Malicious code detection and acquisition using active learning Conference Paper uri icon


  • Detection of known malicious code is commonly performed by anti-virus tools. These tools detect the known malicious code using signature detection methods. Each time a new malicious code is found the anti-virus vendors create a new signature and update their clients. During the period between the appearance of a new unknown malicious code and the update of the signature base of the anti-virus clients, millions of computers might be infected. In order to cope with this problem, new solutions must be found for detecting unknown malicious code at the entrance of a client's computer. We presented here the use of active learning in the acquisition of unknown malicious code. Preliminary Results are encouraging. We are currently in the process of creating a wide test collection of more than 30,000 benign and malicious files to evaluate several active learning criterions.

publication date

  • January 1, 2007