Automatic Classification of Executable Code for Computer Virus Detection

摘要

Automatic knowledge discovery methodologies has proved to be a very strong tool which is currently widely used for the analysis of large datasets, being produced by organizations worldwide. However, this analysis is mostly done for relatively simple and structured data, such as transactional or financial records. The real frontier for current KDD research seems to be analysis of unstructured data, such as freeform text, web pages, images etc. In this paper we present results of applying KDD methodology to such unstructured data - namely computer machine code. We show that it is possible to construct automatic classification system, that would be able to distinguish "good" computer code from malicious code - in our case code of computer viruses - and which therefore could act as an intelligent virus scanner. In our approach we use methods originating from text mining field, treating CPU instructions as a kind of natural language.