Open Access  Subscription or Fee Access

This paper presents a survey of data mining techniques for malware detection using file features. The techniques are categorized based upon a three tier hierarchy that includes file features, analysis type and detection type. File features are the features extracted from binary programs, analysis type is either static or dynamic, and the detection type is borrowed from intrusion detection as either misuse or anomaly detection. It provides the reader with the major advancement in the malware research using data mining on file features and categorizes the surveyed work based upon the above stated hierarchy. This served as the major contribution of this paper

Scanning,Activity Monitoring,Integrity Checking

[Coh85] Fred Cohen. Computer Viruses. PhD thesis, University of Southern California, 1985.

[BDE99] J. Bergeron, M. Debbabi, M. M. Erhioui, and B. Ktari. “Static Analysis of Binary Code to Isolate Malicious Behavior.” In Proceedings of the 8th Workshop on Enabling

Technologies on Infrastructure for Collaborative Enterprises (WETICE’99), pp. 184–189, 1999.

[Bre01] Leo Breiman. “Random Forests.” Machine Learning, 45(1):5–32, 2001.

[Kan02] Mehmed Kantardzic. Data Mining: Concepts, Models, Methods, and Algorithms. Wiley-IEEE Press, 2002.

[SL02] Prabhat K. Singh and Arun Lakhotia. “Analysis and Detection of Computer Viruses and Worms: An Annotated Bibliography.” SIGPLAN Not., 37(2):29–35, 2002.

[IM07] Nwokedi Idika and Aditya P. Mathur. “A Survey of Malware Detection Techniques.”Technical report, Software Engineering Research Center, 2007.

[BJL08] Martin Boldt, Andreas Jacobsson, Niklas Lavesson, and Paul Davidsson. “Automated Spyware Detection Using End User License Agreements.” isa, 0:445–452, 2008.

[SWL08] Muazzam Siddiqui, Morgan C. Wang, and Joohan Lee. “Data Mining Methods for Malware Detection Using Instruction Sequences.” In Proceedings of Artificial Intelligence and Applications, AIA 2008. ACTA Press, 2008.