Malicious Codes Detection Based on Ensemble Learning

Zhang, Boyun; Yin, Jianping; Jiang, Hao; Zhang, Dingxing; Wang, Shulin

doi:10.1007/978-3-540-73547-2_48

Cited by 48 publications

(32 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The majority of our classifiers achieved better results than Henchiri & Japkowicz best ones, even though we used a simple feature selection method. Zhang et al (2007) leveraged a multi-classifier combination to build a malware detector. They evaluated the quality of their detector with the 5-Fold method on three datasets, each containing 150 malware and 423 goodware.…”

Section: Related Workmentioning

confidence: 99%

“…Machine learning techniques, by allowing to sift through large sets of applications to detect malicious applications based on measures of similarity of features, appear to be promising for large-scale malware detection (Henchiri and Japkowicz 2006;Kolter and Maloof 2006;Zhang et al 2007;Sahs and Khan 2012;Perdisci et al 2008b). Unfortunately, measuring the quality of a malware detection scheme has always been a challenge, especially in the case of malware detectors whose authors claim that they work "in the wild".…”

mentioning

confidence: 99%

See 1 more Smart Citation

Empirical assessment of machine learning-based malware detectors for Android

et al. 2014

View full text Add to dashboard Cite

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild.To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications' CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed-F-measures dropping from over 0.9 in the lab to below 0.1 in the wild -raises one important question: How do state-of-the-art approaches perform in the wild ?

show abstract

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

Empirical assessment of machine learning-based malware detectors for Android

et al. 2014

View full text Add to dashboard Cite

show abstract

“…Researchers built ensemble malware detectors [1,10,11,14,17,18,20,22,24,25,29,30,35,36,38], based on combining general detectors. Moreover, most of them used off-line analysis [1,10,14,25,29,30,35,36].…”

Section: Related Workmentioning

confidence: 99%

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Khasawneh

Özsoy

Donovick

et al. 2015

Research in Attacks, Intrusions, and Defenses

View full text Add to dashboard Cite

Abstract. Recent work demonstrated hardware-based online malware detection using only low-level features. This detector is envisioned as a first line of defense that prioritizes the application of more expensive and more accurate software detectors. Critical to such a framework is the detection performance of the hardware detector. In this paper, we explore the use of both specialized detectors and ensemble learning techniques to improve performance of the hardware detector. The proposed detectors reduce the false positive rate by more than half compared to a single detector, while increasing the detection rate. We also contribute approximate metrics to quantify the detection overhead, and show that the proposed detectors achieve more than 11x reduction in overhead compared to a software only detector (1.87x compared to prior work), while improving detection time. Finally, we characterize the hardware complexity by extending an open core and synthesizing it on an FPGA platform, showing that the overhead is minimal.

show abstract

“…A comprehensive survey of various techniques can be found in [5]. Approaches for large-scale detection are often based on Machine learning techniques, which allow to sift through large sets of applications to detect anomalies based on measures of similarity of features [6][7][8][9][10][11][12][13][14].…”

Section: Introductionmentioning

confidence: 99%

Are Your Training Datasets Yet Relevant?

Allix

Bissyandé

Klein

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to confirm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild.

show abstract

Malicious Codes Detection Based on Ensemble Learning

Cited by 48 publications

References 10 publications

Empirical assessment of machine learning-based malware detectors for Android

Empirical assessment of machine learning-based malware detectors for Android

Ensemble Learning for Low-Level Hardware-Supported Malware Detection

Are Your Training Datasets Yet Relevant?

Contact Info

Product

Resources

About