Learning to detect malicious executables in the wild

Kolter, J. Zico; Maloof, Marcus A.

doi:10.1145/1014052.1014105

Cited by 553 publications

(615 citation statements)

References 24 publications

Supporting

Mentioning

608

Contrasting

Unclassified

Order By: Relevance

“…None of these works uses sub-semantic features or is targeted towards hardware implementation (which requires simpler machine learning algorithms). Specialized detectors were previously proposed [15] for use in malware classification (i.e., labeling malware). Labeling is used to classify collected malware using offline analysis.…”

Section: Related Workmentioning

confidence: 99%

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Khasawneh

Özsoy

Donovick

et al. 2015

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

Abstract. Recent work demonstrated hardware-based online malware detection using only low-level features. This detector is envisioned as a first line of defense that prioritizes the application of more expensive and more accurate software detectors. Critical to such a framework is the detection performance of the hardware detector. In this paper, we explore the use of both specialized detectors and ensemble learning techniques to improve performance of the hardware detector. The proposed detectors reduce the false positive rate by more than half compared to a single detector, while increasing the detection rate. We also contribute approximate metrics to quantify the detection overhead, and show that the proposed detectors achieve more than 11x reduction in overhead compared to a software only detector (1.87x compared to prior work), while improving detection time. Finally, we characterize the hardware complexity by extending an open core and synthesizing it on an FPGA platform, showing that the overhead is minimal.

show abstract

Section: Related Workmentioning

confidence: 99%

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Khasawneh

Özsoy

Donovick

et al. 2015

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

show abstract

“…A comprehensive survey of various techniques can be found in [5]. Approaches for large-scale detection are often based on Machine learning techniques, which allow to sift through large sets of applications to detect anomalies based on measures of similarity of features [6][7][8][9][10][11][12][13][14].…”

Section: Introductionmentioning

confidence: 99%

Are Your Training Datasets Yet Relevant?

Allix

Bissyandé

Klein

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to confirm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild.

show abstract

“…To this end, various data mining and machine learning approaches [21,28,14,19,25,5,6,18,27,9,20] have been applied to categorize malware into families based on different features derived from the analysis of the malware. Indeed, malware analysis involves two fundamental techniques: static and dynamic.…”

Section: Related Workmentioning

confidence: 99%

A Scalable Malware Classification Based on Integrated Static and Dynamic Features

Bounouh

Brahimi

Al-Nemrat³

et al. 2016

Global Security, Safety and Sustainability - The Security Challenges of the Connected World

View full text Add to dashboard Cite

Abstract. This paper presents a malware classification approach which aims to improve precision and support scalability. To this end, an hybrid approach combining both static and dynamic features is adopted. The hybrid approach has the advantage of being a complete and robust solution to evasion techniques used by malware writers. The proposed methodology allowed achieving a very promising accuracy of 99.41% in classifying malware into families while considerably reducing the feature space compared to competing approaches in the literature.

show abstract

Learning to detect malicious executables in the wild

Cited by 553 publications

References 24 publications

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Are Your Training Datasets Yet Relevant?

A Scalable Malware Classification Based on Integrated Static and Dynamic Features

Contact Info

Product

Resources

About