Hybrids of support vector machine wrapper and filter based framework for malware detection

Huda, Shamsul; Abawajy, Jemal; Alazab, Mamoun; Abdollalihian, Mali; Islam, Rafiqul; Yearwood, John

doi:10.1016/j.future.2014.06.001

Cited by 103 publications

(39 citation statements)

References 31 publications

(56 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mohaisen et al [13] proposed an unsupervised behavioral based (dynamic) Windows malware classification technique by monitoring file system and memory interactions and achieved more than 98% precision. Huda et al [14] proposed a hybrid framework for malware detection based on programs interactions with Windows Application Program Interface (API) using Support Vector Machines (SVM) wrappers and statistical measures and obtained over 96% detection accuracy.…”

Section: Literature Reviewmentioning

confidence: 99%

Intelligent OS X malware threat detection with code inspection

Pajouh

Dehghantanha

Khayami

et al. 2017

J Comput Virol Hack Tech

View full text Add to dashboard Cite

With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. In this paper, we propose a supervised machine learning model. The model applies kernel base Support Vector Machine and a novel weighting measure based on application library calls to detect OS X malware. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were created. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%.All malware classification experiments are tested using cross validation technique. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Intelligent OS X malware threat detection with code inspection

Pajouh

Dehghantanha

Khayami

et al. 2017

J Comput Virol Hack Tech

View full text Add to dashboard Cite

show abstract

“…SMO is a WEKA implementation of the sequential minimal optimization algorithm. It is a fast version of support vector machine, which form an important class . SMO can be invoked in WEKA with four kernels.…”

Section: Empirical Studymentioning

confidence: 99%

“…Figure 3 presents the results obtained in filtering phishing emails by these kernels of BN for Dataset A of Table I as training set and Datasets B and C of Table I as validate sets. SMO is a WEKA implementation of the sequential minimal optimization algorithm. It is a fast version of support vector machine, which form an important class [52,53]. SMO can be invoked in WEKA with four kernels.…”

Section: Empirical Studymentioning

confidence: 99%

Multilayer hybrid strategy for phishing email zero‐day filtering

Chowdhury

Abawajy

Kelarev

et al. 2016

Concurrency and Computation

View full text Add to dashboard Cite

Summary The cyber security threats from phishing emails have been growing buoyed by the capacity of their distributors to fine‐tune their trickery and defeat previously known filtering techniques. The detection of novel phishing emails that had not appeared previously, also known as zero‐day phishing emails, remains a particular challenge. This paper proposes a multilayer hybrid strategy (MHS) for zero‐day filtering of phishing emails that appear during a separate time span by using training data collected previously during another time span. This strategy creates a large ensemble of classifiers and then applies a novel method for pruning the ensemble. The majority of known pruning algorithms belong to the following three categories: ranking based, clustering based, and optimization‐based pruning. This paper introduces and investigates a multilayer hybrid pruning. Its application in MHS combines all three approaches in one scheme: ranking, clustering, and optimization. Furthermore, we carry out thorough empirical study of the performance of the MHS for the filtering of phishing emails. Our empirical study compares the performance of MHS strategy with other machine learning classifiers. The results of our empirical study demonstrate that MHS achieved the best outcomes and multilayer hybrid pruning performed better than other pruning techniques. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

“…Lakhotia et al [17] developed n-perms, a variant of n-gram, to formalize Op-codes into feature representation. It is noteworthy that API sequences can also be extracted via disassembling [18]. However, only a few malware analysis methods use API sequences obtained by static disassembling, because it is hard to decide parameters of API or track branches and jumps of the execution paths by static analysis.…”

Section: Type Ii: Malware Features Based On Disassemblingmentioning

confidence: 99%

“…Accordingly, an ensemble perceptron algorithm is adopted in [29] with kernel trick and optimized training time to detect unknown and variant malware with low false positive rate. Actually, recent research has already tried and evaluated the most popular supervised learning algorithms in behaviorbased malware detection, such as support vector machine (SVM) [18,29,30], decision trees [12], Naïve Bayes [28] and SMO [23].…”

Section: Machine Learning Algorithms For Malware Detectionmentioning

confidence: 99%

Malware detection using bilayer behavior abstraction and improved one-class support vector machines

Miao

Liu

Cao

et al. 2015

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Malware detection is one of the most challenging problems in computer security. Recently, methods based on machine learning are very popular in unknown and variant malware detection. In order to achieve a successful learning, extracting discriminant and stable features is the most important prerequisite. In this paper, we propose a bilayer behavior abstraction method based on semantic analysis of dynamic API sequences. Operations on sensitive system resources and complex behaviors are abstracted in an interpretable way at different semantic layers. At the lower layer, raw API calls are combined to abstract low-layer behaviors via data dependency analysis. At the higher layer, low-layer behaviors are further combined to construct more complex high-layer behaviors with good interpretability. The extracted low-layer and high-layer behaviors are finally embedded into a highdimensional vector space. Hence, the abstracted behaviors can be directly used by many popular machine learning algorithms. Besides, to tackle the problem that benign programs are not adequately sampled or malware and benign programs are severely imbalanced, an improved one-class support vector machine (OC-SVM) named OC-SVM-Neg is proposed which makes use of the available negative samples. Experimental results show that the proposed feature extraction B Jiachen Liu method with OC-SVM-Neg outperforms binary classifiers on the false alarm rate and the generalization ability.

show abstract

Hybrids of support vector machine wrapper and filter based framework for malware detection

Cited by 103 publications

References 31 publications

Intelligent OS X malware threat detection with code inspection

Intelligent OS X malware threat detection with code inspection

Multilayer hybrid strategy for phishing email zero‐day filtering

Malware detection using bilayer behavior abstraction and improved one-class support vector machines

Contact Info

Product

Resources

About