Parallel Instance Filtering for Malware Detection
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F22%3A00361618" target="_blank" >RIV/68407700:21240/22:00361618 - isvavai.cz</a>
Result on the web
<a href="https://ieeexplore.ieee.org/document/10011504" target="_blank" >https://ieeexplore.ieee.org/document/10011504</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/SEAA56994.2022.00012" target="_blank" >10.1109/SEAA56994.2022.00012</a>
Alternative languages
Result language
angličtina
Original language name
Parallel Instance Filtering for Malware Detection
Original language description
Machine learning algorithms are widely used in the area of malware detection. With the growth of sample amounts, training of classification algorithms becomes more and more expensive. In addition, training data sets may contain redundant or noisy instances. The problem to be solved is how to select representative instances from large training data sets without reducing the accuracy. This work presents a new parallel instance selection algorithm called Parallel Instance Filtering (PIF). The main idea of the algorithm is to split the data set into non-overlapping subsets of instances covering the whole data set and apply a filtering process for each subset. Each subset consists of instances that have the same nearest enemy. As a result, the PIF algorithm is fast since subsets are processed independently of each other using parallel computation. We compare the PIF algorithm with several state-of-the-art instance selection algorithms on a large data set of 500,000 malicious and benign samples. The feature set was extracted using static analysis, and it includes metadata from the portable executable file format. Our experimental results demonstrate that the proposed instance selection algorithm reduces the size of a training data set significantly with the only slightly decreased accuracy. The PIF algorithm outperforms existing instance selection methods used in the experiments in terms of the ratio between average classification accuracy and storage percentage.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Research Center for Informatics</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Proceedings of 2022 48th Euromicro Conference on Software Engineering and Advanced Applications
ISBN
978-1-6654-6152-8
ISSN
—
e-ISSN
—
Number of pages
8
Pages from-to
13-20
Publisher name
IEEE Computer Society
Place of publication
Los Alamitos
Event location
Maspalomas, Gran Canaria
Event date
Aug 31, 2022
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—