e-ISSN : 0975-4024 p-ISSN : 2319-8613   
CODEN : IJETIY    

International Journal of Engineering and Technology

Home
IJET Topics
Call for Papers 2021
Author Guidelines
Special Issue
Current Issue
Articles in Press
Archives
Editorial Board
Reviewer List
Publication Ethics and Malpractice statement
Authors Publication Ethics
Policy of screening for plagiarism
Open Access Statement
Terms and Conditions
Contact Us

ABSTRACT

ISSN: 0975-4024

Title : PARM: A NOVEL POSITIVE ASSOCIATION RULE MINING ALGORITHM FOR DISCOVERING MALEVOLENT APPLICATIONS IN WINDOWS OPERATING SYSTEMS
Authors : Chandrasekar R, N. Deepa
Keywords : Positive Association Rule Mining, Security, Markov Model, Frequent Itemset
Issue Date : Jun-Jul 2013
Abstract :
The most important vulnerability to the current World Wide Web is the malevolent applications. Generally, these applications are used for interrupting the normal functioning of a system and accessing unprivileged and confidential data and other wicked activities. Malevolent applications were primitively designed to spread from one host to another, but in recent past their behavior has converted to complex, highly developed, sophisticated nature to pinch personal and confidential data. Also, some of these applications can be more dangerous by infecting organizations and steal identities. An application can be efficiently categorized as malevolent or normal application by observing the characteristics of the application while it is executing in the host. The majority of the present methods for discovering malevolent applications make use of the information present in the system calls. The projected work discovers malevolent application by using the order in which the system calls are being made by the application. A 5th order Markov chain is chosen for representing the transition of system calls. This attribute set is used for differentiating malevolent and normal applications. Positive Association Rule Mining (PARM) uses the attributes that are available in the dataset and also results in higher detection rate and detection time than traditional data mining methods like Decision Tree (DT), Support Vector Machine (SVM) and Naive Bayes (NB). Not all but only the core system calls are monitored to sustain high detection rate and detection time. The efficiency of PARM is increased by avoiding redundant rules. The performance of PARM is evaluated by measuring the detection rate and detection time and comparing them with those of some of the present data mining based systems for discovering malevolent applications. PARM has been implemented and observed that it performs better than the existing techniques for discovering malevolent applications.
Page(s) : 2461-2465
ISSN : 0975-4024
Source : Vol. 5, No.3