Malware Function Estimation Using API in Initial Behavior

Kawaguchi, Naoto; Omote, Kazumasa

doi:10.1587/transfun.e100.a.167

Cited by 4 publications

(1 citation statement)

References 14 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to learning opcode sequences, some researchers also use SVM to learn other characteristics. For example, API sequences extracted from software can be used as the input for SVM [18,19]. Salehi et al [20] use support vector machine based on recursive feature elimination to detect activity of software based on API calls and their arguments and return values, in which each software is run in a controlled environment.…”

Section: Malware Classificationmentioning

confidence: 99%

Incremental Learning for Malware Classification in Small Datasets

Xue

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Information security is an important research area. As a very special yet important case, malware classification plays an important role in information security. In the real world, the malware datasets are open-ended and dynamic, and new malware samples belonging to old classes and new classes are increasing continuously. This requires the malware classification method to enable incremental learning, which can efficiently learn the new knowledge. However, existing works mainly focus on feature engineering with machine learning as a tool. To solve the problem, we present an incremental malware classification framework, named “IMC,” which consists of opcode sequence extraction, selection, and incremental learning method. We develop an incremental learning method based on multiclass support vector machine (SVM) as the core component of IMC, named “IMCSVM,” which can incrementally improve its classification ability by learning new malware samples. In IMC, IMCSVM adds the new classification planes (if new samples belong to a new class) and updates all old classification planes for new malware samples. As a result, IMC can improve the classification quality of known malware classes by minimizing the prediction error and transfer the old model with known knowledge to classify unknown malware classes. We apply the incremental learning method into malware classification, and the experimental results demonstrate the advantages and effectiveness of IMC.

show abstract

Section: Malware Classificationmentioning

confidence: 99%