Detecting plagiarism in student Pascal programs
The Computer Journal
Instance-Based Learning Algorithms
Machine Learning
A training algorithm for optimal margin classifiers
COLT '92 Proceedings of the fifth annual workshop on Computational learning theory
C4.5: programs for machine learning
C4.5: programs for machine learning
Discrimination of authorship using visualization
Information Processing and Management: an International Journal
Software forensics: can we track code to its authors?
Computers and Security
On the Optimality of the Simple Bayesian Classifier under Zero-One Loss
Machine Learning - Special issue on learning with probabilistic representations
Inductive learning algorithms and representations for text categorization
Proceedings of the seventh international conference on Information and knowledge management
Fast training of support vector machines using sequential minimal optimization
Advances in kernel methods
On Relevance, Probabilistic Indexing and Information Retrieval
Journal of the ACM (JACM)
Data mining: practical machine learning tools and techniques with Java implementations
Data mining: practical machine learning tools and techniques with Java implementations
Statistical Pattern Recognition: A Review
IEEE Transactions on Pattern Analysis and Machine Intelligence
Explicitly representing expected cost: an alternative to ROC representation
Proceedings of the sixth ACM SIGKDD international conference on Knowledge discovery and data mining
Robust Classification for Imprecise Environments
Machine Learning
Principles of data mining
Machine Learning
Information Retrieval: Algorithms and Heuristics
Information Retrieval: Algorithms and Heuristics
Maximum Security
Text Categorization with Suport Vector Machines: Learning with Many Relevant Features
ECML '98 Proceedings of the 10th European Conference on Machine Learning
A Comparative Study on Feature Selection in Text Categorization
ICML '97 Proceedings of the Fourteenth International Conference on Machine Learning
Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Detecting malicious java code using virtual machine auditing
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Biologically inspired defenses against computer viruses
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 1
A semantics-based approach to malware detection
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Comparison of feature selection and classification algorithms in identifying malicious executables
Computational Statistics & Data Analysis
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
IMDS: intelligent malware detection system
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
A scalable multi-level feature extraction technique to detect malicious executables
Information Systems Frontiers
Frequent pattern mining for kernel trace data
Proceedings of the 2008 ACM symposium on Applied computing
Detecting worm variants using machine learning
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic
KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence
An FSM-Based Approach for Malicious Code Detection Using the Self-Relocation Gene
ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues
Unknown Malcode Detection Using OPCODE Representation
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
A Chronological Evaluation of Unknown Malcode Detection
PAISI '09 Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics
Information Security Tech. Report
Intelligent file scoring system for malware detection from the gray list
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Feature set selection in data mining techniques for unknown virus detection: a comparison study
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Malicious Code Detection Using Active Learning
Privacy, Security, and Trust in KDD
Fast virus detection by using high speed time delay neural networks
NN'09 Proceedings of the 10th WSEAS international conference on Neural networks
Proceedings of the 47th Annual Southeast Regional Conference
A survey of data mining techniques for malware detection using file features
Proceedings of the 46th Annual Southeast Regional Conference on XX
Exploiting an antivirus interface
Computer Standards & Interfaces
Malware detection using statistical analysis of byte-level file content
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
A Sense of `Danger' for Windows Processes
ICARIS '09 Proceedings of the 8th International Conference on Artificial Immune Systems
Learning and multiagent reasoning for autonomous agents
IJCAI'07 Proceedings of the 20th international joint conference on Artifical intelligence
Malicious web content detection by machine learning
Expert Systems with Applications: An International Journal
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Method for Detecting Unknown Malicious Executables
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Data mining methods for malware detection using instruction sequences
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
ISMCS: an intelligent instruction sequence based malware categorization system
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
binOb+: a framework for potent and stealthy binary obfuscation
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Malware detection based on mining API calls
Proceedings of the 2010 ACM Symposium on Applied Computing
Detecting metamorphic malwares using code graphs
Proceedings of the 2010 ACM Symposium on Applied Computing
CIMDS: adapting postprocessing techniques of associative classification for malware detection
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Journal of Intelligent Information Systems
Classification of malware using structured control flow
AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107
An automated worm containment scheme
WISM'10 Proceedings of the 2010 international conference on Web information systems and mining
Determining malicious executable distinguishing attributes and low-complexity detection
Journal in Computer Virology
On detecting active worms with varying scan rate
Computer Communications
A new N-gram feature extraction-selection method for malicious code
ICANNGA'11 Proceedings of the 10th international conference on Adaptive and natural computing algorithms - Volume Part II
Malware images: visualization and automatic classification
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Cloud-based malware detection for evolving data streams
ACM Transactions on Management Information Systems (TMIS)
Combining file content and file relations for cloud based malware detection
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Opcode-sequence-based semi-supervised unknown malware detection
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
DepSim: a dependency-based malware similarity comparison system
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
On deployable adversarial classification models
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Graph-based malware detection using dynamic analysis
Journal in Computer Virology
New malicious code detection using variable length n-grams
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Idea: opcode-sequence-based malware detection
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Proceedings of the 50th Annual Southeast Regional Conference
Mal-ID: automatic malware detection using common segment analysis and meta-features
The Journal of Machine Learning Research
Code type revealing using experiments framework
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Intelligent detection computer viruses based on multiple classifiers
UIC'07 Proceedings of the 4th international conference on Ubiquitous Intelligence and Computing
Malicious codes detection based on ensemble learning
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Using low-level dynamic attributes for malware detection based on data mining methods
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Opcode sequences as representation of executables for data-mining-based unknown malware detection
Information Sciences: an International Journal
Review: Classification of malware based on integrated static and dynamic features
Journal of Network and Computer Applications
Chi-squared distance and metamorphic virus detection
Journal in Computer Virology
Proceedings of the First International Conference on Security of Internet of Things
Applying static analysis to high-dimensional malicious application detection
Proceedings of the 51st ACM Southeast Conference
VILO: a rapid learning nearest-neighbor classifier for malware triage
Journal in Computer Virology
Hi-index | 0.00 |
In this paper, we describe the development of a fielded application for detecting malicious executables in the wild. We gathered 1971 benign and 1651 malicious executables and encoded each as a training example using n-grams of byte codes as features. Such processing resulted in more than 255 million distinct n-grams. After selecting the most relevant n-grams for prediction, we evaluated a variety of inductive methods, including naive Bayes, decision trees, support vector machines, and boosting. Ultimately, boosted decision trees outperformed other methods with an area under the roc curve of 0.996. Results also suggest that our methodology will scale to larger collections of executables. To the best of our knowledge, ours is the only fielded application for this task developed using techniques from machine learning and data mining.