On the Comparison of Malware Detection Methods Using Data Mining with Two Feature Sets

In this work, we compare the research methodology and performance of malware detection using data mining. Feature selection is an important problem in data mining. For the malware application, it is interesting to see which features that can be used to characterize the malware. Particularly, we are interested to compare two approaches that use features based on statistical values and the instructions. We adapt the experiment methodology using statistical features in [1] using 1,2,3 grams and varying block sizes as well as the methodology using the abstract assembly in [2] using 1,2,3 grams of consecutive instructions. We apply to our selected test set which is the data set from [3]. The decision tree J48 is used to model to detect three classes: Allapple, Podnuha, Virut. From the comparison experiments, it is found that the approach that considers the instruction set feature performs better. The test with the application set can give up to 100% correctness using the instruction features.