Fractal based adaptive boosting algorithm for cognitive detection of computer malware

2016 IEEE 15th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC) Pub Date : 2016-08-01 DOI:10.1109/ICCI-CC.2016.7862074

Muhammad Salman Khan, S. Siddiqui, R. McLeod, K. Ferens, W. Kinsner

{"title":"Fractal based adaptive boosting algorithm for cognitive detection of computer malware","authors":"Muhammad Salman Khan, S. Siddiqui, R. McLeod, K. Ferens, W. Kinsner","doi":"10.1109/ICCI-CC.2016.7862074","DOIUrl":null,"url":null,"abstract":"Host Based Intrusion Detection Systems (HIDS) are gaining traction in discovering malicious software inside a host operating system. In this paper, the authors have developed a new cognitive host based anomaly detection system based on supervised AdaBoost machine learning algorithm. Particularly, information fractal dimension based approach is incorporated in the original AdaBoost machine learning algorithm to assign higher weight to the classifier that estimates wrong hypothesis. An agent based host sensor is developed that continuously gathers and extracts network profile of all the host processes and the modules spawned by each process of a Microsoft Windows 7 operating system. The main contributions of this paper are that a malware testing sandbox is developed using Microsoft native APIs and an information fractal (cognitive) based AdaBoost algorithm is designed and developed. Our results on empirical data set shows that the malware detection performance of the proposed algorithm outperforms original AdaBoost algorithm in detecting positives including the reduction of false negatives.","PeriodicalId":135701,"journal":{"name":"2016 IEEE 15th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 15th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCI-CC.2016.7862074","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Host Based Intrusion Detection Systems (HIDS) are gaining traction in discovering malicious software inside a host operating system. In this paper, the authors have developed a new cognitive host based anomaly detection system based on supervised AdaBoost machine learning algorithm. Particularly, information fractal dimension based approach is incorporated in the original AdaBoost machine learning algorithm to assign higher weight to the classifier that estimates wrong hypothesis. An agent based host sensor is developed that continuously gathers and extracts network profile of all the host processes and the modules spawned by each process of a Microsoft Windows 7 operating system. The main contributions of this paper are that a malware testing sandbox is developed using Microsoft native APIs and an information fractal (cognitive) based AdaBoost algorithm is designed and developed. Our results on empirical data set shows that the malware detection performance of the proposed algorithm outperforms original AdaBoost algorithm in detecting positives including the reduction of false negatives.

查看原文本刊更多论文

基于分形的计算机恶意软件认知检测自适应增强算法

基于主机的入侵检测系统(HIDS)在发现主机操作系统内的恶意软件方面正获得越来越多的关注。本文基于监督AdaBoost机器学习算法，开发了一种新的基于认知主机的异常检测系统。特别是在原始AdaBoost机器学习算法中引入了基于信息分形维数的方法，对估计错误假设的分类器赋予更高的权重。开发了一种基于代理的主机传感器，可以连续地采集和提取Windows 7操作系统中所有主机进程的网络概况以及每个进程所产生的模块。本文的主要贡献是利用微软原生api开发了恶意软件测试沙盒，设计并开发了基于信息分形(认知)的AdaBoost算法。我们在经验数据集上的结果表明，该算法在检测阳性(包括减少假阴性)方面优于原始AdaBoost算法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 15th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC)

自引率

0.00%

发文量