New malware detection framework based on N-grams and Support Vector Domain Description

Malware is a sequence of instructions that has the potential to harm any computer system or computer network. Thus detecting malware especially new ones is a critical topic in today's software security profession. Traditional signature based detection performs well against known malicious programs but can't deal with new ones where signatures are not available. Furthermore, this approach is generally regarded as ineffective against attacks like code polymorphism and metamorphism used by malware writers to obfuscate their code. To overcome this problem new techniques have been developed using data mining and machine learning. In this paper we present a new framework to detect new malicious programs, it's based on N-grams and an improved version of Support Vector Domain Description. We preprocessed and classified several hundred of computer viruses and clean programs to confirm the feasibility and the effectiveness of the proposed method.