Research Article
Using a Subtractive Center Behavioral Model to Detect Malware
Algorithm 2
Feature creation algorithm I.
(1) | d2 ⟵ file2, d3 ⟵ file3, n ⟵ u(d2) | (2) | for i ⟵ 1 to n | (3) | if (μ = = ‘self ’) | (4) | if ( P.name = = d2.fileName) | (5) | pRS ⟵ 0 | (6) | elif (P.name! = d2.fileName && d2.fileName = = rD) | (7) | pRS ⟵ 3 | (8) | else | (9) | pRS ⟵ 2 | (10) | end if | (11) | elif (μ = = ‘ts’) | (12) | if (d2[i][fP] = = tY) | (13) | pRS ⟵ 2 | (14) | # Registry Autostart Location | (15) | elif (d2[i][fP] = = aS) | (16) | pRS ⟵ 3 | (17) | else | (18) | pRS ⟵ 0 | (19) | end if | (20) | elif (μ = = ‘ss’) | (21) | if (P.name = = d2.fileName) | (22) | pRS ⟵ 0 | (23) | elif ( d2.fileName = = ‘.exe’) | (24) | pRS = 3 | (25) | elif (d2[i][sfP] = = sRY) | (26) | pRS ⟵ 3 | (27) | elif (d2[i][sfP] = = rD) | (28) | pRS ⟵ 3 | (29) | else | (30) | pRS ⟵ 0 | (31) | end if | (32) | end if | (33) | end for |
|