An Ensemble Cost-Sensitive One-Class Learning Framework for Malware Detection
作者: Jia-Chen Liu , Jian-Feng Song , Qi-Guang Miao , Ying Cao , Yi-Ning Quan
DOI: 10.1142/S0218001415500184
关键词:
摘要: Machine learning is among the most popular methods in designing unknown and variant malware detection algorithms. However, of existing take a single type features to build binary classifiers. In practice, these have limited ability depicting characteristics classification suffers from inadequate sampling benign samples extremely imbalanced training when detecting malware. this paper, we present Framework based on ENsemble One-Class Learning, namely FENOC. It uses hybrid at different semantic layers ensure comprehensive insight program be analyzed. We construct detector by novel algorithm called Cost-sensitive Twin One-class Classifier (CosTOC), which pair one-class classifiers describe programs respectively. CosTOC more flexible robust comparison conventional are or inadequately sampled. Finally, random subspace method clustering-based ensemble developed enhance generalization CosTOC. Experimental results show that FENOC gives comparative rate lower false positive than many other algorithms, especially trained with data, evaluated terms rate.
sci-hub.se 参考文章(23)
Yuval Shahar, Lior Rokach, Gil Tahan, Mal-ID: automatic malware detection using common segment analysis and meta-features Journal of Machine Learning Research. ,vol. 13, pp. 949- 979 ,(2012)
Mehedy Masud, Latifur Khan, Bhavani Thuraisingham, Data Mining Tools for Malware Detection ,(2011)
Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz, Automatic analysis of malware behavior using machine learning Journal of Computer Security. ,vol. 19, pp. 639- 668 ,(2011) , 10.3233/JCS-2010-0410
Cristina Vatamanu, Dragoş Gavriluţ, Răzvan-Mihai Benchea, None, Building a practical and reliable classifier for malware detection Journal of Computer Virology and Hacking Techniques. ,vol. 9, pp. 205- 214 ,(2013) , 10.1007/S11416-013-0188-1
David M.J. Tax, Robert P.W. Duin, Support Vector Data Description Machine Learning. ,vol. 54, pp. 45- 66 ,(2004) , 10.1023/B:MACH.0000008084.60811.49
Ying Cao, Qiguang Miao, Jiachen Liu, Lin Gao, Abstracting minimal security-relevant behaviors for malware analysis Journal of Computer Virology and Hacking Techniques. ,vol. 9, pp. 193- 204 ,(2013) , 10.1007/S11416-013-0186-3
Blake Anderson, Daniel Quist, Joshua Neil, Curtis Storlie, Terran Lane, Graph-based malware detection using dynamic analysis Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 247- 258 ,(2011) , 10.1007/S11416-011-0152-X
Nir Nissim, Robert Moskovitch, Lior Rokach, Yuval Elovici, Detecting unknown computer worm activity via support vector machines and active learning Pattern Analysis and Applications. ,vol. 15, pp. 459- 475 ,(2012) , 10.1007/S10044-012-0296-4
Arun Lakhotia, Andrew Walenstein, Craig Miles, Anshuman Singh, VILO: a rapid learning nearest-neighbor classifier for malware triage Journal of Computer Virology and Hacking Techniques. ,vol. 9, pp. 109- 123 ,(2013) , 10.1007/S11416-013-0178-3
Ying Cao, Qiguang Miao, Jiachen Liu, Weisheng Li, Osiris: A Malware Behavior Capturing System Implemented at Virtual Machine Monitor Layer Mathematical Problems in Engineering. ,vol. 2013, pp. 1- 11 ,(2013) , 10.1155/2013/402438