NOA: An Information Retrieval Based Malware Detection System
Keywords:
Malware detection, computer security, information retrieval, static analysisAbstract
Malware refers to any type of code written with the intention of harming a computer or network. The quantity of malware being produced is increasing every year and poses a serious global security threat. Hence, malware detection is a critical topic in computer security. Signature-based detection is the most widespread method used in commercial antivirus solutions. However, signature-based detection can detect malware only once the malicious executable has caused damage and has been conveniently registered and documented. Therefore, the signature-based method fails to detect obfuscated malware variants. In this paper, a new malware detection system is proposed based on information retrieval. For the representation of executables, the frequency of the appearance of opcode sequences is used. Through this architecture a malware detection system prototype is developed and evaluated in terms of performance, malware variant recall (false negative ratio) and false positives.Downloads
Download data is not yet available.
Downloads
Published
2013-03-22
How to Cite
Santos, I., Ugarte-Pedrero, X., Brezo, F., Bringas, P. G., & Gómez-Hidalgo, J. M. (2013). NOA: An Information Retrieval Based Malware Detection System. Computing and Informatics, 32(1), 145–174. Retrieved from http://147.213.75.17/ojs/index.php/cai/article/view/1470
Issue
Section
Articles