The document discusses malware detection approaches using data mining techniques. It describes signature-based and behavior-based approaches. Signature-based detection identifies malware by matching signatures in a predefined database, but struggles with polymorphic malware. Behavior-based detection analyzes malware behaviors through dynamic analysis, allowing detection of novel malware but having higher computational costs. Both approaches have advantages and limitations for malware detection.

1. Malware Detection Approaches
using
Data Mining Techniques
Md. Alamgir Hossain
Institute of Information and Communication Technology(IICT)
Bangladesh University of Engineering technology (BUET)
1

2. Contents
Definition of Malware
Concept of Data Mining
Malware Detection Approaches in Data Mining
Signature-Based Approach
Behavior-Based Approach
Challenges to Detect Malware for the Digital World
Suggestions about Malware Detection for Future
Conclusion
References
2

3. Malware
Malware, or malicious software, is any program or file that is intentionally
harmful to a computer, network or server.
Malware can be different types like Viruses, Worms, Trojan Horses,
Ransomware, and Spyware.
These malicious programs steal, encrypt and delete sensitive data; alter or
hijacking core computing functions and monitor end user’s computer activity.
Malware can infect networks and devices and is designed to harm those devices,
networks and/or their users in some way.
3

4. Data Mining
Data mining, also called knowledge discovery in database (KDD), is the
nontrivial extraction of implicit, previously unknown, and potentially useful
information (Meaningful Patterns) from data in large data repositories/database.
Knowledge Discovering Process:
4

5. Malware Detection Approach (Signature-Based)
Signature-based system finds malware using a predefined list that is called
predefined database.
Malicious objects have characteristics that can be used to generate a unique
digital signature.
The database sources include huge number of the various signatures that
classify malicious objects.
Assembly and binary feature extractions are two main methods of this approach.
It is less effective for the quickly changing nature of portable malware or the
variations of known malware.
5

6. Malware Detection Approach (Signature-Based)
6 Figure: Signature-Based Approach to Detect Malware

7. Advantages & Weakness of Signature-Based
Detection
Advantages:
Easy to run
Fast Identification
Broadly accessible
Finding comprehensive malware information
Weakness:
Failing to detect the polymorphic malwares
Replicating information in the huge database
7

8. Malware Detection Approach (Behavior-Based)
It reviews the selected behavior to detect the malware.
It gives a superior comprehension of how malware in produced and
implemented.
Malicious behavior is known using a dynamic analysis that evaluates malicious
intent by the object’s code and structure.
API calls and assembly features are two main methods of this approach.
8

9. Malware Detection Approach (Behavior-Based)
9 Figure: Behavior-Based Approach to Detect Malware

10. Advantages & Weakness of Behavior-Based
Detection
Advantages:
Detecting unconceived types of malware attacks
Data-flow dependency detector
Detecting the polymorphic malwares
Weakness:
Storage complexity for behavioral patterns
Time complexity
10

11. Challenges to Detect Malware for the Digital World
Encryption and Decryption Detection
Meta-Heuristic Detection
Real-Time Malware Detection
Etc.
11

12. Suggestions about Malware Detection for Future
Malware detection in the new platform and architecture like Internet of Things
(IoT) applications, E-Banking, and Social Networks etc.
Improving the malware detection for predicting the polymorphism attacks.
Context-Aware detection can be the new idea for dynamic malware detection
approaches.
Providing a safe condition (security) for Big Data against the malware attack.
Etc.
12

13. Conclusion
Both are proposed for windows, and smartphones platform and Embedded
System.
Uses Static, Dynamic and Hybrid data analysis methods.
DBScan (Hybrid Pattern Based Text Mining Approach) is the best method on
respect of accuracy in signature-based approach by using ANN, Malicious
Sequential Pattern Based Malware Detection classification techniques.
CloudIntell (Feature Extraction in Cloud) is the best method on respect of
accuracy in behavior-based approach by using SVM, Decision Tree, Static
Boosting classification technique.
Meta heuristic algorithms can speed up and improve the execution time and
overall accuracy.
13

14. References
[1] Souri A, Hosseini R (2018) A state-of-the-art survey of malware detection
approaches using data mining techniques. Human-centric Computing and
Information Sciences 8:1-22.
[2] Fraley JB, Figueroa M(2016) Polymorphic malware detection using topological
feature extraction with data mining. SoutheastCon 2016, pp 1-7.
[3] Malhotra A, Bajaj K (2016) A hybrid pattern-based text mining approach for
malware detection using DBScan. Trans ICT 4:141–149.
[4] Boujnouni ME, Jedra M, Zahid N (2015) New malware detection framework
based on N-grams and support vector domain description. In: 2015 11th
international conference on information assurance and security (IAS), pp 123–128.
14

15. References
[5] Wang P, Wang Y-S (2015) Malware behavioral detection and vaccine
development by using a support vector model classifier. Journal of Computer and
System Sciences 81:1012–1026.
[6] Sun H, Wang X, Buyya R, Su J (2017) CloudEyes: cloud-based malware
detection with reversible sketch for resourceconstrained internet of things (IoT)
devices. Software—Practice & Experience 47:421–441.
[7] Tang Y, Xiao B, Lu X (2011) Signature tree generation for polymorphic worms.
IEEE Transactions on Computers 60:565–579.
[8] Palumbo P, Sayfullina L, Komashinskiy D, Eirola E, Karhunen J (2017) A
pragmatic android malware detection procedure. Computers and Security 70:689–
701.
15

16. Thank You