Improving malware detection by applying multi-inducer ensemble

Authors:
Eitan Menahem;Asaf Shabtai;Lior Rokach;Yuval Elovici
Affiliations:
Duetsche Telekom Laboratories, Ben-Gurion University of the Negev, Be'er Sheva, 84105, Israel;Duetsche Telekom Laboratories, Ben-Gurion University of the Negev, Be'er Sheva, 84105, Israel;Duetsche Telekom Laboratories, Ben-Gurion University of the Negev, Be'er Sheva, 84105, Israel;Duetsche Telekom Laboratories, Ben-Gurion University of the Negev, Be'er Sheva, 84105, Israel
Venue:
Computational Statistics & Data Analysis
Year:
2009

Citing 18
Cited 14

Instance-Based Learning Algorithms

Machine Learning
Original Contribution: Stacked generalization

Neural Networks
Very Simple Classification Rules Perform Well on Most Commonly Used Datasets

Machine Learning
On Combining Classifiers

IEEE Transactions on Pattern Analysis and Machine Intelligence
Data mining: practical machine learning tools and techniques with Java implementations

Data mining: practical machine learning tools and techniques with Java implementations
Rule Induction with CN2: Some Recent Improvements

EWSL '91 Proceedings of the European Working Session on Machine Learning
Classification by Voting Feature Intervals

ECML '97 Proceedings of the 9th European Conference on Machine Learning
Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A machine learning approach to detecting attacks by identifying anomalies in network traffic

A machine learning approach to detecting attacks by identifying anomalies in network traffic
Recent worms: a survey and trends

Proceedings of the 2003 ACM workshop on Rapid malcode
Is Combining Classifiers with Stacking Better than Selecting the Best One?

Machine Learning
N-Gram-Based Detection of New Malicious Code

COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02
Intrusion detection using an ensemble of intelligent paradigms

Journal of Network and Computer Applications - Special issue on computational intelligence on the internet
Comparison of feature selection and classification algorithms in identifying malicious executables

Computational Statistics & Data Analysis
Statistical Comparisons of Classifiers over Multiple Data Sets

The Journal of Machine Learning Research
Learning to Detect and Classify Malicious Executables in the Wild

The Journal of Machine Learning Research
Detection of unknown computer worms based on behavioral classification of the host

Computational Statistics & Data Analysis
Estimating continuous distributions in Bayesian classifiers

UAI'95 Proceedings of the Eleventh conference on Uncertainty in artificial intelligence

Collective-agreement-based pruning of ensembles

Computational Statistics & Data Analysis
Taxonomy for characterizing ensemble methods in classification tasks: A review and annotated bibliography

Computational Statistics & Data Analysis
Troika - An improved stacking schema for classification tasks

Information Sciences: an International Journal
The use of artificial intelligence based techniques for intrusion detection: a review

Artificial Intelligence Review
"Andromaly": a behavioral malware detection framework for android devices

Journal of Intelligent Information Systems
Mal-ID: automatic malware detection using common segment analysis and meta-features

The Journal of Machine Learning Research
Improving malware classification: bridging the static/dynamic gap

Proceedings of the 5th ACM workshop on Security and artificial intelligence
Using low-level dynamic attributes for malware detection based on data mining methods

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
A comparative study of malware family classification

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS

Information Sciences: an International Journal
Editorial: Guest editorial: Special issue on data mining for information security

Information Sciences: an International Journal
Review: Classification of malware based on integrated static and dynamic features

Journal of Network and Computer Applications
Detecting machine-morphed malware variants via engine attribution

Journal in Computer Virology
Malware detection by pruning of parallel ensembles using harmony search

Pattern Recognition Letters

Quantified Score

Hi-index	0.03

Visualization

Abstract

Detection of malicious software (malware) using machine learning methods has been explored extensively to enable fast detection of new released malware. The performance of these classifiers depends on the induction algorithms being used. In order to benefit from multiple different classifiers, and exploit their strengths we suggest using an ensemble method that will combine the results of the individual classifiers into one final result to achieve overall higher detection accuracy. In this paper we evaluate several combining methods using five different base inducers (C4.5 Decision Tree, Naive Bayes, KNN, VFI and OneR) on five malware datasets. The main goal is to find the best combining method for the task of detecting malicious files in terms of accuracy, AUC and Execution time.