Embedded malware has become a novel computer security threat due to its high concealment and poor detectability. However, the existing statistical analysis methods are ineffective because they do not fully consider the small number of malicious bytes and the high information gain of embedded malware. In order to solve this problem, a new detection method of embedded malware is proposed based on C4.5 decision tree, which implements the detection by establishing a decision tree with 500 high-information-gain 3-grams extracted from training samples as the attribute. Experimental results show that the proposed method is superior to the existing methods in terms of detection rate and classification accuracy, and that it may achieve a detection rate of 99.80% for infected Word.

• 出版日期2011-5
• 单位华南理工大学