Malware Detection Using a Heterogeneous Distance Function
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F18%3A00324209" target="_blank" >RIV/68407700:21240/18:00324209 - isvavai.cz</a>
Výsledek na webu
<a href="http://www.cai.sk/ojs/index.php/cai/index" target="_blank" >http://www.cai.sk/ojs/index.php/cai/index</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.4149/cai_2018_3_759" target="_blank" >10.4149/cai_2018_3_759</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Malware Detection Using a Heterogeneous Distance Function
Popis výsledku v původním jazyce
Classication of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual in- vestigation is not possible, automated malware classication is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neigh- bors classier and the statistical scoring technique from. We have extracted the most relevant features from portable executable (PE) le format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental re- sults show that the accuracy of our classier is 98.80%. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.
Název v anglickém jazyce
Malware Detection Using a Heterogeneous Distance Function
Popis výsledku anglicky
Classication of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual in- vestigation is not possible, automated malware classication is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neigh- bors classier and the statistical scoring technique from. We have extracted the most relevant features from portable executable (PE) le format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental re- sults show that the accuracy of our classier is 98.80%. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2018
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
Computing and Informatics
ISSN
1335-9150
e-ISSN
—
Svazek periodika
37
Číslo periodika v rámci svazku
3
Stát vydavatele periodika
SK - Slovenská republika
Počet stran výsledku
22
Strana od-do
759-780
Kód UT WoS článku
000441238100011
EID výsledku v databázi Scopus
—