Unknown virus filtering through learning algorithm
Bayesian Virus Filter
Our laboratory focuses on the study of Bayes learning algorithms. We devise these algorithms using a Bayesian Virus Filter (BV Filter) to detect unknown viruses.
Such Bayesian learning algorithms have recently been much applied to the detection of Spam mail. However, the application of such a filter to the detection of viruses is a new approach. It is possible that the slight modification of Bayesian spam-detecting filters can detect a great many unknown viruses.
Relationship between unique string identification length (N)/minimum
length of learning data strings and chain of ability to repetitively detect.
Relationship between unique string identification length (N)/minimum
length of learning data strings and failure to detect.
A BVFilter is a filter that can detect previously unknown viruses that will appear in the future. The Bayes learning algorithm works by learning the characteristics of previously identified virus types. The following factors need to be taken into account in the application of such a filter:
- What learning algorithm to choose
- What parameters to use
- What virus learning data to use
We are using the Graham Bayes learning algorithm and for learning data are using ASCII code strings extracted from viruses above a fixed length. Compared to conventional virus-detecting software we are able to detect and erase a maximum of about 82% more unknown viruses.
The final aim of the BV filter is to detect future unknown viruses with the same characteristics and thus to supplement the effectiveness of existing virus-detection software. The weakest point of anti-virus software is the inability to detect unknown viruses in the period between signature definitions. The use of a BVFilter together with the filter of existing known viruses can reduce the number of unknown viruses getting through and minimize damage.
