A Survey on CIMDS: Adapting Post Processing Techniques of Associative Classification for Malware Detection
Atul Kamble, Prasad Kadam, Hardik Bhangale
1Atul Kamble, Department of Computer Engineering, Pimpri Chinchwad College of Engineering, Nigdi, Pune, India.
2Prasad Kadam, Department of Computer Engineering, Pimpri Chinchwad College of Engineering, Nigdi, Pune, India.
3Hardik Bhangale, Department of Computer Engineering, Pimpri Chinchwad College of Engineering, Nigdi, Pune, India.
Manuscript received on November 22, 2012. | Revised Manuscript received on December 26, 2012. | Manuscript published on December 30, 2012. | PP: 52-54 | Volume-2, Issue-2, December 2012. | Retrieval Number: B0831112212 /2012©BEIESP
Open Access | Ethics and Policies | Cite
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The Malware is program/software that damages or affects the computer system. Nowadays all the fields are computerized. So the valuable data is stored in computer. If the malware attacks on system then there may be chances of loss of data. Therefore it is very essential to provide security to system from Malware. A file that needs to be analyzed is called as Gray list. Along with Malware writing technique the number of gray list is increasing in large scale. In previous work IMDS (Intelligent Malware Detection System) had develop for malware detection. This system is based on analysis of API (Application Programming Interface) calls. But IMDS faces the two problems 1] Handling large set of generated rules to build classifier. 2] Finding the effective rules for classifying new file samples. In this paper we describe post processing techniques that are 1] Rule Pruning 2] Rule Ranking 3] Rule Selection. Then number of classification rule evaluation measures is considered. Here number of selection technique is used to order classification rule contained in classifier. This system is known as CIDCPF for malware detection. According to our knowledge this is first effort that uses post processing technique. It includes chi square, insignificant rule pruning. Then database coverage based upon chi square measure Rule Ranking mechanism is applied. Finally Performance Prediction is done by using Best First Rule. From the experiment it is observed the promising result is obtained on gray list. As compared to other Anti viruses like McAfee, Virus scan, Norton this system gives best result. This indicates that the CIMDS system is more efficient and accurate for Malware detection. This system is data mining base detection system. In particular CIMDS system can greatly reduce the number of generated rules. This makes it easy for virus analyst to identify the useful ones.
Keywords: Malware, Association Classification, Antivirus, Rule Pruning, Rule Ranking, Rule Selection.