Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining

Moskovitch, Robert; Gus, I.; Pluderman, S.; Stopel, Dima; Feher, Clint; Glezer, Chanan; Shaḥar, Yuval; Elovici, Yuval

doi:10.1109/cidm.2007.368873

Cited by 9 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also the model can detect internet worm and classify DoS and Port Scan attacks with detection rate over 99% and false-alarm rate close to zero. Moskovitch et-al [9], presented the concept of detecting unknown computer worms based on a host behavior, using Data Mining algorithms for detecting the presence of an unknown worm not necessarily by recognizing specific instances of the worm, but rather based on the computer measurements. During the experiments 323 computer features were monitored.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Adaptive Worm Detection Model Based on Multi Classifiers

Barhoom

Qeshta²

2013

2013 Palestinian International Conference on Information and Communication Technology

View full text Add to dashboard Cite

Security has become ubiquitous in every area of malware newly emerging today pose a growing threat from ever perilous systems. As a result to that, Worms are in the upper part of the malware threats attacking the computer system despite the evolution of the worm detection techniques. Early detection of unknown worms is still a problem. In this paper, we proposed a "WDMAC" model for worm's detection using data mining techniques by combination of classifiers (Naïve Bayes, Decision Tree, and Artificial Neural Network) in multi classifiers to be adaptive for detecting known/ unknown worms depending on behavior-anomaly detection approach, to achieve higher accuracies and detection rate, and lower classification error rate. Our results show that the proposed model has achieved higher accuracies and detection rates of classification, where detection known worms are at least 98.30%, with classification error rate 1.70%, while the unknown worm detection rate is about 97.99%, with classification error rate 2.01%.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Many characteristics of each worm including Port profiles, and rate of scan per second used by worm to infect new hosts [9][14], are shown in Table 1 …”

Section: Worms Listmentioning

confidence: 99%

Adaptive Worm Detection Model Based on Multi Classifiers

Barhoom

Qeshta²

2013

2013 Palestinian International Conference on Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…They simulated proposed technique in MATLAB. Also some researches focused on the other approaches that consist of the host behavior classification methods [37][38][39][40]. For example, [29] presented a novel managed discretization technique for analyzing multivariate time series which uses frequent temporal patterns as features for classification of time chain for geared near improvement of classification correctness.…”

Section: Related Workmentioning

confidence: 99%

A Data Mining Classification Approach for Behavioral Malware Detection

Norouzi

Souri

Zamini

2016

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

Data mining techniques have numerous applications in malware detection. Classification method is one of the most popular data mining techniques. In this paper we present a data mining classification approach to detect malware behavior. We proposed different classification methods in order to detect malware based on the feature and behavior of each malware. A dynamic analysis method has been presented for identifying the malware features. A suggested program has been presented for converting a malware behavior executive history XML file to a suitable WEKA tool input. To illustrate the performance efficiency as well as training data and test, we apply the proposed approaches to a real case study data set using WEKA tool. The evaluation results demonstrated the availability of the proposed data mining approach. Also our proposed data mining approach is more efficient for detecting malware and behavioral classification of malware can be useful to detect malware in a behavioral antivirus.

show abstract

“…However, it is especially essential in a multitude of different medical domains, in which correct classification of time-series data has immediate implications for diagnosis, for quality assessment, and for prediction of meaningful outcomes Batal et al 2012Batal et al , 2013Hauskrecht et al 2013). In the information security domain, it might enable classification of hardware devices into infected and noninfected, by their temporal behavior (Stopel et al 2006a, b;Moskovitch et al 2007a).…”

Section: Introductionmentioning

confidence: 99%

Classification-driven temporal discretization of multivariate time series

Moskovitch

Shaḥar

2014

Data Min Knowl Disc

Self Cite

View full text Add to dashboard Cite

Biomedical data, in particular electronic medical records data, include a large number of variables sampled in irregular fashion, often including both time point and time intervals, thus providing several challenges for analysis and data mining. Classification of multivariate time series data is a challenging task, but is often necessary for medical care or research. Increasingly, temporal abstraction, in which a series of raw-data time points is abstracted into a set of symbolic time intervals, is being used for classification of multivariate time series. In this paper, we introduce a novel supervised discretization method, geared towards enhancement of classification accuracy, which determines the cutoffs that will best discriminate among classes through the distribution of their states. We present a framework for classification of multivariate time series analysis, which implements three phases: (1) application of a temporalabstraction process that transforms a series of raw time-stamped data points into a series of symbolic time intervals (based on either unsupervised or supervised temporal abstraction); (2) mining these time intervals to discover frequent temporal-interval relation patterns (TIRPs), using versions of Allen's 13 temporal relations; (3) using the patterns as features to induce a classifier. We evaluated the framework, focusing on the comparison of three versions of the new, supervised, temporal discretization for Responsible editors: classification (TD4C) method, each relying on a different symbolic-state distributiondistance measure among outcome classes, to several commonly used unsupervised methods, on real datasets in the domains of diabetes, intensive care, and infectious hepatitis. Using only three abstract temporal relations resulted in a better classification performance than using Allen's seven relations, especially when using three symbolic states per variable. Similarly when using the horizontal support and mean duration as the TIRPs feature representation, rather than a binary (existence) representation. The classification performance when using the three versions of TD4C was superior to the performance when using the unsupervised (EWD, SAX, and KB) discretization methods.

show abstract

Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining

Cited by 9 publications

References 23 publications

Adaptive Worm Detection Model Based on Multi Classifiers

Adaptive Worm Detection Model Based on Multi Classifiers

A Data Mining Classification Approach for Behavioral Malware Detection

Classification-driven temporal discretization of multivariate time series

Contact Info

Product

Resources

About