Using multi-feature and classifier ensembles to improve malware detection

Chung Cheng Ling Hsueh Pao/Journal of Chung Cheng Institute of Technology

Volumn 39, Issue 2, 2010, Pages 57-72

  Lu, Yi Bin ^a   Din, Shu Chang ^a   Zheng, Chao Fu ^a   Gao, Bai Jian ^a  

^a NATIONAL DEFENSE UNIVERSITY   (Taiwan)

Author keywords

Classifier ensembles; Features; Machine learning; Malware

Indexed keywords

ANTI VIRUS; BEHAVIOR-BASED; CLASSIFIER ENSEMBLES; COMBINED FEATURES; CONTENT-BASED; EXECUTABLES; FEATURES; INDIVIDUAL CLASSIFIERS; INTERNET APPLICATION; MACHINE-LEARNING; MALWARE DETECTION; MALWARES; RAPID GROWTH; SIGNATURE-MATCHING;

LEARNING SYSTEMS; SECURITY OF DATA; VIRUSES;

COMPUTER CRIME;

EID: 83755220464     PISSN: 02556030     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (49)

1. Schultz, M. G., Eskin, E., Zadok, E., and Stolfo, S. J., "Data Mining Methods for Detection of New Malicious Executables," Proc. of the 2001 IEEE Symposium on Security and Privacy, Los Alamitos, pp. 38-49, 2001. (Pubitemid 32882625)
2. Shih, D. H., Chiang, H. S., and Yen, C. D., "Classification Methods in the Detection of New Malicious Emails," Information Sciences, Vol. 172, Issue 1-2, pp. 241-261, 2005. (Pubitemid 40612875)
3. Kolter, J. Z. and Maloof, M. A., "Learning to Detect and Classify Malicious Executables in the Wild," Journal of Machine Learning Research, Vol. 7, pp. 2721-2744, 2006. (Pubitemid 46011490)
4. Zhang, B. Y., Yin, J. P., Hao, J. B., Zhnag, D. X., and Wang, S. Lin, "Using Support Vector Machine to Detect Unknown Computer Viruses," International Journal of Computational Intelligence Research, Vol. 2, No. 1, pp. 100-104, 2006.
5. Moskovitch, R., Elovici, Y., and Rokach, L., "Detection of Unknown Computer Worms Based on Behavioral Classification of the Host," Computational Statistics and Data Analysis, Vol. 52, Issue 9, pp. 4544-4566, 2008.
6. Hu, Y. T., Chen, L. A., Xu, M., Zheng, N., and Guo, Y. H., "Unknown Malicious Executables Detection Based on Run-time Behavior," Proc. of the 5th International Conference on Fuzzy Systems and Knowledge Discovery, Shandong, China, pp. 391-395, 2008.
7. Dolev, S. and Elovici, Y., "Unknown Malcode Detection Using OPCODE Representation," Proc. of the 1st European Conference on Intelligence and Security Informatics, Esbjerg, Denmark, pp. 204-215, 2008.
8. Assaleh, T. A., Cercone, N., Keselj, V., and Sweidan, R., "N-gram-based Detection of New Malicious Code," Proc. of the 28th Annual International Computer Software and Application Conference, HongKong, pp. 41-42, 2004. (Pubitemid 40680776)
9. Zhang, B. Y., Yin, J. P., and Hao, J. B., "Using Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code," Proc. of the Second International Conference on Fuzzy Systems and Knowledge Discovery, Changsha, China, pp. 629-634, 2005.
10. Henchiri, O. and Japkowicz, N., "A Feature Selection and Evaluation Schedule for Computer Virus Detection," Proc. of the 6th International Conference on Data Mining, HongKong, pp. 1-6, 2006.
11. Ye, Y. F., Wang, D. D., Li, T., and Ye, D. Y., "An Intelligent PE-malware Detection System Based on Association Mining," Journal in Computer Virology, Vol. 4, No.4, pp. 323-334, 2008.
12. Lai, Y. X., "A Feature Selection for Malicious Detection," Proc. of the 9th International Association for Computer and Information Science Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/ Distributed Computing, Phuket, Thailand, pp. 365-370, 2008.
13. Masud, M. M., Khan, L., and Thuraisingham, B., "A Hybrid Model to Detect Malicious Executables," Proc. of the IEEE International Conference on Communications, Glasgow, UK, pp. 1443-1448, 2007. (Pubitemid 351145738)
14. Masud, M. M., Khan, L., and Thuraisingham, B., "A Scalable Multi-level Feature Extraction Technique to Detect Malicious Executables," Information Systems Frontiers, Vol. 10, No. 1, pp. 33-45, 2008. (Pubitemid 351303936)
15. Reddy, K.S., Dash, S.K., and Pujari, A.K., "New Malicious Code Detection Using Variable Length n-grams," Lecture Notes in Computer Science, Vol. 4332, pp. 276-288, 2006.
16. Ye, Y.Y., Chen, L.F., Wang, D.D., Li, T., Jiang, Q.S., and Zhao, M., "SBMDS: An interpretable string based malware detection system using SVM ensemble with bagging," Journal in Computer Virology, Vol. 5, No.4, pp. 283-293, 2009.
17. Shafiq, M.Z., Tabish, S.M., Mirza, F., and Farooq, M., "PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime," Lecture Notes in Computer Science, Vol. 5758, pp. 121-141, 2009.
18. Liu L. and Shao, K., "An Approach of Malicious Executables Detection on Black & Gray Based on AdaBoost Algorithm," Proc. of the 2nd International Conference on Anti-counterfeiting, Security, and Identification, Guyang, China, pp. 88-92, 2008.
