A fast malware detection algorithm based on objective-oriented association mining

Objective-oriented association (OOA) mining has been successfully applied in malware detection. One problem of OOA mining is that the number of association rules is very large, and many of the rules are redundant and have little capacity to distinguish malware from benign files. This circumstance seriously affects the running speed of OOA for malware detection. In this paper, an API (Application Programming Interface)-based association mining method is proposed for detecting malware. To increase the detection speed of the OOA, different strategies are presented: to improve the rule quality, criteria for API selection are proposed to remove APIs that cannot become frequent items; to find association rules that have strong discrimination power, we define the rule utility to evaluate the association rules; and to improve the detection accuracy, a classification method based on multiple association rules is adopted. The experiments show that the proposed strategies can significantly improve the running speed of OOA. In our experiments the time cost for data mining is reduced by thirty-two percent, and the time cost for classification is reduced by fifty percent.