Unknown Malicious Codes Detection Based on Rough Set Theory and Support Vector Machine

For detecting malicious codes, a classification method of support vector machine (SVM) based on rough set theory (RST) is proposed. The original sample data is preprocessed with the knowledge reduction algorithm of RST, and the redundant features and conflicting samples are eliminated from the working sample dataset to reduce space dimension of sample data. Then the preprocessed sample data is used as training sample data of SVM. By utilizing SVM, the generalizing ability of detection system is still good even the sample dataset size is small. Experiment results show that the proposed detection system needs few priori knowledge and can improve the training speed and precision of classification.