier Data Set [J]. Journal of South China University of Technology (Natural Science Edition), 2008, 36(9): 31-36.
[15]	Min Hua-qing Lu Yan-sheng Jiang Xiao-yu. Algorithm of Classification Rules Based on Co-Evolution Computation [J]. Journal of South China University of Technology (Natural Science Edition), 2006, 34(6): 69-73.

Unknown Malware Detection Based on IRP

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments