Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Comparison of feature selection and classification algorithms in identifying malicious executables
Computational Statistics & Data Analysis
Detection of unknown computer worms based on behavioral classification of the host
Computational Statistics & Data Analysis
Malware detection using adaptive data compression
Proceedings of the 1st ACM workshop on Workshop on AISec
Spam filtering for network traffic security on a multi-core environment
Concurrency and Computation: Practice & Experience - Multi-core Supported Network and System Security
ACM Transactions on Information and System Security (TISSEC)
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
Concurrency and Computation: Practice & Experience
Hi-index | 0.00 |
Millions of new malicious programs are produced by the mature industry of malware production. These programs have tremendous challenges on the signature-based antivirus products. Machine learning techniques are applicable for detecting unknown malicious programs without knowing their signatures. In this paper, a layered classification method is developed to detect malwares with a two-layer framework. The low-level-classifier is employed to identify whether the programs perform any malicious functions according to the API-calls of the programs; the up-level-classifier is applied to detect malwares according to the function identification. A hybrid structure called Type-Function, constituting of the classification results of low-level-classifier and up-level-classifier, is proposed to describe the malware. This method is compared with Naive Bayes, decision tree, and boosting using a comprehensive test dataset containing 16,135 malwares and 1800 benign programs. The experiments demonstrate that our method outperforms other algorithms in terms of detection accuracy. Moreover, the Type-Function structure is proved as an unprejudiced and effective method for malware description. Copyright © 2011 John Wiley & Sons, Ltd.