Combining supervised and unsupervised learning for zero-day malware detection
作者: Prakash Mandayam Comar , Lei Liu , Sabyasachi Saha , Pang-Ning Tan , Antonio Nucci
DOI: 10.1109/INFCOM.2013.6567003
关键词: Data mining 、 Supervised learning 、 Obfuscation 、 Computer science 、 Malware 、 Feature extraction 、 Encryption 、 Support vector machine 、 The Internet 、 Machine learning 、 Artificial intelligence 、 Unsupervised learning
摘要: Malware is one of the most damaging security threats facing Internet today. Despite burgeoning literature, accurate detection malware remains an elusive and challenging endeavor due to increasing usage payload encryption sophisticated obfuscation methods. Also, large variety classes coupled with their rapid proliferation polymorphic capabilities imperfections real-world data (noise, missing values, etc) continue hinder use more algorithms. This paper presents a novel machine learning based framework detect known newly emerging at high precision using layer 3 4 network traffic features. The leverages accuracy supervised classification in detecting adaptability unsupervised new classes. It also introduces tree-based feature transformation overcome issues construct informative features for task. We demonstrate effectiveness real from service provider.
sci-hub.se 参考文章(11)
Nick Cercone, Tony Abou-Assaleh, Vlado Keselj, Ray Sweidan, Detection of New Malicious Code Using N-grams Signatures. conference on privacy, security and trust. pp. 193- 196 ,(2004)
Aditya P. Mathur, Nwokedi Idika, A Survey of Malware Detection Techniques ,(2007)
A.H. Sung, J. Xu, P. Chavez, S. Mukkamala, Static analyzer of vicious executables (SAVE) annual computer security applications conference. pp. 326- 334 ,(2004) , 10.1109/CSAC.2004.37
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Pei-Yi Hao, Jung-Hsien Chiang, Yen-Hsiu Lin, A new maximal-margin spherical-structured multi-class support vector machine Applied Intelligence. ,vol. 30, pp. 98- 111 ,(2009) , 10.1007/S10489-007-0101-Z
Nicholas Weaver, Vern Paxson, Stuart Staniford, Robert Cunningham, A taxonomy of computer worms workshop on rapid malcode. pp. 11- 18 ,(2003) , 10.1145/948187.948190
B. Thuraisingham, Data mining and cyber security international conference on quality software. pp. 2- ,(2003) , 10.1109/QSIC.2003.1319078
A.H. Sung, S. Mukkamala, Identifying important features for intrusion detection using support vector machines and neural networks symposium on applications and the internet. pp. 209- 216 ,(2003) , 10.1109/SAINT.2003.1183050
M. Christodorescu, S. Jha, S.A. Seshia, D. Song, R.E. Bryant, Semantics-aware malware detection ieee symposium on security and privacy. pp. 32- 46 ,(2005) , 10.1109/SP.2005.20
Michael Bailey, Jon Oberheide, Jon Andersen, Z Morley Mao, Farnam Jahanian, Jose Nazario, None, Automated classification and analysis of internet malware recent advances in intrusion detection. pp. 178- 197 ,(2007) , 10.1007/978-3-540-74320-0_10