Malware detection by pruning of parallel ensembles using harmony search

Sheen, Shina; Anitha, R.; Sirisha, P.

doi:10.1016/j.patrec.2013.05.006

Cited by 30 publications

(14 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers built ensemble malware detectors [1,10,11,14,17,18,20,22,24,25,29,30,35,36,38], based on combining general detectors. Moreover, most of them used off-line analysis [1,10,14,25,29,30,35,36]. A few used dynamic analysis [11,20,24] and some used both static and dynamic analysis [17,18,22].…”

Section: Related Workmentioning

confidence: 99%

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Khasawneh

Özsoy

Donovick

et al. 2015

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

Abstract. Recent work demonstrated hardware-based online malware detection using only low-level features. This detector is envisioned as a first line of defense that prioritizes the application of more expensive and more accurate software detectors. Critical to such a framework is the detection performance of the hardware detector. In this paper, we explore the use of both specialized detectors and ensemble learning techniques to improve performance of the hardware detector. The proposed detectors reduce the false positive rate by more than half compared to a single detector, while increasing the detection rate. We also contribute approximate metrics to quantify the detection overhead, and show that the proposed detectors achieve more than 11x reduction in overhead compared to a software only detector (1.87x compared to prior work), while improving detection time. Finally, we characterize the hardware complexity by extending an open core and synthesizing it on an FPGA platform, showing that the overhead is minimal.

show abstract

Section: Related Workmentioning

confidence: 99%

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Khasawneh

Özsoy

Donovick

et al. 2015

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

show abstract

“…Santos et al [16] proposed a machine learning-based malware detection method by using Op-code n-gram fea- [19,20,22,[35][36][37] Type IV APIs N -grams [5,8,[23][24][25][26][27][28] Type V Hybrid Hybrid [30][31][32][33] tures. Lakhotia et al [17] developed n-perms, a variant of n-gram, to formalize Op-codes into feature representation.…”

Section: Type Ii: Malware Features Based On Disassemblingmentioning

confidence: 99%

“…However, API n-grams always suffer from the "curse of dimensionality," and additional feature selection methods must be performed. Moreover, API parameters contain rich semantic information, but many API n-gram methods [8,[24][25][26][27] do not consider API parameters, which lead to a loss of information. As an improvement, Cheng et al [28] used some reducing and substituting rules to category parameters of API calls.…”

Section: Types III and Iv: Malware Features Based On Apismentioning

confidence: 99%

Malware detection using bilayer behavior abstraction and improved one-class support vector machines

Miao

Liu

Cao

et al. 2015

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Malware detection is one of the most challenging problems in computer security. Recently, methods based on machine learning are very popular in unknown and variant malware detection. In order to achieve a successful learning, extracting discriminant and stable features is the most important prerequisite. In this paper, we propose a bilayer behavior abstraction method based on semantic analysis of dynamic API sequences. Operations on sensitive system resources and complex behaviors are abstracted in an interpretable way at different semantic layers. At the lower layer, raw API calls are combined to abstract low-layer behaviors via data dependency analysis. At the higher layer, low-layer behaviors are further combined to construct more complex high-layer behaviors with good interpretability. The extracted low-layer and high-layer behaviors are finally embedded into a highdimensional vector space. Hence, the abstracted behaviors can be directly used by many popular machine learning algorithms. Besides, to tackle the problem that benign programs are not adequately sampled or malware and benign programs are severely imbalanced, an improved one-class support vector machine (OC-SVM) named OC-SVM-Neg is proposed which makes use of the available negative samples. Experimental results show that the proposed feature extraction B Jiachen Liu method with OC-SVM-Neg outperforms binary classifiers on the false alarm rate and the generalization ability.

show abstract

“…Bai et al, [14] proposed critical API calling graph (CA G) and extracted CA G fro m the control flow graph for detecting the malware. Sheen et al, [15] proposed to prune the ensemble which detects the malware using harmony search and most recently, Nissim et al, [16] proposed a novel active learning method to detect new Malware files. Ahmed et al, [17] had used spatio-temporal information in API calls as feature selection for classifying the malware samp les.…”

Section: Related Workmentioning

confidence: 99%

Malware detection via API calls, topic models and machine learning

Sundarkumar

Ravi

Nwogu

et al. 2015

2015 IEEE International Conference on Automation Science and Engineering (CASE)

View full text Add to dashboard Cite

Dissemination of malicious code, also known as malware, poses severe challenges to cyber security. Malware authors embed software in seemingly innocuous executables, unknown to a user. The malware subsequently interacts with security-critical OS resources on the host system or network, in order to destroy their information or to gather sensitive information such as passwords and credit card numbers. Malware authors typically use Application Programming Interface (API) calls to perpetrate these crimes. We present a model that uses text mining and topic modeling to detect malware, based on the types of API call sequences. We evaluated our technique on two publicly available datasets . We observed that Decision Tree and S upport Vector Machine yielded significant results. We performed t-test with respect to sensitivity for the two models and found that statistically there is no significant difference between these models. We recommend Decision Tree as it yields 'if-then' rules, which could be used as an early warning expert system.

show abstract

Malware detection by pruning of parallel ensembles using harmony search

Cited by 30 publications

References 19 publications

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Malware detection using bilayer behavior abstraction and improved one-class support vector machines

Malware detection via API calls, topic models and machine learning

Contact Info

Product

Resources

About