随机投影对恶意软件分类的评价

2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI:10.1109/SERE-C.2013.29

S. Ponomarev, Jan Durand, Nathan Wallace, T. Atkison

{"title":"随机投影对恶意软件分类的评价","authors":"S. Ponomarev, Jan Durand, Nathan Wallace, T. Atkison","doi":"10.1109/SERE-C.2013.29","DOIUrl":null,"url":null,"abstract":"Research efforts to develop malicious application detection algorithms have been a priority ever since the discovery of the first \"viruses\". Various methods are used to search and identify these malicious applications. One such method, n-gram analysis, can be implemented to extract features from binary files. These features are then be used by machine learning algorithms to classify them as malicious or benign. However, the resulting high dimensionality of the features makes accurate detection in some cases impossible. This is known as \"the curse of dimensionality\". To counteract this effect, a feature reduction technique known as randomized projection was implemented. Through this reduction, not only are classification times decreased but also an increase in true positive and decreases false positive rates are observed. By varying the n-gram size and target feature size it is possible to fine-tune the accuracy of machine learning algorithms to reach an average accuracy of 99%.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"102 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Evaluation of Random Projection for Malware Classification\",\"authors\":\"S. Ponomarev, Jan Durand, Nathan Wallace, T. Atkison\",\"doi\":\"10.1109/SERE-C.2013.29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Research efforts to develop malicious application detection algorithms have been a priority ever since the discovery of the first \\\"viruses\\\". Various methods are used to search and identify these malicious applications. One such method, n-gram analysis, can be implemented to extract features from binary files. These features are then be used by machine learning algorithms to classify them as malicious or benign. However, the resulting high dimensionality of the features makes accurate detection in some cases impossible. This is known as \\\"the curse of dimensionality\\\". To counteract this effect, a feature reduction technique known as randomized projection was implemented. Through this reduction, not only are classification times decreased but also an increase in true positive and decreases false positive rates are observed. By varying the n-gram size and target feature size it is possible to fine-tune the accuracy of machine learning algorithms to reach an average accuracy of 99%.\",\"PeriodicalId\":150535,\"journal\":{\"name\":\"2013 IEEE Seventh International Conference on Software Security and Reliability Companion\",\"volume\":\"102 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE Seventh International Conference on Software Security and Reliability Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE-C.2013.29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2013.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

自从发现第一个“病毒”以来，开发恶意应用程序检测算法的研究工作一直是一个优先事项。搜索和识别这些恶意应用程序的方法多种多样。一种这样的方法，n-gram分析，可以实现从二进制文件中提取特征。然后，机器学习算法使用这些特征将它们分类为恶意或良性。然而，由此产生的高维特征使得在某些情况下无法准确检测。这就是众所周知的“维度的诅咒”。为了抵消这种影响，采用了一种称为随机投影的特征缩减技术。通过这种减少，不仅减少了分类时间，而且观察到真阳性率增加和假阳性率降低。通过改变n-gram大小和目标特征大小，可以微调机器学习算法的准确性，达到99%的平均准确率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluation of Random Projection for Malware Classification

Research efforts to develop malicious application detection algorithms have been a priority ever since the discovery of the first "viruses". Various methods are used to search and identify these malicious applications. One such method, n-gram analysis, can be implemented to extract features from binary files. These features are then be used by machine learning algorithms to classify them as malicious or benign. However, the resulting high dimensionality of the features makes accurate detection in some cases impossible. This is known as "the curse of dimensionality". To counteract this effect, a feature reduction technique known as randomized projection was implemented. Through this reduction, not only are classification times decreased but also an increase in true positive and decreases false positive rates are observed. By varying the n-gram size and target feature size it is possible to fine-tune the accuracy of machine learning algorithms to reach an average accuracy of 99%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

自引率

0.00%

发文量