Journal of South China University of Technology (Natural Science Edition) ›› 2011, Vol. 39 ›› Issue (5): 68-72.doi: 10.3969/j.issn.1000-565X.2011.05.012

• Computer Science & Technology • Previous Articles     Next Articles

Detection of Embedded Malware Based on C4.5 Decision Tree

Zhang Fu-yong  Qi De-yu  Hu Jing-lin   

  1. Research Institute of Computer Systems,South China University of Technology,Guangzhou 510006,Guangdong,China
  • Received:2010-06-09 Revised:2010-10-26 Online:2011-05-25 Published:2011-04-01
  • Contact: 张福勇(1982-),男,博士生,主要从事计算机安全研究 E-mail:z.fuyong@mail.scut.edu.cn
  • About author:张福勇(1982-),男,博士生,主要从事计算机安全研究
  • Supported by:

    国家技术创新基金资助项目(08C26214411198);粤港关键领域重点突破项目(2008A011400010

PDF

1647

Abstract:

Embedded malware has become a novel computer security threat due to its high concealment and poor detectability.However,the existing statistical analysis methods are ineffective because they do not fully consider the small number of malicious bytes and the high information gain of embedded malware.In order to solve this problem,a new detection method of embedded malware is proposed based on C4.5 decision tree,which implements the detection by establishing a decision tree with 500 high-information-gain 3-grams extracted from training samples as the attribute.Experimental results show that the proposed method is superior to the existing methods in terms of detection rate and classification accuracy,and that it may achieve a detection rate of 99.80% for infected Word.

Key words: embedded malware, C4.5 decision tree, malware detection, Boosting algorithm, embedded malware, malware detection, C4.5 decision tree, Boosting algorithm