NOA: An Information Retrieval Based Malware Detection System

Year, pages: 2013, 145 - 174

Malware refers to any type of code written with the intention of harming a computer or network. The quantity of malware being produced is increasing every year and poses a serious global security threat. Hence, malware detection is a critical topic in computer security. Signature-based detection is the most widespread method used in commercial antivirus solutions. However, signature-based detection can detect malware only once the malicious executable has caused damage and has been conveniently registered and documented. Therefore, the signature-based method fails to detect obfuscated malware variants. In this paper, a new malware detection system is proposed based on information retrieval. For the representation of executables, the frequency of the appearance of opcode sequences is used. Through this architecture a malware detection system prototype is developed and evaluated in terms of performance, malware variant recall (false negative ratio) and false positives.

Santos, I., Ugarte-Pedrero, X., Brezo, F., Bringas, P., Gómez-Hidalgo, J. 2013. NOA: An Information Retrieval Based Malware Detection System. In Computing and Informatics, vol. 32, no.1, pp. 145-174. 1335-9150.

Santos, I., Ugarte-Pedrero, X., Brezo, F., Bringas, P., Gómez-Hidalgo, J. (2013). NOA: An Information Retrieval Based Malware Detection System. Computing and Informatics, 32(1), 145-174. 1335-9150.