Adaptive Rule-Based Malware Detection Employing Learning Classifier Systems: A Proof of Concept

Blount, Jonathan Joseph; Tauritz, Daniel R.; Mulder, Samuel A.

doi:10.1109/compsacw.2011.28

Cited by 29 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A number of different techniques for semi-supervised learning have been proposed, such as the Expectation Maximization (EM) based algorithms (Goldstein, 2012), self-training (Blount et al, 2011;Lyngdoh et al, 2018), co-training (Rath et al, 2017), Semi-Supervised SVM (Ashfaq et al, 2017), graph-based methods (Sadreazami et al, 2018), and boosting based semi-supervised learning methods (Yuan et al, 2016). Rana et al propose a novel fuzzy-based semi-supervised learning approach by applying unlabelled samples aided with a supervised learning algorithm to enhance the classifier's performance for the IDSs.…”

Section: Semi-supervised Learningmentioning

confidence: 99%

Survey of intrusion detection systems: techniques, datasets and challenges

et al. 2019

View full text Add to dashboard Cite

Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.

show abstract

Section: Semi-supervised Learningmentioning

confidence: 99%

Survey of intrusion detection systems: techniques, datasets and challenges

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The eigenvalues of op code based graph images can calculated by measuring the distances between the nodes based on the K Nearest Neighbor Algorithm (KNN Algorithm), which is one of the machine learning algorithms [9]. In addition, the processed strings can be reprocessed with the Logistic Common Subsequence (LCS) algorithm to measure the eigenvalues of the strings [10]. In the studies introduced above, static analysis-based methods collect signatures or list the signatures in sequence, but cannot identify the accurate features of behaviors because they are based on code-based feature extraction.…”

Section: Related Workmentioning

confidence: 99%

Expression of Malware Characteristics using API Sequence

Kim¹,

Lee²,

Youn³

2021

JSTA

View full text Add to dashboard Cite

In the present age, the amount of malware is growing very rapidly, and the kinds and behaviors of malware are becoming very diverse. This poses social security threats such as data loss, leakage of personal and financial information, system damage, and the destruction of IT infrastructures. Unlike existing malicious codes, modified or new types of malicious codes are being identified, and it is very inefficient for analysts to manually analyze one by one from the beginning. Malware analysts to solve these problems are analyzed and studied effective way to reduce the time and cost of analysis. In this paper, we propose a way to express the characteristics by using the API Sequence for malware detection and classification. It compares and analyzes several existing expression methods and verifies the efficiency through actual malicious code samples. Using the expression method proposed in the paper, we detected four malicious behaviors: DLL Injection, Downloader, Key Logger, and Anti debugging. As a result, it was detected more than the conventional detection method, and it can be seen that the more complex the malicious behavior, the higher the detection efficiency. In addition, although static analysis was adopted as the main method, the flow of malicious behavior can be analyzed because it searches for execution condensation.

show abstract

“…Concerning the large and heterogeneous family of misuse based IDS, recent research includes the following papers, among many others. In the work of Blount et al, it is a paper whose experimental results show the detection ability of the system to learn effective rules from repeated presentations of a tagged training set. Best system accuracy is close to 90 % .…”

Section: State Of the Artmentioning

confidence: 99%

Statistical fingerprint‐based intrusion detection system (SF‐IDS)

Boero

Cello

Marchese

et al. 2016

Int J Communication

View full text Add to dashboard Cite

Summary Intrusion detection systems (IDS) are systems aimed at analyzing and detecting security problems. The IDS may be structured into misuse and anomaly detection. The former are often signature/rule IDS that detect malicious software by inspecting the content of packets or files looking for a “signature” labeling malware. They are often very efficient, but their drawback stands in the weakness of the information to check (eg, the signature), which may be quickly dated, and in the computation time because each packet or file needs to be inspected. The IDS based on anomaly detection and, in particular, on statistical analysis have been originated to bypass the mentioned problems. Instead of inspecting packets, each traffic flow is observed so getting a statistical characterization, which represents the fingerprint of the flow. This paper introduces a statistical analysis based intrusion detection system, which, after extracting the statistical fingerprint, uses machine learning classifiers to decide whether a flow is affected by malware or not. A large set of tests is presented. The obtained results allow selecting the best classifiers and show the performance of a decision maker that exploits the decisions of a bank of classifiers acting in parallel.

show abstract

Adaptive Rule-Based Malware Detection Employing Learning Classifier Systems: A Proof of Concept

Cited by 29 publications

References 6 publications

Survey of intrusion detection systems: techniques, datasets and challenges

Survey of intrusion detection systems: techniques, datasets and challenges

Expression of Malware Characteristics using API Sequence

Statistical fingerprint‐based intrusion detection system (SF‐IDS)

Contact Info

Product

Resources

About