Abdurrahman Pektas, T. Acarman, Yliès Falcone, Jean-Claude Fernandez
{"title":"使用在线机器学习的基于运行时行为的恶意软件分类","authors":"Abdurrahman Pektas, T. Acarman, Yliès Falcone, Jean-Claude Fernandez","doi":"10.1109/WorldCIS.2015.7359437","DOIUrl":null,"url":null,"abstract":"Identification of malware's family is an intricate process whose success and accuracy depends on different factors. These factors are mainly related to the process of extracting of meaningful and distinctive features from a set of malware samples, modeling malware via its static or dynamic features and particularly techniques used to classify malware samples. In this paper, we propose a new malware classification method based on behavioral features. File system, network, registry activities observed during the execution traces of the malware samples are used to represent behavior based features. Existing classification schemes apply machine-learning algorithms to the stored data, i.e., they are off-line. In this study, we use on-line machine learning algorithms that can provide instantaneous update about the new malware sample by following its introduction to the classification scheme. To validate the effectiveness and scalability of our method, we have evaluated our method by using 18,000 recent malicious files. Experimental results show that our method classifies malware with an accuracy of 92.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Runtime-behavior based malware classification using online machine learning\",\"authors\":\"Abdurrahman Pektas, T. Acarman, Yliès Falcone, Jean-Claude Fernandez\",\"doi\":\"10.1109/WorldCIS.2015.7359437\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Identification of malware's family is an intricate process whose success and accuracy depends on different factors. These factors are mainly related to the process of extracting of meaningful and distinctive features from a set of malware samples, modeling malware via its static or dynamic features and particularly techniques used to classify malware samples. In this paper, we propose a new malware classification method based on behavioral features. File system, network, registry activities observed during the execution traces of the malware samples are used to represent behavior based features. Existing classification schemes apply machine-learning algorithms to the stored data, i.e., they are off-line. In this study, we use on-line machine learning algorithms that can provide instantaneous update about the new malware sample by following its introduction to the classification scheme. To validate the effectiveness and scalability of our method, we have evaluated our method by using 18,000 recent malicious files. Experimental results show that our method classifies malware with an accuracy of 92.\",\"PeriodicalId\":234497,\"journal\":{\"name\":\"2015 World Congress on Internet Security (WorldCIS)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 World Congress on Internet Security (WorldCIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WorldCIS.2015.7359437\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 World Congress on Internet Security (WorldCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WorldCIS.2015.7359437","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Runtime-behavior based malware classification using online machine learning
Identification of malware's family is an intricate process whose success and accuracy depends on different factors. These factors are mainly related to the process of extracting of meaningful and distinctive features from a set of malware samples, modeling malware via its static or dynamic features and particularly techniques used to classify malware samples. In this paper, we propose a new malware classification method based on behavioral features. File system, network, registry activities observed during the execution traces of the malware samples are used to represent behavior based features. Existing classification schemes apply machine-learning algorithms to the stored data, i.e., they are off-line. In this study, we use on-line machine learning algorithms that can provide instantaneous update about the new malware sample by following its introduction to the classification scheme. To validate the effectiveness and scalability of our method, we have evaluated our method by using 18,000 recent malicious files. Experimental results show that our method classifies malware with an accuracy of 92.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
