Malware detection using bilayer behavior abstraction and improved one-class support vector machines
作者: Qiguang Miao , Jiachen Liu , Ying Cao , Jianfeng Song
DOI: 10.1007/S10207-015-0297-6
关键词:
摘要: Malware detection is one of the most challenging problems in computer security. Recently, methods based on machine learning are very popular unknown and variant malware detection. In order to achieve a successful learning, extracting discriminant stable features important prerequisite. this paper, we propose bilayer behavior abstraction method semantic analysis dynamic API sequences. Operations sensitive system resources complex behaviors abstracted an interpretable way at different layers. At lower layer, raw calls combined abstract low-layer via data dependency analysis. higher further construct more high-layer with good interpretability. The extracted finally embedded into high-dimensional vector space. Hence, can be directly used by many algorithms. Besides, tackle problem that benign programs not adequately sampled or severely imbalanced, improved one-class support (OC-SVM) named OC-SVM-Neg proposed which makes use available negative samples. Experimental results show feature extraction outperforms binary classifiers false alarm rate generalization ability.
springer.com
acm.org
sci-hub.se 参考文章(40)
Yuval Shahar, Lior Rokach, Gil Tahan, Mal-ID: automatic malware detection using common segment analysis and meta-features Journal of Machine Learning Research. ,vol. 13, pp. 949- 979 ,(2012)
Mamoun Alazab, Sitalakshmi Venkatraman, Paul A Watters, Moutaz Alazab, None, Zero-day malware detection based on supervised learning algorithms of API call signatures australasian data mining conference. pp. 171- 182 ,(2011)
Pratiksha Natani, Deepti Vidyarthi, Malware Detection Using API Function Frequency with Ensemble Based Classifier international symposium on security in computing and communication. pp. 378- 388 ,(2013) , 10.1007/978-3-642-40576-1_37
Robert Moskovitch, Clint Feher, Nir Tzachar, Eugene Berger, Marina Gitelman, Shlomi Dolev, Yuval Elovici, Unknown Malcode Detection Using OPCODE Representation european conference on intelligence and security informatics. pp. 204- 215 ,(2008) , 10.1007/978-3-540-89900-6_21
D.M.J. Tax, One-class classification TU Delft, Delft University of Technology. ,(2001)
B Schölkopf, AJ Smola, JC Platt, Kernel method for percentile feature extraction Microsoft Research, Microsoft Corporation. pp. 12- ,(2000)
Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz, Automatic analysis of malware behavior using machine learning Journal of Computer Security. ,vol. 19, pp. 639- 668 ,(2011) , 10.3233/JCS-2010-0410
Engin Kirda, Paolo Milani Comparetti, Christopher Kruegel, Clemens Kolbitsch, Xiaoyong Zhou, XiaoFeng Wang, Effective and efficient malware detection at the end host usenix security symposium. pp. 351- 366 ,(2009)
Dragos Gavrilut, Razvan Benchea, Cristina Vatamanu, Optimized Zero False Positives Perceptron Training for Malware Detection symbolic and numeric algorithms for scientific computing. pp. 247- 253 ,(2012) , 10.1109/SYNASC.2012.34
Ying Cao, Qiguang Miao, Jiachen Liu, Lin Gao, Abstracting minimal security-relevant behaviors for malware analysis Journal of Computer Virology and Hacking Techniques. ,vol. 9, pp. 193- 204 ,(2013) , 10.1007/S11416-013-0186-3