Unknown malcode detection using classifiers with optimal training sets
作者: Yuval Elovici , Robert Moskovitch
DOI:
关键词:
摘要: The present invention is directed to a method for detecting unknown malicious code, such as virus, worm, Trojan Horse or any combination thereof. Accordingly, Data Set created, which collection of files that includes first subset with code and second benign are identified by an antivirus program. All parsed using n-gram moving windows several lengths the TF representation computed each in file. An initial set top features (e.g., up 5500) all n-grams IS selected, based on DF measure number reduced comply computation resources required classifier training, selection methods. optimal then determined evaluation detection accuracy sets different data distributions prepared, number, will be used training test sets. For classifier, iteratively evaluated combinations distributions, while iteration, specific distribution testing trained distributions. results highest selected classifier.
google.de 参考文章(13)
Robert Moskovitch, Nir Nissim, Dima Stopel, Clint Feher, Roman Englert, Yuval Elovici, Improving the Detection of Unknown Computer Worms Activity Using Active Learning KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence. pp. 489- 493 ,(2007) , 10.1007/978-3-540-74565-5_47
Marcus A. Maloof, System and method for detecting malicious executable code ,(2005)
Robert Moskovitch, Ido Gus, Shay Pluderman, Dima Stopel, Clint Feher, Chanan Glezer, Yuval Shahar, Yuval Elovici, Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining computational intelligence and data mining. pp. 202- 209 ,(2007) , 10.1109/CIDM.2007.368873
Robert Moskovitch, Ido Gus, Shay Pluderman, Dima Stopel, Chanan Glezer, Yuval Shahar, Yuval Elovici, Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining computational intelligence and security. pp. 169- 177 ,(2007) , 10.1109/CISDA.2007.368150
Robert Moskovitch, Nir Nissim, Yuval Elovici, Malicious Code Detection and Acquisition Using Active Learning intelligence and security informatics. pp. 371- 371 ,(2007) , 10.1109/ISI.2007.379505
Marcus A. Maloof, J. Zico Kolter, Learning to Detect and Classify Malicious Executables in the Wild Journal of Machine Learning Research. ,vol. 7, pp. 2721- 2744 ,(2006) , 10.5555/1248547.1248646
M.G. Schultz, E. Eskin, F. Zadok, S.J. Stolfo, Data mining methods for detection of new malicious executables ieee symposium on security and privacy. pp. 38- 49 ,(2001) , 10.1109/SECPRI.2001.924286
G. Salton, A. Wong, C. S. Yang, A vector space model for automatic indexing Communications of the ACM. ,vol. 18, pp. 613- 620 ,(1975) , 10.1145/361219.361220
Olivier Henchiri, Nathalie Japkowicz, A Feature Selection and Evaluation Scheme for Computer Virus Detection international conference on data mining. pp. 891- 895 ,(2006) , 10.1109/ICDM.2006.4
T. Abou-Assaleh, N. Cercone, V. Keselj, R. Sweidan, N-gram-based detection of new malicious code computer software and applications conference. ,vol. 2, pp. 41- 42 ,(2004) , 10.1109/CMPSAC.2004.1342667