Abstract:
The paper touches on the problem of improving vital characteristics of Data Mining - based systems responsible for detecting and identifying malicious executable binaries (malware). The common structure of learning and operating procedures for such systems is defined. The main non-functional requirements to the systems are specified on this structure's basis. The research's task is formulated as a look for a new, efficient representatin models for executable binaries. The models are to give compact, informative description vectors for such file objects. The essence of suggested approaches is expounded: the first one is focused on malware detection and based on positionally-dependent static data; the second uses dynamic low-level execution data for malware identification. The architecture of the developed system is represented as well as validation results for the developed representation models.
Keywords:malicious software, executable binaries analysis, data mining.