Malware Detection with Different Voting Schemes
Keywords:
Data mining, Ensemble, Feature Extraction, Feature selection, Machine learning, malware detection, Majority voting, Trust, Veto VotingAbstract
A common way of launching the attack in computer system is Malware. It has malicious intent of performing any kind of malicious action to computer system as a result entire system crashes. It comes in different forms like virus, Trojan , Spyware, Scareware, Adware etc. Traditional malware detection techniques viz. signature-based, Heuristic-based and Specification-based detection technique are unable to detect some form of malware and each technique has its own advantages and disadvantages.
A new methodology is proposed for malware detection that is based on data mining and machine learning techniques to detect known as well as unknown instances of malware. The new methodology uses disassemble process and three pre -processing techniques as part of feature extraction process to produce three different data sets with different configurations; feature selection technique is used to achieve consistent, reduced feature dataset. Three classification algorithms are used to generate and train the classifiers named as Ripper, C4.5 and IBk. The ensemble learning algorithm voting is used to improve the accuracy of result. Here majority voting and veto voting is used, the predicted output is decided on the basis of majority vo ting and veto voting. In veto voting the decision strategy of veto is improved by introducing the trust-based veto voting that definitely helps to improve the detection accuracy.
References
Symantec Corporation, Internet security threat report-2013, Volume 18.
Robin Sharp, An Introduction to Malware, Spring 2012. Retrieved on April, 10, 2013.
Imtithal A. Saeed, Ali Selamat, Ali M. A. Abuagoub, A Survey on Malware and Malware Detection Systems, International Journal of Computer Applications (0975 – 8887) Volume 67– No.16, April 2013
Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J.Stolfo, Data Mining Methods for Detection of New Malicious Executables, in Proceedings of the Symposium on Security and Privacy, 2001, pp. 38-49.
Yi-Bin Lu, Shu-Chang Din, Chao-Fu Zheng, and Bai-Jian Gao, Using Multi-Feature and Classifier Ensembles to Improve Malware Detection, JOURNAL OF C.C.I.T., VOL.39, NO.2, NOV., 2010.
R. K. Shahzad, S. I. Haider, and N. Lavesson, Detection of spyware by mining executable files, in Proceedings of the 5th International Conference on Availability, Reliability, and Security. IEEE Computer Society, 2010, pp. 295-302.
Raja Khurram Shahzad, Niklas Lavesson, Henric Johnson, Accurate Adware Detection using Opcode Sequence Extraction, in Proc. of the 6th International Conference on Availability, Reliability and Security (ARES11),Prague, Czech Republic. IEEE, 2011, pp. 189-195.
Asaf Shabtai, Robert Moskovitch, Clint Feher, Shlomi Dolev and Yuval Elovici, Detecting unknown malicious code by applying classification techniques on OpCode patterns, Security Informatics 2012, 1:1, http://www.securityinformatics.com/content/1/1/1.
Robiah Yusof, Siti Rahayu Selamat, Shahrin Sahib, Intrusion Alert Correlation Technique Analysis for Heterogeneous Log, IJCNS, 2008
Jianqiang Shi, Gregor V. Bochhmann, Carlisle Adams, A trust model with statistical foundation, System science, school of information technology and Engineering (SITE), University of Ottawa.
Muazzam Ahmed Siddiqui, Data Mining Methods For Malware Detection, B.E. NED University of Engineering and Technology, Doctor of Philosophy in Modeling and Simulation, University of Central Florida, 2008
Pham Van Hung, An approach to fast malware classification with machine learning technique, Keio University, 5322 Endo Fujisawa
Kanagawa 252-0882 JAPAN, 2011
R. K. Shahzad and N. Lavesson, Detecting scareware by mining variable length instruction sequences, in Proc. of the 10th Annual Information Security South Africa Conference (ISSA11), Johannesburg, South Africa. IEEE, August 2011, pp. 1-8.
Raja Khurram Shahzad, Niklas Lavesson, Veto-based Malware Detection, Seventh International Conference on Availability, Reliability and Security (ARES12), Prague, Czech Republic,IEEE,2012, pp. 47-54
Raja Khurram Shahzad, Niklas Lavesson, Comparative Analysis of Voting Schemes for Ensemble-based Malware Detection, Journal of
Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, volume: 4, number: 1, pp. 98-117.
T.W. A. Grandison, Trust management for internet applications, Ph.D. dissertation, Imperial College of Science, Technology and Medicine, University of London, 2003.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2014 COMPUSOFT: An International Journal of Advanced Computer Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
©2023. COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY by COMPUSOFT PUBLICATION is licensed under a Creative Commons Attribution 4.0 International License. Based on a work at COMPUSOFT: AN INTERNATIONAL OF ADVANCED COMPUTER TECHNOLOGY. Permissions beyond the scope of this license may be available at Creative Commons Attribution 4.0 International Public License.