VILO: a rapid learning nearest-neighbor classifier for malware triage

Lakhotia, Arun; Walenstein, Andrew; Miles, Craig; Singh, Anshuman

doi:10.1007/s11416-013-0178-3

Cited by 29 publications

(35 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…VILO implements the nearest neighbour algorithm with similarities evalueated over TFIDF weighted opcode mnemonic permutation features (N-perms). The results in [25] showed that VILO is the quick and efficacious learner of the real-world malware. TFIDF weighting of features ensures that the features that are common across many categories of executable code are not overly emphasized [25].…”

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 96%

“…The results in [25] showed that VILO is the quick and efficacious learner of the real-world malware. TFIDF weighting of features ensures that the features that are common across many categories of executable code are not overly emphasized [25]. This is also suitable for constantly changing malware population.…”

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 96%

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 99%

“…Conversely, in familial malware classification problem, a malicious executable code is classified as belonging to a specific group of malware [25]. In [25], the work is based on the familial malware classification. VILO makes use of three components: N-perm feature vectors, Term Frequency X Inverse Document Frequency (TFIDF) weighting of features [20], and nearest-neighbour algorithm.…”

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 99%

See 3 more Smart Citations

Pragmatic Analysis on Malware Classification

Chanana¹

2017

IJRASET

View full text Add to dashboard Cite

Malware are tiny software which are created to harm our computers or to steal valuable information. Recently with the advancement in machine learning algorithms, researches also started looking to a solution which can detect the malware and classify them automatically so that necessary step can be decided. In this paper we discussed and reviewed the methods adopted and suggested by various researchers to detect and classify malwares using machine learning and clustering algorithms. Since this is not a very old field so research papers used to review are not very old.

show abstract

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 96%

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 96%

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 99%

Section: Vilo: a Rapid Learning Nearest-neighbour Classifier For Mmentioning

confidence: 99%

See 2 more Smart Citations

Pragmatic Analysis on Malware Classification

Chanana¹

2017

IJRASET

View full text Add to dashboard Cite

show abstract

“…Opcode-n-grams are achieved by static analysis in two steps: 1) Disassemble the sample, and 2) Processing and extracting opcode-n-grams. Opcode-n-grams based features have two variants, one with consider operand along with opcode and other which doesn"t take operand in consideration [12], [15]- [20].…”

Section: Opcode-n-gramsmentioning

confidence: 99%

Features for Detecting Malware on Computing Environments

Kumar¹,

Kuppusamy²,

Aghila³

2016

IJEACS

View full text Add to dashboard Cite

Abstract-Malware is the main threat for all computing environments. It also acts as launching platform for many other cyber threats. Traditional malware detection system is not able to detect "modern", "unknown" and "zero-day" malware. Recent developments in computing hardware and machine learning techniques have emerged as alternative solution for malware detection. The efficiency of any machine learning algorithm depends on the features extracted from the dataset. Various types of features are extracted and being researched with machine learning approach to detect malware that are targeted towards computing environments. In this work we have organized and summarized different feature types used to detect malware. This work will direct future researchers and industry to make decision on feature type selection regarding chosen computing environment for building an accurate malware classifier.

show abstract

Incorporating known malware signatures to classify new malware variants in network traffic

et al. 2015

View full text Add to dashboard Cite

SUMMARYContent-based malware classification technique using n-gram features required high computational overhead because of the size of feature space. This paper proposes the augmentation of domain knowledge in the form of known Snort malware signatures to machine learning techniques to reduce resources (in terms of the time to generate machine learning model and the memory usage to store generative model). Although current malware can be encrypted or mutated, these malware still exhibit prevalent contents or payloads as their predecessors. Using a dataset of traffic captured from a campus network, our approach is able to reduce initial generated million n-gram features to only around 90 000 features, which significantly reduces processing time to generate naive Bayes model by 95%. The generated model that has been trained by the most descriptive features (4-gram Snort signatures with high information gain) produces lower false negative, about 2% compared with other models. Moreover, the proposed method is capable of detecting 10 new malware variants with 0% false negative. The findings from this paper can be the basis for improving malware classification based on content classification to detect known and new malware.

show abstract

VILO: a rapid learning nearest-neighbor classifier for malware triage

Cited by 29 publications

References 26 publications

Pragmatic Analysis on Malware Classification

Pragmatic Analysis on Malware Classification

Features for Detecting Malware on Computing Environments

Incorporating known malware signatures to classify new malware variants in network traffic

Contact Info

Product

Resources

About