PARM: A NOVEL POSITIVE ASSOCIATION RULE MINING ALGORITHM FOR DISCOVERING MALEVOLENT APPLICATIONS IN WINDOWS OPERATING SYSTEMS

摘要

The most important vulnerability to the current World Wide Web is the malevolent applications. Generally, these applications are used for interrupting the normal functioning of a system and accessing unprivileged and confidential data and other wicked activities. Malevolent applications were primitively designed to spread from one host to another, but in recent past their behavior has converted to complex, highly developed, sophisticated nature to pinch personal and confidential data. Also, some of these applications can be more dangerous by infecting organizations and steal identities. An application can be efficiently categorized as malevolent or normal application by observing the characteristics of the application while it is executing in the host. The majority of the present methods for discovering malevolent applications make use of the information present in the system calls. The projected work discovers malevolent application by using the order in which the system calls are being made by the application. A 5th order Markov chain is chosen for representing the transition of system calls. This attribute set is used for differentiating malevolent and normal applications. Positive Association Rule Mining (PARM) uses the attributes that are available in the dataset and also results in higher detection rate and detection time than traditional data mining methods like Decision Tree (DT), Support Vector Machine (SVM) and Naive Bayes (NB). Not all but only the core system calls are monitored to sustain high detection rate and detection time. The efficiency of PARM is increased by avoiding redundant rules. The performance of PARM is evaluated by measuring the detection rate and detection time and comparing them with those of some of the present data mining based systems for discovering malevolent applications. PARM has been implemented and observed that it performs better than the existing techniques for discovering malevolent applications.