Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list

Journal of Intelligent Information Systems

Volumn 35, Issue 1, 2010, Pages 1-20

  Ye, Yanfang ^a   Li, Tao ^b   Huang, Kai ^a   Jiang, Qingshan ^a   Chen, Yong ^c  

^a XIAMEN UNIVERSITY   (China)

^b The Department of Electrical and Computer Engineering   (United States)

^c Anti virus laboratory   (China)

Author keywords

Class imbalance; Gray list; Hierarchical Associative Classifier (HAC); Malware detection

Indexed keywords

ANTI VIRUS; ANTIVIRUS SOFTWARES; ASSOCIATIVE CLASSIFICATION; ASSOCIATIVE CLASSIFIERS; BACKDOORS; CLASS FILE; CLASS IMBALANCE; COMPUTER USERS; DATA COLLECTION; HIGH EFFICIENCY; HIGH PRECISION; IMBALANCED CLASS; INCLUDING RULE; INTERPRETABILITY; LARGE DATA; MALWARE DETECTION; MALWARES; OVERFITTING; PORTABLE EXECUTABLE FILES; POST-PROCESSING TECHNIQUES; PRECISION AND RECALL; RESEARCH EFFORTS; SAMPLING STRATEGIES; SCANNING TOOL; SECOND LEVEL; SECURITY THREATS; SOFTWARE PROGRAM; SPY-WARE; TRAINING DATA; TROJANS;

APPLICATION PROGRAMMING INTERFACES (API); ASSOCIATIVE PROCESSING; CLASSIFIERS; COMPUTER SOFTWARE; COMPUTER VIRUSES; DATA ACQUISITION; FUZZY CONTROL; SECURITY OF DATA; VIRUSES;

COMPUTER WORMS;

EID: 77954348690     PISSN: 09259902     EISSN: 15737675     Source Type: Journal    
DOI: 10.1007/s10844-009-0086-7     Document Type: Article

References (39)

