Detection and Defense of Network Virus using Data Mining Technology

Abstract

\n The spread of network viruses has posed a serious threat to the security of the network; therefore, it is necessary to detect and defend them effectively. This paper used Debug application programming interface (API) technology to obtain the features of API calls as viruses, filtered API calls according to information entropy, and finally used the support vector machine (SVM) model for virus detection. The experimental results showed that when the number of API was 1200, the algorithm had the best virus detection performance, with an average true positive rate (TPR) of 95.2%, a false positive rate (FPR) of 3.31%, and an overall accuracy of 95.42%; compared with the K-means algorithm and Naive Bayes algorithm, the SVM algorithm had the best performance. The results show that the proposed method is effective in virus detection and defense and can be further promoted and applied in practice.