Incremental Learning for Malware Classification in Small Datasets

Li, Jingmei; Xue, Di; Wu, Weifei; Wang, Jiaxiang

doi:10.1155/2020/6309243

Cited by 14 publications

(9 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Incremental Learning is used by Zhuang et al [120] for proposing a Malware Detection algorithm to preserve support vectors obtained from old data of SVM. Intrusion Detection is done using Incremental Multiclass SVM by Li et al [121]. Although using Incremental Learning is required for real-time detection, here small dataset is used, so the sample size used for classification is significantly less, and SVM performance is not suitable for such scenarios.…”

Section: B Review Of Various Machine Learning Techniques In Idsmentioning

confidence: 99%

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

2021

View full text Add to dashboard Cite

Internet of Things (IoT) technology is prospering and entering every part of our lives, be it education, home, vehicles, or healthcare. With the increase in the number of connected devices, several challenges are also coming up with IoT technology: heterogeneity, scalability, quality of service, security requirements, and many more. Security management takes a back seat in IoT because of cost, size, and power. It poses a significant risk as lack of security makes users skeptical towards using IoT devices. This, in turn, makes IoT vulnerable to security attacks, ultimately causing enormous financial and reputational losses. It makes up for an urgent need to assess present security risks and discuss the upcoming challenges to be ready to face the same. The undertaken study is a multi-fold survey of different security issues present in IoT layers: perception layer, network layer, support layer, application layer, with further focus on Distributed Denial of Service (DDoS) attacks. DDoS attacks are significant threats for the cyber world because of their potential to bring down the victims. Different types of DDoS attacks, DDoS attacks in IoT devices, impacts of DDoS attacks, and solutions for mitigation are discussed in detail. The presented review work compares Intrusion Detection and Prevention models for mitigating DDoS attacks and focuses on Intrusion Detection models. Furthermore, the classification of Intrusion Detection Systems, different anomaly detection techniques, different Intrusion Detection System models based on datasets, various machine learning and deep learning techniques for data pre-processing and malware detection has been discussed. In the end, a broader perspective has been envisioned while discussing research challenges, its proposed solutions, and future visions.

show abstract

Section: B Review Of Various Machine Learning Techniques In Idsmentioning

confidence: 99%

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

2021

View full text Add to dashboard Cite

show abstract

“…Most of the malware datasets are dynamic in real-life, which necessitates the malware classification to be incremental to learn new knowledge over time. The study 16 presented an incremental malware classification framework based on a multiclass SVM, titled IMCSVM. The latter constrains the new model by retaining it close to the old model for the new knowledge of old classes and constraining the new classification plane by retaining it close to the new planes' linear combination for the new knowledge of new classes.…”

Section: Related Workmentioning

confidence: 99%

Incremental learning framework for real‐world fraud detection environment

Anowar

Sadaoui

2021

Computational Intelligence

View full text Add to dashboard Cite

For detecting malicious bidding activities in e-auctions, this study develops a chunk-based incremental learning framework that can operate in real-world auction settings. The self-adaptive framework first classifies incoming bidder chunks to counter fraud in each auction and take necessary actions. The fraud classifier is then adjusted with confident bidders' labels validated via bidder verification and one-class classification. Based on real fraud data produced from commercial auctions, we conduct an extensive experimental study wherein the classifier is adapted incrementally using only relevant bidding data while evaluating the subsequent adjusted models' detection and misclassification rates. We also compare our classifier with static learning and learning without data relevancy. K E Y W O R D S chunk-based incremental learning, fraud detection, imbalanced data, incremental memory model, incremental SGD, one-class SVM

show abstract

“…ey also analyzed its performance and obtained an accuracy of 96.3%. Li et al [15] proposed an incremental malware classification (IMC) framework and an incremental learning method based on multiclass support vector machines (SVM), which improved the classification ability of IMCSVM incrementally by learning new malware samples. Baldangombo et al [20] presented a static malware detection system to extract valuable features of Windows portable executable (PE) files using the static analysis method.…”

Section: Related Workmentioning

confidence: 99%

“…To identify families of APT malware samples, the current work analyzes typical malicious malware behaviors of different APT families to distinguish them [2,14]. However, the number of publicly available malware samples from each APT family is small, making it difficult to train a robust classification model through such a small number of samples [15].…”

Section: Introductionmentioning

confidence: 99%

Toward Identifying APT Malware through API System Calls

Wei

Guo

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Self-developed malware was usually used by advanced persistent threat (APT) attackers to launch APT attacks. Therefore, we can enhance the understanding and cognition of APT attacks by comprehending the behavior of APT malware. Unfortunately, the current research cannot effectively explain the relationship between the recognition, detection, and defense of APT. The model of similar studies also lacks an explanation about it. To defend against APT attacks and inquire about the similarity of different APT attacks, this study proposes an APT malware classification method based on a combination of multiple deep learning algorithms and transfer learning by collecting malware used in several famous APT groups in public. By extracting the application programming interface (API) system calls, with the vector representation of features by combining dynamic LSTM and attention algorithm, we can obtain API at different APT families classification contributions trained dynamic. Thus, we used transfer learning to perform multiple classifications of the APT family. This study aims to reduce the burden of network security staff from reviewing a large number of suspicious files when defending against APT attacks. Additionally, it can effectively intercept them in the initial invasion stage of APT to perform targeted defense against specific APT attacks by combining threat intelligence in public. The experimental result shows that the proposed method can achieve 99.2% in distinguishing common malware from APT malware and assign APT malware to different APT families with an accuracy of 95.5%.

show abstract

Incremental Learning for Malware Classification in Small Datasets

Cited by 14 publications

References 34 publications

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

Internet of Things Applications, Security Challenges, Attacks, Intrusion Detection, and Future Visions: A Systematic Review

Incremental learning framework for real‐world fraud detection environment

Toward Identifying APT Malware through API System Calls

Contact Info

Product

Resources

About