All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Multiple instance learning for malware classification

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F18%3A00315376" target="_blank" >RIV/68407700:21230/18:00315376 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.sciencedirect.com/science/article/pii/S0957417417307170?via%3Dihub" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0957417417307170?via%3Dihub</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.eswa.2017.10.036" target="_blank" >10.1016/j.eswa.2017.10.036</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Multiple instance learning for malware classification

  • Original language description

    This work addresses classification of unknown binaries executed in sandbox by modeling their interaction with system resources (files, mutexes, registry keys and communication with servers over the network) and error messages provided by the operating system, using vocabulary-based method from the multiple instance learning paradigm. It introduces similarities suitable for individual resource types that combined with an approximative clustering method efficiently group the system resources and define features directly from data. This approach effectively removes randomization often employed by malware authors and projects samples into low-dimensional feature space suitable for common classifiers. An extensive comparison to the state of the art on a large corpus of binaries demonstrates that the proposed solution achieves superior results using only a fraction of training samples. Moreover, it makes use of a source of information different than most of the prior art, which increases the diversity of tools detecting the malware, hence making detection evasion more difficult.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2018

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Expert Systems with Applications

  • ISSN

    0957-4174

  • e-ISSN

    1873-6793

  • Volume of the periodical

    2018

  • Issue of the periodical within the volume

    93

  • Country of publishing house

    NL - THE KINGDOM OF THE NETHERLANDS

  • Number of pages

    12

  • Pages from-to

    346-357

  • UT code for WoS article

    000416498300028

  • EID of the result in the Scopus database

    2-s2.0-85032009982

Similar results(10)

Probabilistic analysis of dynamic malware tracesProof of Stake And Proof of Work Approach for Malware Detection TechnologiesFeature Optimization for Run Time Analysis of Malware in Windows Operating System using Machine Learning Approach