Fusion, propagation, and structuring in belief networks
Artificial Intelligence
C4.5: programs for machine learning
C4.5: programs for machine learning
On the Optimality of the Simple Bayesian Classifier under Zero-One Loss
Machine Learning - Special issue on learning with probabilistic representations
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Recent worms: a survey and trends
Proceedings of the 2003 ACM workshop on Rapid malcode
Proceedings of the 2003 ACM workshop on Rapid malcode
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
Network Intrusion Detection Using an Improved Competitive Learning Neural Network
CNSR '04 Proceedings of the Second Annual Conference on Communication Networks and Services Research
N-Gram-Based Detection of New Malicious Code
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Comparison of feature selection and classification algorithms in identifying malicious executables
Computational Statistics & Data Analysis
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
Improving malware detection by applying multi-inducer ensemble
Computational Statistics & Data Analysis
Collective-agreement-based pruning of ensembles
Computational Statistics & Data Analysis
Computational Statistics & Data Analysis
Inoculation against malware infection using kernel-level software sensors
Proceedings of the 8th ACM international conference on Autonomic computing
KES-AMSTA'11 Proceedings of the 5th KES international conference on Agent and multi-agent systems: technologies and applications
A layered detection method for malware identification
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
ISNN'10 Proceedings of the 7th international conference on Advances in Neural Networks - Volume Part II
A layered classification for malicious function identification and malware detection
Concurrency and Computation: Practice & Experience
Improved multilevel security with latent semantic indexing
Expert Systems with Applications: An International Journal
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
Editorial: Guest editorial: Special issue on data mining for information security
Information Sciences: an International Journal
Hi-index | 0.03 |
Machine learning techniques are widely used in many fields. One of the applications of machine learning in the field of information security is classification of a computer behavior into malicious and benign. Antiviruses consisting of signature-based methods are helpless against new (unknown) computer worms. This paper focuses on the feasibility of accurately detecting unknown worm activity in individual computers while minimizing the required set of features collected from the monitored computer. A comprehensive experiment for testing the feasibility of detecting unknown computer worms, employing several computer configurations, background applications, and user activity, was performed. During the experiments 323 computer features were monitored by an agent that was developed. Four feature selection methods were used to reduce the number of features and four learning algorithms were applied on the resulting feature subsets. The evaluation results suggest that by using classification algorithms applied on only 20 features the mean detection accuracy exceeded 90%, and for specific unknown worms accuracy reached above 99%, while maintaining a low level of false positive rate.