Although the use of data mining for security and malware detection is quickly on the rise, most books on the subject provide high-level theoretical discussions to the near exclusion of the practical aspects. Breaking the mold, Data Mining Tools for Malware Detection provides a step-by-step breakdown of how to develop data mining tools for malware detection. Integrating theory with practical techniques and experimental results, it focuses on malware detection applications for email worms, malicious code, remote exploits, and botnets. The authors describe the systems they have designed and developed: email worm detection using data mining, a scalable multi-level feature extraction technique to detect malicious executables, detecting remote exploits using data mining, and flow-based identification of botnet traffic by mining multiple log files. For each of these tools, they detail the system architecture, algorithms, performance results, and limitations. Discusses data mining for emerging applications, including adaptable malware detection, insider threat detection, firewall policy analysis, and real-time data mining Includes four appendices that provide a firm foundation in data management, secure systems, and the semantic web Describes the authors’ tools for stream data mining From algorithms to experimental results, this is one of the few books that will be equally valuable to those in industry, government, and academia. It will help technologists decide which tools to select for specific applications, managers will learn how to determine whether or not to proceed with a data mining project, and developers will find innovative alternative designs for a range of applications. Contents Preface Acknowledgments The Authors Copyright Permissions Chapter 1: Introduction Part I: Data Mining and Security Chapter 2: Data Mining Techniques Chapter 3: Malware Chapter 4: Data Mining for Security Applications Chapter 5: Design and Implementation of Data Mining Tools Conclusion to Part I Part II: Data Mining for Email Worm Detection Chapter 6: Email Worm Detection Chapter 7: Design of the Data Mining Tool Chapter 8: Evaluation and Results Conclusion to Part II Part III: Data Mining for Detecting Malicious Executables Chapter 9: Malicious Executables Chapter 10: Design of the Data Mining Tool Chapter 11: Evaluation and Results Conclusion to Part III Part IV: Data Mining for Detecting Remote Exploits Chapter 12: Detecting Remote Exploits Chapter 13: Design of the Data Mining Tool Chapter 14: Evaluation and Results Conclusion to Part IV Part V: Data Mining for Detecting Botnets Chapter 15: Detecting Botnets Chapter 16: Design of the Data Mining Tool Chapter 17: Evaluation and Results Conclusion to Part V Part VI: Stream Mining for Security Applications Chapter 18: Stream Mining Chapter 19: Design of the Data Mining Tool Chapter 20: Evaluation and Results Conclusion for Part VI Part VII: Emerging Applications Chapter 21: Data Mining for Active Defense Chapter 22: Data Mining for Insider Threat Detection Chapter 23: Dependable Real-Time Data Mining Chapter 24: Firewall Policy Analysis Conclusion to Part VII Chapter 25: Summary and Directions Appendix A: Data Management Systems : Developments and Trends Appendix B: Trustworthy Systems Appendix C: Secure Data, Information, and Knowledge Management Appendix D: Semantic Web Back Cover