论文信息 - Analysis of machine learning methods on malware detection

Analysis of machine learning methods on malware detection

Nowadays, one of the most important security threats are new, unseen malicious executables. Current anti-virus systems have been fairly successful against known malicious softwares whose signatures are known. However they are very ineffective against new, unseen malicious softwares. In this paper, we aim to detect new, unseen malicious executables using machine learning techniques. We extract distinguishing structural features of softwares and, employ machine learning techniques in order to detect malicious executables.

Sevil Sen | Emre Aydogan | Sevil Şen | Emre Aydoğan

[1] Ron Kohavi,et al. The Power of Decision Tables , 1995, ECML.

[2] Eugene H. Spafford,et al. The internet worm program: an analysis , 1989, CCRV.

[3] Heng Yin,et al. Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[4] Aiko M. Hormann,et al. Programs for Machine Learning. Part I , 1962, Inf. Control..

[5] David W. Aha,et al. Instance-Based Learning Algorithms , 1991, Machine Learning.

[6] Leo Breiman,et al. Random Forests , 2001, Machine Learning.

[7] Muhammad Zubair Shafiq,et al. PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime , 2009, RAID.

[8] Wenke Lee,et al. McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[9] rey O. Kephart,et al. Automatic Extraction of Computer Virus SignaturesJe , 2006 .

[10] Marcus A. Maloof,et al. Learning to detect malicious executables in the wild , 2004, KDD.

[11] Salvatore J. Stolfo,et al. Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[12] John C. Platt,et al. Fast training of support vector machines using sequential minimal optimization, advances in kernel methods , 1999 .

[13] Fabrice Bellard,et al. QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.