Kevin T. Damp

Date of Award

4-2000

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Gregg H. Gunsch, PhD

Abstract

Computer viruses remain a tangible threat to systems both within the Department of Defense and throughout the greater international data communications infrastructure on which the DoD increasingly depends. This threat is exacerbated continually, as new viruses are introduced at an alarming rate by the growing collection of connected machines and their operators. Unfortunately, current antivirus solutions are ill-equipped to address these issues in the long term. This thesis documents an investigation into the use of constructive induction, a form of machine learning, as a supplemental antivirus technique theoretically capable of detecting previously unknown viruses through generalized decision-making techniques. A group of examples derived from common software applications, utilities, and viruses was tested in order to evaluate the benefits of adding constructive induction to the process of selecting suitable virus signatures. A prototype virus detection system subcomponent, DRIVER, was developed to conduct the experiments. Due to the feature-rich content of nontrivial example files and DRIVER's ability to assemble decision trees, results showed marginal benefits--compounded with significantly increased computational resource requirements--in the use of constructive induction. Future research, emphasizing a combination of optimization techniques and test cases increasingly approximating "real world" detection scenarios, should eventually establish whether constructive induction represents a genuinely useful and practical alternative to today's antivirus measures.

AFIT Designator

AFIT-GCS-ENG-00J-01

DTIC Accession Number

ADA380616

Download

Share

COinS