PAPER DIGEST
Most Influential KDD 2004 Paper · 2026-03 edition

Learning To Detect Malicious Executables In The Wild

Jeremy Z. Kolter; Marcus A. Maloof

Venue
ACM SIGKDD Conference (KDD) 2004
Recognition
Most Influential KDD 2004 Paper (Rank No. 8)
Edition
2026-03
Impact factor
8
Certificate ID
da93c2c6508f2867

Abstract

In this paper, we describe the development of a fielded application for detecting malicious executables in the wild. We gathered 1971 benign and 1651 malicious executables and encoded each as a training example using n-grams of byte codes as features. Such processing resulted in more than 255 million distinct n-grams. After selecting the most relevant n-grams for prediction, we evaluated a variety of inductive methods, including naive Bayes, decision trees, support vector machines, and boosting. Ultimately, boosted decision trees outperformed other methods with an area under the roc curve of 0.996. Results also suggest that our methodology will scale to larger collections of executables. To the best of our knowledge, ours is the only fielded application for this task developed using techniques from machine learning and data mining.

Download PDF certificate