| Malware detectionis is an important component of computer security. In recent years, the speed of the outbreak and spread of the virus is worrying. The use of a large number of polymorphic and deformation techniques make it possible to evade the detection. Traditional malicious code detection technology is now facing a severe challenge. As one of the most heated issue of data mining, association rules classification has good classification accuracy and its classification rules easier to understand and reuse. It can be used by extract the characteristics of the virus files and normal files to identify the association rules, and proceed to realize the detection of the unknown viruses.The traditional virus detection method based on association classification which repeat learning the history rules easily lead to huge consumption of time and space, and one-time mining large data sets may caused the issue of combinatorial explosion. At present, there are less associated research about incremental learning of classification rules. Therefore it urgently needs a new incremental learning method for virus detection and classification.In this thesis we introduce a new incremental learning algorithm which can effectively solve the incremental learning problems of data with class attribute and improve the efficiency in the re-learning procedure. An malware detection system IAVDM (An Virus Detection System Based on Incremental Learning of Associative classification rules) was designed according to the new method. Results show that the method can quickly and effectively maintain and update the classification rules, which avoid re-learning the history samples and ensure the predictability of the classification model. |
PDF Full Text Request