19. Liu, Z. and Zhang, X. S., "A Novel Approach to Malicious Executables Detection and Containment Based on Distributed System Architecture," Proc. of the 4th International Conference on Natural Computation, Jinan, China, pp. 160-164, 2008.
20. Zhang, B. Y., Yin, J. P., Tang, W. S., Hao, J. B., and Zhang, D. X., "Unknown Malicious Codes Detection Based on Rough Set Theory and Support Vector Machine," Proc. of 2006 International Joint Conference on Neural Networks, Vancouver, Canada, pp. 2583-2587, 2006.
21. Wang, T. Y., Horng, S. J., Su, M. Y., Wu, C. H., Wang, P. C., and Su, W. Z., "A Surveillance Spyware Detection System Based on Data Mining Methods," Proc. of 2006 International Joint Conference on Neural Networks, Vancouver, Canada, pp. 3236-3241, 2006.
22. Moskovitch, R., Nissim, N., and Elovici, Y., "Malicious Code Detection Using Active Learning," Lecture Notes in Computer Science, Vol. 5456, pp. 74-91, 2009.
23. Zhang, B. Y., Yin, J., Zhang, D., Hao, J., "Unknown Computer Virus Detection Based on K-Nearest Neighbor Algorithm," Computer Engineering and Applications, Vol. 6, pp. 7-10, 2005.
24. Stopel, D., Boger, Z., Moskovitch, R., Shahar, Y., and Elovici, Y., "Improving Worm Detection with Artificial Neural Networks through Feature Selection and Temporal Analysis Techniques," Transactions on Engineering, Computing and Technology, Vol. 15, pp. 202-208, 2006.
25. Stopel, D., Boger, Z., Moskovitch, R., Shahar, Y., and Elovici, Y., "Application of Artificial Neural Networks Techniques to Computer Worm Detection," Proc. of 2006 International Joint Conference on Neural Networks, Vancouver, Canada, pp. 2362-2369, 2006.
26. Menahem, E., Shabtai, A., Rokach, L., and Elovici, Y., "Improving Malware Detection by Applying Multi-inducer Ensemble," Computational Statistics and Data Analysis, Vol. 53, Issue 4, pp. 1483-1494, 2009.
27. Opitz, D. and Maclin, R., "Popular Ensemble Methods: A Empirical Study," Journal of Artificial Intelligence Research, Vol. 11, pp. 169-198, 1999. (Pubitemid 129628763)
28. Seewald, A. K., "Towards Understanding Stacking-Studies of a General Ensemble Learning Scheme," Ph. D. Dissertation, Vienna University of Technology, 2003.
29. Seewald, A. K. and Furnkranz, J., "An Evaluation of Grading Classifiers," Proc. of 4th International Symposium on Intelligent Data Analysis, Lisbon, Portugal, pp. 115-124, 2001. (Pubitemid 33348491)
30. Kotsiantis, S. B. and Pintelas, P. E., "A Hybrid Decision Support Tool-Using Ensemble of Classifiers," Proc. of the 6th International Conference on Enterprise Information Systems, Porto, Portugal, Vol. 2, pp. 448-453, 2006.
31. Treinen, J. J. and Thurimella, R., "A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures," Proc. of 9th International Symposium on Recent Advances in Intrusion and detection, Hamburg, Germany, pp. 1-18, 2006. (Pubitemid 44617844)
32. Konstantinou, E. and Wolthusen S., "Metamorphic Virus: Analysis and Detection," Technical Report RHUL-MA-2008-02, Royal Holloway University of London, 2008.
33. DARPA Datasets, http://www.ll.mit.edu/ mission/Communications/ist/ corporal/ideval/data/ index.html
34. PEView, http://hs.hosp.ncku.edu.tw/cww/html/download.html
35. VMWare, http://www.vmware.com
36. PEiD, http://www.softpedia.com/ progDownload/PEiD-updated-Download-4102. html
37. AutoRuns, http://technet.microsoft.com /en-us/sysinternals/bb963902.aspx
38. ProcessExplorer, http://tec om/en-us/ sysinternals/bb896653.asp
39. FileMon,http://technet.micros/sysinternals/bb896642.aspx
40. Rootkitrevealer, http://technet. om/en-us/sysinter
41. IceSword,http://antirootkit.com/software/IceSword.htm
42. Fport, http://www.foundstone.com/us/ resources/ prod
43. Burges, C., " A Tutorial on Support Vector Machine for Pattern Recogniti Mining and Knowledge Discovery, Vol. 2, No. 2, pp. 121-167, 1998.
44. Witten, I. H. and Eibe, F., Data Mining: Practical Machine Learning Tools and Techniques, Second Edition, Morgan Kaufmann Press, Chap. 10, p. 413, 2005.
45. Witten, I. H. and Eibe, F., Data Mining: Practical Machine Learning Tools and Techniques, Second Edition, Morgan Kaufmann Press, Chap. 3, pp. 62-65, 2005.
46. Witten, I. H. and Eibe, F., Data Mining: Practical Machine Learning Tools and Techniques, Second Edition, Morgan Kaufmann Press, Chap. 4, pp. 84-85, 2005.
47. Agrawal, R. and Srikant, R., " Fast Algorithms for Mining Association a for Support Vector Machines, " Rules, " Proc. of the 20th Very Large Databases Conference, Santiago, Chile, pp. 487-499, 1994.
48. WEKA,http://www.cs.waikato.ac.nz/ml/weka/.
49. Chang, C. C. and Lin, C. J., " LIBSVM: Library Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm/ index.html