Malicious Code Forensics based on Data Mining

被引:0
|
作者
Li, Xiaohua [1 ]
Dong, Xiaomei [1 ]
Wang, Yulong [1 ]
机构
[1] Northeastern Univ, Sch Informat Sci & Engn, Shenyang, Peoples R China
来源
2013 10TH INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS AND KNOWLEDGE DISCOVERY (FSKD) | 2013年
关键词
computer forensics; malicious code; data mining; API call sequence; weighted FP-Growth algorithm;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
According to the characteristics of electronic evidence generated by malicious codes, a weighted FP-Growth frequent pattern mining algorithm was proposed for malicious code forensics. Different API call sequences were assigned different weights according to their threaten degree to obtain frequent patterns of serious malicious codes and more accurate analysis results. Based on the weighted FP-Growth algorithm, an analysis and forensics method for malicious codes was proposed. By monitoring the malicious code processes, registry, file recording and port number to record its behavior, electronic evidence of malicious codes was obtained and analyzed to generate the forensics report. Compared with the original FP-Growth algorithm, the weighted algorithm can obtain higher accuracy when used for evidence analysis. Specific examples also verified the feasibility of the method and the effect of the host.
引用
收藏
页码:978 / 983
页数:6
相关论文
共 50 条
  • [1] The Algorithm of Malicious Code Detection Based on Data Mining
    Yang, Yubo
    Zhao, Yang
    Liu, Xiabi
    GREEN ENERGY AND SUSTAINABLE DEVELOPMENT I, 2017, 1864
  • [2] Rootkit (Malicious Code) Prediction through Data Mining Methods and Techniques
    Ramani, R. Geetha
    Kumar, Suresh S.
    Jacob, Shomona Gracia
    2013 IEEE INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND COMPUTING RESEARCH (ICCIC), 2013, : 510 - 514
  • [3] Review of malicious code detection in data mining applications: challenges, algorithms, and future direction
    Razaque, Abdul
    Bektemyssova, Gulnara
    Yoo, Joon
    Hariri, Salim
    Khan, Meer Jaro
    Nalgozhina, Nurgul
    Hwang, Jaeryong
    Khan, M. Ajmal
    CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 2025, 28 (03):
  • [4] A Malicious Mining Code Detection Method Based on Multi-Features Fusion
    Li, Shudong
    Jiang, Laiyuan
    Zhang, Qianqing
    Wang, Zhen
    Tian, Zhihong
    Guizani, Mohsen
    IEEE TRANSACTIONS ON NETWORK SCIENCE AND ENGINEERING, 2023, 10 (05): : 2731 - 2739
  • [5] Malicious mining code detection based on ensemble learning in cloud computing environment
    Li, Shudong
    Li, Yuan
    Han, Weihong
    Du, Xiaojiang
    Guizani, Mohsen
    Tian, Zhihong
    SIMULATION MODELLING PRACTICE AND THEORY, 2021, 113
  • [6] Data Mining Based Strategy for Detecting Malicious PDF Files
    Sayed, Samir G.
    Shawkey, Mohamed
    2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (IEEE TRUSTCOM) / 12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (IEEE BIGDATASE), 2018, : 661 - 667
  • [7] Study on the computer forensics algorithm in mass data process based on data mining
    Wu, Chunqiong, 1600, Universidad Central de Venezuela (55):
  • [8] COMPUTER MALICIOUS CODE SIGNAL DETECTION BASED ON BIG DATA TECHNOLOGY
    Liu, Xiaoteng
    SCALABLE COMPUTING-PRACTICE AND EXPERIENCE, 2023, 24 (03): : 521 - 530
  • [9] Malicious VBScript Detection Algorithm Based on Data-Mining Techniques
    Wael, Doaa
    Shosha, Ahmed
    Sayed, Samir G.
    2017 INTL CONF ON ADVANCED CONTROL CIRCUITS SYSTEMS (ACCS) SYSTEMS & 2017 INTL CONF ON NEW PARADIGMS IN ELECTRONICS & INFORMATION TECHNOLOGY (PEIT), 2017, : 112 - 116
  • [10] Malicious Code Detection Based on Code Semantic Features
    Zhang, Yu
    Li, Binglong
    IEEE ACCESS, 2020, 8 : 176728 - 176737
12345