Unknown Malicious Codes Detection Based on LZW Compression Algorithm

To overcome the shortcoming of traditional methods in feature extraction,unknown malicious codes detection based on the Lempel-Ziv-Welch(LZW) compression algorithm was proposed.The strings were extracted from file character flow.The length of strings was not over a thredhold.Then,compression dictionaries of normal code and malicious code were built by extracted strings.To detect unknown malicious codes,the normal code dictionary and malicious code dictionary were used to compress a tested file and two different compression ratios were obtained.According to the minimum description length(MDL) theory,the authors compared the two compression ratios and classified the tested file into the class in which got better compression ratio.Experimental results show that the method of unknown malicious code detection based on LZW compression algorithm has a good effect.