On the Effectiveness of Generic Malware Models

Bagga, Naman; Troia, Fabio Di; Stamp, Mark

doi:10.5220/0006921506080616

Cited by 4 publications

(8 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [3], the authors perform experiments using 𝑛-grams as features for different machine learning models. The classification techniques included SVM, a simple 𝜒 2 test, 𝑘-NN, and random forest.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Multifamily Malware Models

Basole¹,

Troia²,

Stamp³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

When training a machine learning model, there is likely to be a tradeoff between accuracy and the diversity of the dataset. Previous research has shown that if we train a model to detect one specific malware family, we generally obtain stronger results as compared to a case where we train a single model on multiple diverse families. However, during the detection phase, it would be more efficient to have a single model that can reliably detect multiple families, rather than having to score each sample against multiple models. In this research, we conduct experiments based on byte 𝑛-gram features to quantify the relationship between the generality of the training dataset and the accuracy of the corresponding machine learning models, all within the context of the malware detection problem. We find that neighborhood-based algorithms generalize surprisingly well, far outperforming the other machine learning techniques considered.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Then we consider models designed to detect pairs of families, triples of families, and so on, up to a single model for all 20 families under consideration. In this way, we produce models that must deal with progressively more generic datasets [3].…”

Section: Introductionmentioning

confidence: 99%

Multifamily Malware Models

Basole¹,

Troia²,

Stamp³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [10], the authors performed experiments using n-grams as features for different machine learning models. Their techniques included SVM, a chi-square test, k-NN, and random forest.…”

Section: N-gramsmentioning

confidence: 99%

“…Our research uses a similar approach as described in [10] by using n-grams to determine the tradeoff between the generality and the accuracy of a model. In contrast, we use 20 families instead of 8, a different feature selection method, and different machine learning techniques, as discussed in more detail in Chapter 4.…”

Section: N-gramsmentioning

confidence: 99%

See 1 more Smart Citation

Multifamily malware models

Basole

Troia

Stamp

2020

J Comput Virol Hack Tech

Self Cite

View full text Add to dashboard Cite

Multifamily Malware Models by Samanvitha Basole When training a machine learning model, there is likely to be a tradeoff between the accuracy of the model and the generality of the dataset. Previous research has shown that if we train a model to detect one specific malware family, we obtain stronger results as compared to a case where we train a single model on multiple diverse families. During the detection phase, it would be more efficient to have a single model that could detect multiple families, rather than having to score each sample against multiple models. In this research, we conduct experiments to quantify the relationship between the generality of the training dataset and the accuracy of the resulting model within the context of the malware detection problem. 6 Conclusion and Future Work .

show abstract