NOA: An Information Retrieval Based Malware Detection System
Keywords:Malware detection, computer security, information retrieval, static analysis
AbstractMalware refers to any type of code written with the intention of harming a computer or network. The quantity of malware being produced is increasing every year and poses a serious global security threat. Hence, malware detection is a critical topic in computer security. Signature-based detection is the most widespread method used in commercial antivirus solutions. However, signature-based detection can detect malware only once the malicious executable has caused damage and has been conveniently registered and documented. Therefore, the signature-based method fails to detect obfuscated malware variants. In this paper, a new malware detection system is proposed based on information retrieval. For the representation of executables, the frequency of the appearance of opcode sequences is used. Through this architecture a malware detection system prototype is developed and evaluated in terms of performance, malware variant recall (false negative ratio) and false positives.
Download data is not yet available.
How to Cite
Santos, I., Ugarte-Pedrero, X., Brezo, F., Bringas, P. G., & Gómez-Hidalgo, J. M. (2013). NOA: An Information Retrieval Based Malware Detection System. COMPUTING AND INFORMATICS, 32(1), 145–174. Retrieved from https://www.cai.sk/ojs/index.php/cai/article/view/1470