Boosting training for PDF malware classifier via active learning

Li, Yuanzhang; Wang, Xinxin; Shi, Zhiwei; Zhang, Ruyun; Xue, Jingfeng; Wang, Zhi

doi:10.1002/int.22451

Cited by 23 publications

(16 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This hybrid method integrates an arbitrary forest and DL technique utilizing 12 hidden layers for determining malware and benign files correspondingly. Li et al [12] projected an active-learning based malware detection method, utilizing mutual agreement analysis for choosing the uncertain instance as data augmentation. The detector was retrain based on the ground truth of uncertain instances before the entire test instances from the preceding epoch that is not only enhancing the detection performance, then also decreasing the trained time utilization of detectors.…”

Section: Related Workmentioning

confidence: 99%

Invasive weed optimization with stacked long short term memory for PDF malware detection and classification

Chandran

Hema²,

Jeyakarthic

2022

ijhs

View full text Add to dashboard Cite

Due to high versatility and widespread adoption, PDF documents are widely exploited for launching attacks by cyber criminals. PDFs have been conventionally utilized as an effective method for spreading malware. Automated detection and classification of PDF malware are essential to accomplish security. Latest developments of artificial intelligence (AI) and deep learning (DL) models pave a way for automated detection of PDF malware. In this view, this article develops an Invasive Weed Optimization with Stacked Long Short Term Memory (IWO-S-LSTM) technique for PDF malware detection and classification. The presented IWO-S-LSTM model focuses on the recognition and classification of different kinds of malware that exist in PDF documents. The proposed IWO-S-LSTM model initially undergoes pre-processing in two stages namely categorical encoding and null value removal. Besides, autoencoder (AE) based outlier detection approach is presented to remove the existence of outliers. In addition, S-LSTM model is utilized to detect and classify PDF malware. Finally, IWO algorithm is applied to fine tune the hyperparameters involved in the S-LSTM model. To determine the enhanced outcomes of the IWO-S-LSTM model, a series of simulations were executed on two benchmark datasets. The experimental outcomes outperformed the promising performance of the IWO-S-LSTM technique on the other approaches.

show abstract

Section: Related Workmentioning

confidence: 99%

Invasive weed optimization with stacked long short term memory for PDF malware detection and classification

Chandran

Hema²,

Jeyakarthic

2022

ijhs

View full text Add to dashboard Cite

show abstract

“…Including spatial information and utilizing super-pixel and object based methods have been proposed to deal with the first difficulty 14 – 16 . The use of semi-supervised approaches and active learning are among the suggested methods to deal with the second difficulty 17 – 19 . An online active extreme learning machine (OA-ELM) has been proposed in 17 , which its aim is to improve training efficiency, classification accuracy and also the generalization ability.…”

Section: Introductionmentioning

confidence: 99%

“…The use of semi-supervised approaches and active learning are among the suggested methods to deal with the second difficulty 17 – 19 . An online active extreme learning machine (OA-ELM) has been proposed in 17 , which its aim is to improve training efficiency, classification accuracy and also the generalization ability. Support vector machine (SVM) can be an appropriate classifier when limited training samples are available 20 .…”

Section: Introductionmentioning

confidence: 99%

Two-step discriminant analysis based multi-view polarimetric SAR image classification with high confidence

Imani

2022

Sci Rep

View full text Add to dashboard Cite

Polarimetric synthetic aperture radar (PolSAR) image classification is a hot topic in remote sensing field. Although recently many deep learning methods such as convolutional based networks have provided great success in PolSAR image classification, but they need a high volume of labeled samples, which are not usually available in practice, or they cause a high computational burden for implementation. In this work, instead of spending cost for network training, the inherent nature of PolSAR image is used for generation of convolutional kernels for extraction of deep and robust features. Moreover, extraction of diverse scattering characteristics contained in the coherency matrix of PolSAR and fusion of their output classification results with a high confidence have high impact in providing a reliable classification map. The introduced method called discriminative features based high confidence classification (DFC) utilizes several approaches to deal with difficulties of PolSAR image classification. It uses a multi-view analysis to generate diverse classification maps with different information. It extracts deep polarimetric-spatial features, consistent and robust with respect to the original PolSAR data, by applying several pre-determined convolutional filters selected from the important regions of image. Convolutional kernels are fixed without requirement to be learned. The important regions are determined with selecting the key points of image. In addition, a two-step discriminant analysis method is proposed to reduce dimensionality and result in a feature space with minimum overlapping and maximum class separability. Eventually, a high confidence decision fusion is implemented to find the final classification map. Impact of multi-view analysis, selection of important regions as fixed convolutional kernels, two-step discriminant analysis and high confidence decision fusion are individually assessed on three real PolSAR images in different sizes of training sets. For example, the proposed method achieves 96.40% and 98.72% overall classification accuracy by using 10 and 100 training samples per class, respectively in L-band Flevoland image acquired by AIRSAR. Generally, the experiments show high efficiency of DFC compared to several state-of-the-art methods especially for small sample size situations.

show abstract

“…[7][8][9] Some of these solutions [10][11][12] are quite feasible, as they build CTCs by adjusting the timing behavior of legitimate channels, such as controlling resource consumption rates or managing packet delivery schedules in predefined time windows. [13][14][15][16] Covert timing channels have been explored in multiple ways especially over traditional Ethernet, and different efficient solutions have been proposed. Cabuk et al 17 proposed an internet protocol covert timing channel (IPCTC) and explored different design issues.…”

Section: Introductionmentioning

confidence: 99%

A robust packet‐dropping covert channel for mobile intelligent terminals

Jun-li

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

Covert communication in this regard has been widely used for protecting the secrecy of communication.Voice over Long Term Evolution (VoLTE) is a packetswitched core network solution for high-speed and high-quality end-to-end services which usually applied to the communication between intelligent systems. However, covert channels using inter-packet delays and packet order in VoLTE services are limited by specific rules. Since minor modifications to overt traffic can be detected, existing covert channel solutions cannot be directly applied to VoLTE. Therefore, this study presents a robust packet loss covert timing channel by cascade hash coding with intelligent system. To ensure robustness and undetectability, we design hash-based inter-codeword verification, codeword self-verification based on cyclic redundancy check, and adaptive mapping matrix. The sender modulates the covert messages according to the sequence number of the actively dropped packets, and the receiver can retrieve the covert messages using a specialized verification method. To evaluate undetectability, robustness, throughput, and construction costs, a large number of experiments in mobile intelligent terminals have been conducted. The experimental results prove that the proposed scheme is feasible for VoLTE communication, as the covert message is

show abstract

Boosting training for PDF malware classifier via active learning

Abstract: Machine learning algorithms are widely used for cybersecurity applications, include spam, malware detection. In these applications, the machine learning model has to face attack by adversarial samples.

Cited by 23 publications

References 30 publications

Invasive weed optimization with stacked long short term memory for PDF malware detection and classification

Invasive weed optimization with stacked long short term memory for PDF malware detection and classification

Two-step discriminant analysis based multi-view polarimetric SAR image classification with high confidence

A robust packet‐dropping covert channel for mobile intelligent terminals

Contact Info

Product

Resources

About