A Feature Selection and Evaluation Scheme for Computer Virus Detection

AbstractObjective:A computer virus outbreak was recognized, verified, defined, investigated, and controlled using an infection control approach. The pathogenesis and epidemiology of computer virus infection are reviewed.Design:Case-control study.Setting:Pharmacy of a tertiary care teaching institution.Results:On October 28, 1991, 2 personal computers in the drug information center manifested symptoms consistent with the “Jerusalem” virus infection. The same day, a departmental personal computer began playing ‘Yankee Doodle,” a sign of “Doodle” virus infection. An investigation of all departmental personal computers identified the “Stoned” virus in an additional personal computer. Controls were functioning virus-free personal computers within the department. Cases were associated with users who brought diskettes from outside the department (5/5 cases versus 5/13 controls, p = .04) and with College of Pharmacy student users (3/5 cases versus 0/13 controls, p = .012). The detection of a virus-infected diskette or personal computer was associated with the number of 5 1/4-inch diskettes in the files of personal computers, a surrogate for rate of media exchange (mean= 17.4 versus 152.5, p = .018, Wilcoxon rank sum test). After education of departmental personal computer users regarding appropriate computer hygiene and installation of virus protection software, no further spread of personal computer viruses occurred, although 2 additional Stoned-infected and 1 Jerusalem-infected diskettes were detected.Conclusions:We recommend that virus detection software be installed on personal computers where the interchange of diskettes among computers is necessary, that write-protect tabs be placed on all program master diskettes and data diskettes where data are being read and not written, that in the event of a computer virus outbreak, all available diskettes be quarantined and scanned by virus detection software, and to facilitate quarantine and scanning in an outbreak, that diskettes be stored in organized files.

Download Full-text

Obfuscated computer virus detection using machine learning algorithm

Bulletin of Electrical Engineering and Informatics ◽

10.11591/eei.v8i4.1584 ◽

2019 ◽

Vol 8 (4) ◽

Author(s):

Tan Hui Xin ◽

Ismahani Ismail ◽

Ban Mohammed Khammas

Keyword(s):

Machine Learning ◽

Learning Algorithm ◽

Virus Detection ◽

Computer Virus ◽

Machine Learning Technique ◽

Memory Space ◽

Alternative Approach ◽

Machine Learning Approach ◽

Learning Technique ◽

String Feature

Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.

Download Full-text