论文信息 - Virus detection with machine learning

Virus detection with machine learning

Standard virus detection relies on the use of signatures, which are a small number of bytes from a virus. In this project we present an alternate approach to virus detection through the use of machine learning techniques, to detect viruses based on their behaviour instead. A virtual environment was created to allow real viruses to propagate. In order to obtain realistic results, we attempted to simulate real-world computer usage on the virtual machines we used. A virus ‘observatory’ was then designed to visualise virus propagation. Windows perfmon counters were used to obtain a numeric representation of the computer’s state. These counters from machines, were then visualised in a matrix format. We applied machine learning techniques to detect the name of the virus active on a computer. We consider how to improve the accuracy of the classifiers through the use of information gain. Finally we attempted to detect viruses after our system was only trained using ‘normal’ activity. This gives the system the possibility for being used to detect unknown viruses.

Christopher Richardson

[1] Dit-Yan Yeung,et al. Parzen-window network intrusion detectors , 2002, Object recognition supported by user interaction for service robots.

[2] Moti Yung,et al. Malicious cryptography - exposing cryptovirology , 2004 .

[3] Antoine Geissbühler,et al. Novelty Detection using One-class Parzen Density Estimator. An Application to Surveillance of Nosocomial Infections , 2008, MIE.

[4] Grzegorz Kolaczek,et al. Assessing the Uncertainty of Communication Patterns in Distributed Intrusion Detection System , 2006, KES.

[5] Angelos D. Keromytis,et al. A cooperative immunization system for an untrusting Internet , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[6] Peter Szor,et al. The Art of Computer Virus Research and Defense , 2005 .

[7] Usama M. Fayyad,et al. Multi-Interval Discretization of Continuous-Valued Attributes for Classification Learning , 1993, IJCAI.

[8] Matthew Murray Williamson,et al. An epidemiological model of virus spread and cleanup , 2003 .

[9] Carsten Willems,et al. Learning and Classification of Malware Behavior , 2008, DIMVA.