Open Access Open Access  Restricted Access Subscription Access


Дмитрий Комашинский, Игорь Котенко


в статье проводится обзор наиболее значимых работ в области создания систем обнаружения и идентификации вредоносных программ на основе методов интеллектуального анализа данных. Для формализации этого процесса используются элементы методологии SADT, обобщающие основные процедурные аспекты существующих работ, посвященных данной предметной области. Выделяются основные группы сущностей, используемых для формирования типовых методик об наружения вредоносных программ на основе данной группы методов


Intelligent data analysis; malware; detection.

Full Text:



M. Alazab, R. Layton, S. Venkataraman, P. Watters, Malware Detection Based on Structural and Behavioural Features of API Calls, 2010 International Cyber Resilience Conference, Perth, Australia, (23-24 August), pp. 1-10.

J. Dai, R. Guha, J. Lee, Efficient Virus Detection Using Dynamic Instruction Sequences, Journal of Computers, (4) 5 (2009), pp. 405-414.

J.O. Kephart, G.B. Sorkin, W.C. Arnold, D.M. Chess, G.J. Tesauro, S.R. White, Biologically inspired defenses against computer viruses, International Joint Conference on Artificial Intelligence, Montreal, Canada, (20-25 August 1995), pp.985-996.

J. Kinable, O. Kostakis, Malware Classification Based onCall Graph Clustering, Journal In Computer Virology, (7) 4 (2011), pp. 233-245.

J.Z. Kolter, M.A. Maloof, Learning to Detect Malicious Executables in the Wild, 2004 International Conference on Knowledge Discovery and Data Mining, Seattle, WA, USA (22-25 August), pp.470-478.

D.V. Komashinskiy, I.V. Kotenko, Using Low-Level Dynamic Attributes for Malware Detection Based on Data Mining Methods, Lecture Notes in Computer Science, Springer-Verlag, Vol. 7531. 2012 International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, St.Petersburg, Russia (17-20 October), pp.254-269.

D.V. Komashinskiy, I.V. Kotenko, Malware Detection by Data Mining Techniques Based on Positionally Dependent Features, 2010 Euromicro International Conference on Parallel, Distributed and network-based Processing. Piza, Italy (17-19 February), pp.617-623.

D.V. Komashinskiy, I.V. Kotenko, Integrated Usage of Data Mining Methods for Malware Detection, 2009 International Workshop “Information Fusion and Geographical Information Systems”. St.Petersburg, Russia (17-20 May). Lecture Notes in Geoinformation and Cartography, Springer, pp.343-357.

L.I. Kuncheva, Combining Pattern Classifiers: Methods and Algorithms. Wiley-Interscience, 2004, 350 p.

A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, E. Kirda, AccessMiner: Using System-Centric Models for Malware Protection, 2010 ACM conference on Computer and Communication Security, Chicago, IL, USA (4-8 October), pp.399-412.

Y.-B. Lu, S.-C. Din, C.-F. Zheng, B.-J. Gao, Using Multi-Feature and Classifier Ensembles to Improve Malware Detection, Journal of Chung Cheng Institute of Technology, (39) 2 (2010), pp.57-72.

M.M. Masud, L. Khan, B. Thuraisingham, Feature-Based Techniques for Auto-Detection of Novel Email Worms, 2007 Pacific-Asia Conference on Knowledge Discovery and Data Mining, Nanjing, China (22-25 May), pp.205-216.

M.M. Masud, L. Khan, B. Thuraisingham, A Hybrid Model to Detect Malicious Executables, 2007 IEEE International Conference on Communications, Glasgow, Scotland (24-28 June), pp.1443-1448.

M.M. Masud, L. Khan, B. Thuraisingham, Data Mining Tools for Malware Detection. CRC Press Taylor & Francis Group, 2012. 450 p.

E. Menahem, A. Shabtai, L. Rokach, Y. Elovici, Improving Malware Detection by Applying Multi-Inducer Ensemble, Journal Computational Statistics & Data Analysis (53) 4 (2009), pp.1483-1494.

I. Muttik, Malware Mining, 2011 Virus Bulletin Conference, Barcelona, Spain, (5-7 October), pp.46-51.

R. Perdisci, A. Lanzi, W. Lee, McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables, 2008 Computer Security Applications Conference, Anahem, CA, USA, (8-12 December), pp.301-310.

K. Rieck, T. Holz, C. Willems, P. Dussel, P. Laskov, Learning and Classification of Malware Behavior, 2008 International conference on Detection of Intrusions and Malware and Vulnerability Assessment, Paris, France (10-11 July), pp.108-125.

I. Santos, Y. Penya, J. Devesa, P. Bringas, N-grams-based File Signatures for Malware Detection, 2009 International Conference on Enterprise Information Systems, Milan, Italy (6-10 May), pp.317-320.

M. Schultz, E. Eskin, E. Zadok, S. Stolfo, Data Mining Methods for Detection of New Malicious Executables, 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA (13-16 May), pp. 38-49.

F. Shahzad, S. Bhatti, M. Shahzad, M. Farooq, In-Execution Malware Detection using Task Structures of Linux Processes, 2011 IEEE International Conference on Communications, Kyoto, Japan (5-9 June), pp.1-6.

F. Shahzad, M. Farooq, ELF-Miner: Using Structural Knowledge and Data Mining Methods to Detect New (Linux) Malicious Executables, Journal of Knowledge and Information Systems, (30) 3 (2012) pp.589-612.

M. Siddiqui, M. Wang, J. Lee, Detecting Internet Worms Using Data Mining Techniques, Journal of Systemics, Cybernetics and Informatics, (6) 6 (2008), pp. 48-53.

Y. Ye, T. Li, Y. Chen, Q. Jiang, Automatic Malware Categorization Using Cluster Ensemble, 2010 ACM International Conference on Knowledge discovery and data mining, Washington, USA (25-28 July), pp.95-104.

Y. Ye, T. Li, K. Huang, Q. Jiang, Y. Chen, Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list, Journal of Intelligent Information Systems (35) 1 (2010), pp.1-20.

M. Masud, T. Al - Khateeb, K. Hamlen, L. Khan, J. Han, B. Thuraisingham, Cloud-Based Malware Detection for Evolving Data Streams, In Journal ACM Transactions on Management Information Systems, (2) 3 (2011), article 16, 27 p.


  • There are currently no refbacks.
hgs yükleme