nach oben

Journal of Computer Virology and Hacking Techniques

Erschienen in:

01.11.2016 | Original Paper

Clustering versus SVM for malware detection

verfasst von: Usha Narra, Fabio Di Troia, Visaggio Aaron Corrado, Thomas H. Austin, Mark Stamp

Erschienen in: Journal of Computer Virology and Hacking Techniques | Ausgabe 4/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Previous work has shown that cluster analysis can be used to effectively classify malware into meaningful families. In this research, we apply cluster analysis to the challenging problem of classifying previously unknown malware. We perform several experiments involving malware clustering. We compare our clustering results to those obtained when a support vector machine (SVM) is trained on the malware family. Using clustering, we are able to classify malware with an accuracy comparable to that of an SVM. An advantage of the clustering approach is that a new malware family can be classified before a model has been trained specifically for the family.

Vorheriger Artikel Support vector machines and malware detection

Nächster Artikel Subroutine based detection of APT malware

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alsabti, K., Ranka, S., Singh, V.: An efficient K-means clustering algorithm. https://www.cs.utexas.edu/~kuipers/readings/Alsabti-hpdm-98.pdf (1998). Accessed 22 Sept 2015

Annachhatre, C., Austin, T.H., Stamp, M.: HiddenMarkov models for malware classification. J. Comput. Virol. Hack. Tech. 11(2), 59–73 (2014)CrossRef

Austin, T., Filiol, E., Josse, S., Stamp, M.: Exploring hidden Markov models for virus analysis: a semantic approach. In: 46th Hawaii International Conference on System Sciences (HICSS 2013), pp. 5039–5048 (2013)

Baysa, D., Low, R.M., Stamp, M.: Structural entropy and metamorphic malware. J. Comput. Virol. Hack. Tech. 9(4), 179–192 (2013)CrossRef

Bilmes, J.A.: A Gentle tutorial of the EM algorithm and its application to parameter estimation for Gaussian mixture and hidden Markov models. http://crow.ee.washington.edu/people/bulyko/papers/em.pdf (1998). Accessed 22 Sept 2015

Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. J. Pattern Recognit. 30(7), 1145–1159 (1997)CrossRef

Do, C.B., Batzoglou, S.: What is the expectation maximization algorithm? Nat. Biotechnol. 26(8), 897–899 (2008)CrossRef

Fawcett, T.: An introduction to ROC analysis. Pattern Recognit. Lett. 27(8), 861–874 (2006)MathSciNetCrossRef

Harebot. http://www.pandasecurity.com/homeusers/security-info/220319/Harebot.M. Accessed 22 Sept 2015

10.

IDA Disassembler (n.d.). http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/IDA-PRO.shtml. Accessed 22 Sept 2015

11.

Jin, R.: Cluster validation. http://www.cs.kent.edu/~jin/DM08/ClusterValidation.pdf (2008). Accessed 22 Sept 2015

12.

Malware Protection Center (n.d.), Win32/Winwebsec. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fWinwebsec. Accessed 22 Sept 2015

13.

Matlab Statistics Toolbox (n.d.). http://www.mathworks.com/help/stats/index.html. Accessed 22 Sept 2015

14.

Moore, A.W.: \(K\)-means and hierarchical clustering. http://www.autonlab.org/tutorials/kmeans11.pdf (2001). Accessed 22 Sept 2015

15.

Nappa, A., Raque, M.Z., Caballero, J.: Driving in the cloud: an analysis of drive-by download operations and abuse reporting of viruses. In: Proceedings of the 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (2013)

16.

Next Generation Virus Construction Kit, VX Heavens. http://vxheaven.org/vx.php?id=tn02. Accessed 22 Sept 2015

17.

Rabiner, L.R.: A tutorial on hidden Markov models and selected applications in speech recognition. Proc. IEEE 77(2), 257–286 (1989)CrossRef

18.

RapidMiner (n.d.). https://rapidminer.com/documentation/. Accessed 22 Sept 2015

19.

Security Shield. http://www.symantec.com/security_response/glossary/define.jsp?letter=s&word=security-shield. Accessed 22 Sept 2015

20.

Shanmugam, G., Low, R.M., Stamp, M.: Simple substitution distance and metamorphic detection. J. Comput. Virol. Hack. Tech. 9(3), 159–170 (2013)

21.

Smart HDD. http://support.kaspersky.com/viruses/rogue?qid=208286454. Accessed 22 Sept 2015

22.

Stamp, M.: A revealing introduction to hidden Markov models. http://www.cs.sjsu.edu/~stamp/RUA/HMM.pdf (2012). Accessed 22 Sept 2015

23.

Stamp, M.: Machine Learning with Applications in Information Security (2015) (submitted for publication)

24.

Support vector machines (n.d.). http://support-vector-machines.org/. Accessed 22 Sept 2015

25.

Symantec: Trojan.Zbot. http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99 (2010). Accessed 22 Sept 2015

26.

Symantec security response: Trojan.Zeroaccess. http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99 (2011). Accessed 22 Sept 2015

27.

Tan, P.N., Steinbach, M., Kumar, V.: Introduction to data mining, chapter 8. In: Cluster Analysis: Basic Concepts and Algorithms. Addison-Wesley (2006)

28.

Vasudevan, A.: MalTRAK: tracking and eliminating unknown malware. In: Computer Security Applications Conference, pp. 311–321 (2008)

29.

Villeneuve, N.: With a foreword by R. Deibert and R. Rohozinski: KOOBFACE: inside a crimeware network. http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-real-face-of-koobface.pdf (2010). Accessed 22 Sept 2015

30.

Virus Bulletin (n.d.), Last-minute paper: an indepth look into Stuxnet. http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml. Accessed 22 Sept 2015

31.

Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211–229 (2006)CrossRef

Titel: Clustering versus SVM for malware detection
verfasst von: Usha Narra
Fabio Di Troia
Visaggio Aaron Corrado
Thomas H. Austin
Mark Stamp
Publikationsdatum: 01.11.2016
Verlag: Springer Paris
Erschienen in: Journal of Computer Virology and Hacking Techniques / Ausgabe 4/2016
Elektronische ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-015-0253-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2016

A set of features to detect web security threats

Support vector machines and malware detection

Subroutine based detection of APT malware

On normalized compression distance and large malware

Premium Partner