ROMA-Miner: A Data Mining Framework for Malware Detection Using Byte-Level File Content

Free registration required

Executive Summary

Commercial-off-the-shelf antivirus software are unable to successfully protect against increasingly sophisticated malware specially on the day of launch known as "Zero Day" malware detection. In this paper, the authors present a novel malware detection scheme, ROMA-Miner, which is based on the analysis of byte-level file content. The novelty of the approach compared with existing content based mining schemes is that it does not learn any special byte-sequences or strings appearing in the actual file content. Consequently, the technique can be termed as non-signature based. The authors compute a wide range of statistical features in a block-wise manner to quantify the file content. They leverage standard data mining algorithms to classify the file content of every block as normal or potentially malicious.

  • Format: PDF
  • Size: 508.5 KB