Spyware Detection by Extracting and Selecting Features in Executable Files

Sheta, Mohamed Adel; Zaki, Mohamed; El Hadad, Kamel Abd El Salam; M, H. Aboelseoud

doi:10.21608/iceeng.2016.30301

Spyware Detection by Extracting and Selecting Features in Executable Files

Document Type : Original Article

Authors

¹ Ph.D. Student, Department of Computer Engineering, Military Technical College, Egypt.

² Prof. of Computer and System Engineering, Al-Azhar University, Egypt.

³ Dr., Department of Computer Engineering, Military Technical College, Egypt.

10.21608/iceeng.2016.30301

Abstract

Spyware detection techniques have been presented using three approaches; signature-based, behavior-based, and specification-based. These approaches failed in detecting new spyware. Data mining is a new approach in detecting spyware that has the ability to detect new spyware or mutated effects of existing spyware. The main challenges in designing anti-spyware systems using data mining techniques are in extracting and selecting the most strong and significant features from spyware data set. In this paper a new approach of extracting and selecting features is proposed. In this approach, the unique features are extracted from all executable files in each class type. Then the selection of the strongest features is done based on the occurrence or the frequency of the features in the data set. The experimental results of the proposed approach outperform all the previous competing approaches.

Keywords