SBMDS: An interpretable string based malware detection system using SVM ensemble with bagging

Journal in Computer Virology

Volumn 5, Issue 4, 2009, Pages 283-293

  Ye, Yanfang ^a   Chen, Lifei ^b   Wang, Dingding ^c   Li, Tao ^c   Jiang, Qingshan ^a   Zhao, Min ^d  

^a XIAMEN UNIVERSITY   (China)

^b FUJIAN NORMAL UNIVERSITY   (China)

^c Florida International University   (United States)

^d Anti virus laboratory   (China)

Author keywords

[No Author keywords available]

Indexed keywords

ANTI VIRUS; ANTIVIRUS SOFTWARES; DETECTION SYSTEM; FEATURE SELECTION; MALICIOUS EXECUTABLES; MALWARE DETECTION; MALWARES; NAIVE BAYES; SCANNING TOOL; STRING ANALYSIS;

APPLICATION PROGRAMMING INTERFACES (API); COMPUTER SOFTWARE; DECISION TREES; DETECTORS; NETWORK SECURITY; SUPPORT VECTOR MACHINES;

COMPUTER VIRUSES;

EID: 70350621370     PISSN: 17729890     EISSN: 17729904     Source Type: Journal    
DOI: 10.1007/s11416-008-0108-y     Document Type: Article

References (36)

1. Adleman, L.: An abstract theory of computer viruses (invited talk). In: CRYPTO '88: Proceedings on Advances in cryptology, pp. 354-374. Springer, New York (1990).
2. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. RAID 2007. LNCS, vol. 4637, pp 178-197 (2007).
3. Bayer U., Moser A., Kruegel C., Kirda E.: Dynamic analysis of malicious code. J. Comput. Virol. 2, 67-77 (2006).
4. Beaucamps P., Filiol E.: Metamorphism, formal grammars and undecidable code mutation. J. Comp. Sci. 2(1), 70-75 (2007).
5. Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating programs towards aunified perspective of code protection. J. Comp. Virol. 3(1), 2007.
6. Bowd C., Medeiros F.A., Zhang Z., Zangwill L.M., Hao J., Lee T., Sejnowski T.J., Weinreb R.N., Goldbaum M.H.: Relevance vector machine and support vector machine classifier analysis of scanning laser polarimetry retinal nerve fiber layer measurements. Invest. Ophthalmol. Vis. Sci. 46, 1322-1329 (2005).
7. Breiman L.: Bagging predicators. Mach. Learn. 24, 123-140 (1996).
8. Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In Proceedings of ESEC/FSE07, pp 5-14 (2007).
9. Dietterich T.G.: Machine learning research: Four current directions. AI Magaz. 18(4), 97-136 (1997).
10. Filiol E.: Computer Viruses: from Theory to Applications. Springer, Heidelberg (2005).
11. Filiol E.: Malware pattern scanning schemes secure against black-box analysis. J. Comp. Virol. 2(1), 35-50 (2006).
12. Filiol E., Jacob G., Liard M.L.: Evaluation methodology and theoretical model for antiviral behavioural detection strategies. J. Comp. Virol. 3(1), 27-37 (2007).
13. Freund Y., Schapire R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comp. Syst. Sci. 55(1), 119-139 (1997).
14. Hsu C., Lin C.: A comparison of methods for multiclass support vector machines. IEEE Trans. Neural Netw. 13, 415-425 (2002).
15. Kim, H., Pang, S., Je, H., Kim, D., Bang, S.: Support vector machine ensemble with bagging. SVM 2002, LNCSI, vol. 2388, pp 397-408 (2002).
16. Kolcz, A., Sun, X., Kalita, J.: Efficient handling of high-dimensional feature spaces by randomized classifier ensembles. In: Proceedings of KDD'02 (2002).
17. Kolter, J., Maloof, M.: Learning to detect malicious executables in the wild. In: Proceedings of KDD'04 (2004).
18. Li Y., Campbell C., Tipping M.: Bayesian automatic relevance determination algorithms for classifying gene expression data. Bioinformatics 18, 1232-1239 (2002).
19. Li, D., Hu, W.: Feature selection with rvm and its application to prediction modeling. AI 2006, LNAI, vol. 4304, pp 1140-1144 (2006).
20. McGraw G., Morrisett G.: Attacking malicious code:report to the infosec research council. IEEE Softw. 17(5), 33-41 (2000).
21. Oza, N.C., Russell, S.: Experimental comparisons of online and batch versions of bagging and boosting. In: Proceedings of KDD'01 (2001).
22. Rangel, P., Lozano, F., Garcia, E.: Boosting of support vector machines with application to editing. In: Proceedings of ICMLA'05 (2005).
23. Reddy D.K.S., Pujari A.K.: N-gram analysis for computer virus detection. J. Comput. Virol. 2, 231-239 (2006).
24. Schultz, M., Eskin, E., Zadok, E.: Data mining methods for detection of new malicious executables. In: Security and privacy, 2001. Proceedings of 2001 IEEE Symposium on 14-16 May, pp 38-49 (2001).
25. Sebastiani F.: Text categorization. ACM Comput. Surv. 34(1), 1-47 (2002).
26. Silva, C., Ribeiro, B., Sung, A.H.: Boosting rvm classifiers for large data sets. ICANNGA 2007, Part II, LNCSI, vol. 4432, pp 228-237 (2007).
27. Sung, A., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables (save). In: Proceedings of the 20th Annual Computer Security Applications Conference (2004).
28. Tan, S., Cheng, X., Ghanem, M., Wang, B., Xu, H.: A novel refinement approach for text categorization. In: Proceeding of the ACM CIKM, pp 469-476, 2005.
29. Tipping M.: Sparse bayesian learning and the relevance vector machine. J. Mach. Learn. Res. 1, 211-214 (2001).
30. Tsang I.W., Kwok J.T., Cheung P.M.: Core vector machines: Fast svm training on very large data sets. J. Mach. Learn. Res. 6, 363-392 (2005).
31. Wang, J., Deng, P., Fan, Y., Jaw, L., Liu, Y.: Virus detection using data mining techniques. In: Proceedings of IEEE International Conference on Data Mining (2003).
32. Wickramaratna, J., Holden, S.B., Buxton, B.F.: Performance degradation in boosting. In: Proceedings of the Second International Workshop on Multiple Classifier Systems (2001).
33. Witten H., Frank E.: Data mining: Practical machine learning tools with Java implementations. Morgan Kaufmann, Menlo Park (2005).
34. Ye, Y., Wang, D., Li, T., Ye, D.: IMDS: Intelligent malware detection system. In: Proceedings of ACM International Conference on Knowledge Discovery and Data Mining (SIGKDD 2007) (2007).
35. Yu, H., Yang, J., Han, J.: Classifying large data sets using svms with hierarchical clusters. In: Proceedings of KDD'03 (2003).
36. Vapnik C.C.: Support vector network. Mach. Learn. 20, 273-297 (1995).