Spyware Detection by Extracting and Selecting Features in Executable Files | ||||
The International Conference on Electrical Engineering | ||||
Article 21, Volume 10, 10th International Conference on Electrical Engineering ICEENG 2016, April 2016, Page 1-20 PDF (1.21 MB) | ||||
Document Type: Original Article | ||||
DOI: 10.21608/iceeng.2016.30301 | ||||
View on SCiNiTO | ||||
Authors | ||||
Mohamed Adel Sheta1; Mohamed Zaki2; Kamel Abd El Salam El Hadad3; H. Aboelseoud M3 | ||||
1Ph.D. Student, Department of Computer Engineering, Military Technical College, Egypt. | ||||
2Prof. of Computer and System Engineering, Al-Azhar University, Egypt. | ||||
3Dr., Department of Computer Engineering, Military Technical College, Egypt. | ||||
Abstract | ||||
Spyware detection techniques have been presented using three approaches; signature-based, behavior-based, and specification-based. These approaches failed in detecting new spyware. Data mining is a new approach in detecting spyware that has the ability to detect new spyware or mutated effects of existing spyware. The main challenges in designing anti-spyware systems using data mining techniques are in extracting and selecting the most strong and significant features from spyware data set. In this paper a new approach of extracting and selecting features is proposed. In this approach, the unique features are extracted from all executable files in each class type. Then the selection of the strongest features is done based on the occurrence or the frequency of the features in the data set. The experimental results of the proposed approach outperform all the previous competing approaches. | ||||
Keywords | ||||
Spyware; Data mining; Feature Extraction; and feature selection | ||||
Statistics Article View: 216 PDF Download: 293 |
||||