Malware Detection by Data Mining Techniques Based on Positionally Dependent Features

The challenges being thrown to modern world by the need to counteract against malicious software (malware) are going on to increase own importance. This fact stays actual, in spite of obvious great results in improving the efficacy of procedures of malware propagation detection, analysis and updating the bases of signatures and detection rules. The important aspect of this problem is looking for more reliable heuristic detection methods. These methods focus on recognition of new (unknown before) malicious programs which can not be detected by using traditional signature- and rule-based detection techniques, oriented on search for concrete malware samples and families. Virtually, just these heuristic methods provide counteraction against targeted and zero-day attacks, since the rate of detecting such relatively new types of threats by traditional techniques is not enough. The presented paper is devoted to using Data Mining methods for constructing heuristic malware detectors. The approach described below differs from others by focusing on processing static positionally dependent features which consider the specificities of object's file format of potential malware containers. The paper describes the realization and investigation of the common methodology for design of Data Mining-based malware detectors' using positionally dependent static information.