Research Article
Using a Subtractive Center Behavioral Model to Detect Malware
Algorithm 2
Feature creation algorithm I.
| (1) | d2 ⟵ file2, d3 ⟵ file3, n ⟵ u(d2) | | (2) | for i ⟵ 1 to n | | (3) | if (μ = = ‘self ’) | | (4) | if ( P.name = = d2.fileName) | | (5) | pRS ⟵ 0 | | (6) | elif (P.name! = d2.fileName && d2.fileName = = rD) | | (7) | pRS ⟵ 3 | | (8) | else | | (9) | pRS ⟵ 2 | | (10) | end if | | (11) | elif (μ = = ‘ts’) | | (12) | if (d2[i][fP] = = tY) | | (13) | pRS ⟵ 2 | | (14) | # Registry Autostart Location | | (15) | elif (d2[i][fP] = = aS) | | (16) | pRS ⟵ 3 | | (17) | else | | (18) | pRS ⟵ 0 | | (19) | end if | | (20) | elif (μ = = ‘ss’) | | (21) | if (P.name = = d2.fileName) | | (22) | pRS ⟵ 0 | | (23) | elif ( d2.fileName = = ‘.exe’) | | (24) | pRS = 3 | | (25) | elif (d2[i][sfP] = = sRY) | | (26) | pRS ⟵ 3 | | (27) | elif (d2[i][sfP] = = rD) | | (28) | pRS ⟵ 3 | | (29) | else | | (30) | pRS ⟵ 0 | | (31) | end if | | (32) | end if | | (33) | end for |
|
