Term-weighting approaches in automatic text retrieval
Information Processing and Management: an International Journal
A training algorithm for optimal margin classifiers
COLT '92 Proceedings of the fifth annual workshop on Computational learning theory
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
The nature of statistical learning theory
The nature of statistical learning theory
Making large-scale support vector machine learning practical
Advances in kernel methods
Multicategory Classification by Support Vector Machines
Computational Optimization and Applications - Special issue on computational optimization—a tribute to Olvi Mangasarian, part I
Interior-Point Methods for Massive Support Vector Machines
SIAM Journal on Optimization
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
IEEE Security and Privacy
Reducing multiclass to binary: a unifying approach for margin classifiers
The Journal of Machine Learning Research
SVMTorch: support vector machines for large-scale regression problems
The Journal of Machine Learning Research
An extensive empirical study of feature selection metrics for text classification
The Journal of Machine Learning Research
Proceedings of the 2003 ACM workshop on Rapid malcode
Malware: Fighting Malicious Code
Malware: Fighting Malicious Code
A Modified Finite Newton Method for Fast Solution of Large Scale Linear SVMs
The Journal of Machine Learning Research
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Solving multiclass learning problems via error-correcting output codes
Journal of Artificial Intelligence Research
Stochastic gradient boosted distributed decision trees
Proceedings of the 18th ACM conference on Information and knowledge management
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Parallel boosted regression trees for web search ranking
Proceedings of the 20th international conference on World wide web
| Hi-index | 0.00 |
Malware encyclopedias now play a vital role in disseminating information about security threats. Coupled with categorization and generalization capabilities, such encyclopedias might help better defend against both isolated and clustered specimens.In this paper, we present Malware Evaluator, a classification framework that treats malware categorization as a supervised learning task, builds learning models with both support vector machines and decision trees and finally, visualizes classifications with self-organizing maps. Malware Evaluator refrains from using readily available taxonomic features to produce species classifications. Instead, we generate attributes of malware strains via a tokenization process and select the attributes used according to their projected information gain. We also deploy word stemming and stopword removal techniques to reduce dimensions of the feature space. In contrast to existing approaches, Malware Evaluator defines its taxonomic features based on the behavior of species throughout their life-cycle, allowing it to discover properties that previously might have gone unobserved. The learning and generalization capabilities of the framework also help detect and categorize zero-day attacks. Our prototype helps establish that malicious strains improve their penetration rate through multiple propagation channels as well as compact code footprints; moreover, they attempt to evade detection by resorting to code polymorphism and information encryption. Malware Evaluator also reveals that breeds in the categories of Trojan, Infector, Backdoor, and Worm significantly contribute to the malware population and impose critical risks on the Internet ecosystem.