1. Agrawal, R., & Imielinski, T. (1993). Mining association rules between sets of items in large databases. In Proceedings of SIGMOD.
2. Baralis, E., & Torino, P. (2002). A lazy approach to pruning classification rules. In Proceedings of the 2002 IEEE international conference on data mining.
3. Bayardo, R., Agrawal, R., & Gunopulos, D. (1999). Constraint-based rule mining in large, dense databases. In ICDE-99.
4. U Bayer A Moser C Kruegel E Kirda 2006 Dynamic analysis of malicious code Journal in Computer Virology 2 67 77 10.1007/s11416-006-0012-2 (Pubitemid 44432022)
5. N Chawla K Bowyer L Hall W Kegelmeyer 2002 SMOTE: Synthetic minority over-sampling technique Journal of Artificial Intelligence Research 16 321 357 0994.68128
6. Christodorescu, M., Jha, S., & Kruegel, C. (2007). Mining specifications of malicious behavior. In Proceedings of ESEC/FSE07 (pp. 5-14).
7. Drummond, C., & Holte, C. (2003). C4.5, class imbalance, and cost sensitivity: Why undersampling beats oversampling. In Proc. of the ICML-2003 workshop: Learning with imbalanced data sets II (pp. 1-8).
8. Elkan, C. (2001). The foundations of cost-sensitive learning. In Proceedings of the seventeenth international conference on machine learning (pp. 239-246).
9. Han, J., Pei, J., & Yin, Y. (2000). Mining frequent patterns without candidate generation. In Proceedings of SIGMOD (pp. 1-12).
10. C Hsu C Lin 2002 A comparison of methods for multiclass support vector machines IEEE Transactions on Neural Networks 13 415 425 10.1109/TNN.2002. 1000139 (Pubitemid 34669660)
11. A Jain R Duin J Mao 2000 Statistical pattern recognition: A review IEEE Transactions on Pattern Analysis and Machine Intelligence 22 4 37 10.1109/34.824819 (Pubitemid 32132953)
12. N Japkowicz S Stephen 2002 The class imbalance problem: A systematic study Intelligent Data Analysis 6 5 429C450
13. Joshi, M., Agarwal, R., & Kumar, V. (2001). Mining needles in a haystack: Classifying rare classes via two-phase rule induction. In SIGMOD 01 conference on management of data (pp. 91-102).
14. Kamei, R., & Ralescu, A. (2003). Piecewise linear separanility using support vector machines. In Proc. of the MAICS conference (pp. 52C53).
15. Kephart, J., Sorkin, G., Swimmer, M., & White, S. (1997). Blueprint for a computer immune system. In Virus Bulletin International Conference.
16. J. Kephart S. White D. Chess 1993 Computers and epidemiology IEEE Spectrum 30 20 26 10.1109/6.275061
17. Kolter, J., & Maloof, M. (2004). Learning to detect malicious executables in the wild. In Proceedings of KDD'04.
18. Langley, P. (1994). Selection of relevant features in machine learning. In Proceedings of AAAI fall symp.
19. Li, W., Han, J., & Pei, J. (2001). CMAR: Accurate and efficient classification based on multiple class-association rules. In Proceedings of the 2001 IEEE international conference on data mining (ICDM-01) (pp. 369-376).
20. Liu, B., Hsu, W., & Ma, Y. (1998). Integrating classification and association rule mining. In Proceedings of the fourth international conference on knowledge discovery and data mining (KDD-98) (pp. 80-86).
21. Liu, B., Hsu, W., & Ma, Y. (1999). Pruning and summarizing the discovered associations. In KDD-99.
22. Mahta, M., Agrawal, R., & Rissanen, J. (1996). SLIQ: A fast scalable classifier for data mining. In EDBT-96.
23. H Peng F Long C Ding 2005 Feature selection based on mutual information: Criteria of max-dependency, max-relevance, and min-redundancy IEEE Transactions on Pattern Analysis and Machine Intelligence 27 1226 1238 10.1109/TPAMI.2005.159 (Pubitemid 41245053)
24. Schultz, M., Eskin, E., & Zadok, E. (2001). Data mining methods for detection of new malicious executables. In Security and privacy, 2001. Proceedings. 2001 IEEE symposium on 14-16 May (pp. 38-49).
25. Song, Y., Locasto, M., Stavrou, A., Keromytis, A., & Stolfo, S. (2007). On the infeasibility of modeling polymorphic shellcode. In CCS '07: Proceedings of the 14th ACM conference on computer and communications security (pp. 541-551). New York: ACM.
26. Sung, A., Xu, J., Chavez, P., & Mukkamala, S. (2004). Static analyzer of vicious executables (save). In Proceedings of the 20th annual computer security applications conference.
27. G Tesauro J Kephart G Sorkin 1996 Neural networks for computer virus recognition IEEE Expert 11 5 6 10.1109/64.511768
28. F Thabtah 2007 A review of associative classification mining The Knowledge Engineering Review 22 1 37C65 10.1017/S0269888907001026 (Pubitemid 46825798)
29. Toivonen, H., Klemetinen, M., Ronkainen, P., Hatonen, K., & Mannila, H. (1995). Pruning and grouping discovered association rules. In Mlnet workshop on statistics, machine learning, and discovery in databases (pp. 47-52).
30. Visa, S., & Ralescu, A. (2003). Learning imbalanced and overlapping classes using fuzzy sets. In Proc. of the ICML-2003 workshop: Learning with imbalanced data sets II (p. 97C104).
31. Visa, S., & Ralescu, A. (2005). Issues in mining imbalanced data sets-A review paper. In Proceedings of the sixteen midwest artificial intelligence and cognitive science conference.
32. Wagner, D., & Soto, P. (2002). Mimicry attacks on host-based intrusion detection systems. In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security (pp. 255-264). New York: ACM.
33. Wang, J., Deng, P., Fan, Y., Jaw, L., & Liu, Y. (2003). Virus detection using data mining techniques. In Proceedings of IEEE international conference on data mining.
34. Wang, Y., Xin, Q., & Coenen, F. (2007). A novel rule ordering approach in classification association rule mining. In Proceedings of the seventh IEEE international conference on data mining workshops (ICDMW 2007).
35. Weiss, G. (2004). Mining with rarity: A unifying framework. In SIGKDD Explorations (Vol. 6, No. 1, pp. 7-19).
36. G Weiss F Provost 2003 Learning when training data are costly: The effect of class distribution on tree induction Journal of Artificial Intelligence Research 19 315 354 1046.68094
37. Ye, Y., Wang, D., Li, T., & Ye, D. (2007). IMDS: Intelligent malware detection system. In Proceedings of ACM international conference on knowlege discovery and data mining (SIGKDD 2007).
38. Yin, X., & Han, J. (2003). CPAR: Classification based on predictive association rules. In Proceedings of the third SIAM international conference on data mining (SDM-03) (pp. 331-335).
39. Zadrozny, B. (2004). Learning and evaluating classifiers under sample selection bias. In Proceedings of 21st international conference on machine learning.