Integrated Usage of Data Mining Methods for Malware Detection

The problem of counteracting malicious software (malware) remains a real one in all computer systems, including Geographical Information Systems (GIS), despite the obvious successes of antivirus vendors in technologies aimed at early recognition of malware propagation, code analysis, and malware rapid updating of databases The basic issue of that problem is the quality of heuristic detection methods. The goal of these methods is to provide recognition of unknown malware samples, therefore heuristic detection is the last defense line of any critical object in IT infrastructure. The paper is devoted to the application of data mining methods to heuristic detector development The offered approach differs from existing ones by cyclic interactive covert processing of behavioral information, and integrated use of different methods of data mining for various classes of malware. The paper discusses research into how a family of different data mining methods based on Bayes approach, decision trees and neural networks were implemented and investigated. The paper proposes a general integrated approach to realization of malware detection methods.