Proposing an efficient approach for malware clustering

2017 Artificial Intelligence and Signal Processing Conference (AISP) Pub Date : 2017-10-01 DOI:10.1109/AISP.2017.8324094

Maryam Mohammadi, A. Hamzeh

{"title":"Proposing an efficient approach for malware clustering","authors":"Maryam Mohammadi, A. Hamzeh","doi":"10.1109/AISP.2017.8324094","DOIUrl":null,"url":null,"abstract":"Recently, malwares in security threats have a top rank which can damage computing systems and networks seriously. Over time malwares become more complicated and detection of them gets harder. Because traditional techniques such as signature based were not successful to detect metamorphic malwares, machine learning algorithms have been used to detect them. The Hidden Markov Model (HMM) has been successfully used in speech recognition, pattern recognition, part-of-speech tagging and biological sequence analysis. Previous work has shown that HMM is a convincing method for malware detection. However, some advanced metamorphic malwares have demonstrated to be more challenging to detect with these techniques. In this paper, we use clustering techniques with the probabilities as features based on HMM to the malware detection problem. In fact, we use clustering as classifier to detect malware. We compute clusters with K-means and Expectation Maximization algorithms. Results revealed that using clustering instead of HMM based approach, can have reasonable accuracy for metamorphic malware detection.","PeriodicalId":386952,"journal":{"name":"2017 Artificial Intelligence and Signal Processing Conference (AISP)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Artificial Intelligence and Signal Processing Conference (AISP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AISP.2017.8324094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Recently, malwares in security threats have a top rank which can damage computing systems and networks seriously. Over time malwares become more complicated and detection of them gets harder. Because traditional techniques such as signature based were not successful to detect metamorphic malwares, machine learning algorithms have been used to detect them. The Hidden Markov Model (HMM) has been successfully used in speech recognition, pattern recognition, part-of-speech tagging and biological sequence analysis. Previous work has shown that HMM is a convincing method for malware detection. However, some advanced metamorphic malwares have demonstrated to be more challenging to detect with these techniques. In this paper, we use clustering techniques with the probabilities as features based on HMM to the malware detection problem. In fact, we use clustering as classifier to detect malware. We compute clusters with K-means and Expectation Maximization algorithms. Results revealed that using clustering instead of HMM based approach, can have reasonable accuracy for metamorphic malware detection.

查看原文本刊更多论文

提出了一种有效的恶意软件聚类方法

近年来，恶意软件对计算系统和网络造成的危害位居安全威胁之首。随着时间的推移，恶意软件变得越来越复杂，检测起来也越来越困难。由于基于签名的传统技术无法成功检测变形恶意软件，机器学习算法被用于检测变形恶意软件。隐马尔可夫模型已成功应用于语音识别、模式识别、词性标注和生物序列分析等领域。先前的工作表明HMM是一种令人信服的恶意软件检测方法。然而，一些先进的变形恶意软件已经证明，用这些技术来检测更具挑战性。在本文中，我们采用基于HMM的以概率为特征的聚类技术来解决恶意软件检测问题。实际上，我们使用聚类作为分类器来检测恶意软件。我们用K-means和期望最大化算法计算聚类。结果表明，用聚类方法代替基于HMM的方法，对变形恶意软件的检测具有较高的准确率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 Artificial Intelligence and Signal Processing Conference (AISP)

自引率

0.00%

发文量