JOURNAL OF COMPUTERS (JCP)
ISSN : 1796-203X
Volume : 4    Issue : 5    Date : May 2009

Efficient Virus Detection Using Dynamic Instruction Sequences
Jianyong Dai, Ratan Guha, and Joohan Lee
Page(s): 405-414
Full Text:
PDF (541 KB)


Abstract
In this paper, we present a novel approach to detect unknown virus using dynamic instruction
sequences mining techniques. We collect runtime instruction sequences from unknown
executables and organize instruction sequences into basic blocks. We extract instruction sequence
patterns based on three types of instruction associations within derived basic blocks. Following a
data mining process, we perform feature extraction, feature selection and then build a classification
model to learn instruction association patterns from both benign and malicious dataset
automatically. By applying this classification model, we can predict the nature of an unknown
program. We also build a program monitor which is able to capture runtime instruction sequences
of an arbitrary program. The monitor utilizes the derived classification model to make an intelligent
guess based on the information extracted from instruction sequences to decide whether the tested
program is benign or malicious. Our result shows that our approach is accurate, reliable and
efficient.

Index Terms
Data Mining, Malicious Software, Feature Selection, Instruction Sequence, Virus Detection