Abstract
It has been argued that an anti-virus strategy based on malware collected at a certain date, will not work at a later date because malware evolves rapidly and an anti-virus engine is then faced with a completely new type of executable not as amenable to detection as the first was.
In this paper, we test this idea by collecting two sets of ma/lare, the first f rom 2002 to 2007, the second from 2009 to 2010 to determine how well the anti-virus strategy we developed based on the earlier set [14] will do on the later set. This anti-virus strategy integrates dynamic and static features extracted from the executables to classify malware by distinguishing between families.
The resulting classification accuracies are ve1y close for both datasets, with a difference of only 5.4%, the older malware being more accurately classified than the newer malware. This leads us to conjecture that current anti-virus strategies can indeed be modified to deal effectively with new malware.
In this paper, we test this idea by collecting two sets of ma/lare, the first f rom 2002 to 2007, the second from 2009 to 2010 to determine how well the anti-virus strategy we developed based on the earlier set [14] will do on the later set. This anti-virus strategy integrates dynamic and static features extracted from the executables to classify malware by distinguishing between families.
The resulting classification accuracies are ve1y close for both datasets, with a difference of only 5.4%, the older malware being more accurately classified than the newer malware. This leads us to conjecture that current anti-virus strategies can indeed be modified to deal effectively with new malware.
Original language | English |
---|---|
Title of host publication | Workshop proceeding of ATIS 2011. Melbourne, November 9th, 2011 |
Subtitle of host publication | Second applications and techniques in information security workshop |
Editors | Matthew Warren |
Place of Publication | Melbourne, VIC |
Publisher | Deakin University |
Pages | 22-27 |
Number of pages | 6 |
ISBN (Print) | 9780987229809 |
Publication status | Published - 2011 |
Event | Applications and Techniques in Security. Workshop (2nd:2011: Melbourne, Vic.) - Melbourne, Victoria, Australia Duration: 09 Nov 2011 → 09 Nov 2011 |
Conference
Conference | Applications and Techniques in Security. Workshop (2nd:2011: Melbourne, Vic.) |
---|---|
Country/Territory | Australia |
City | Victoria |
Period | 09/11/11 → 09/11/11 |