Improving malware detection by applying multi-inducer ensemble

被引:84
作者
Menahem, Eitan [1 ]
Shabtai, Asaf [1 ]
Rokach, Lior [1 ]
Elovici, Yuval [1 ]
机构
[1] Ben Gurion Univ Negev, Duetsche Telekom Labs, IL-84105 Beer Sheva, Israel
关键词
CLASSIFICATION; CLASSIFIERS;
D O I
10.1016/j.csda.2008.10.015
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
Detection of malicious software (malware) using machine learning methods has been explored extensively to enable fast detection of new released malware. The performance of these classifiers depends on the induction algorithms being used. In order to benefit from multiple different classifiers, and exploit their strengths we suggest using an ensemble method that will combine the results of the individual classifiers into one final result to achieve overall higher detection accuracy. In this paper we evaluate several combining methods using five different base inducers (C4.5 Decision Tree, Naive Bayes, KNN, VFI and OneR) on five malware datasets. The main goal is to find the best combining method for the task of detecting malicious riles in terms of accuracy, AUC and Execution time. (C) 2008 Elsevier B.V. All rights reserved.
引用
收藏
页码:1483 / 1494
页数:12
相关论文
共 35 条
[1]  
ABOUASSALEH T, 2004, P ANN INT COMP SOFTW
[2]  
AHA DW, 1991, MACH LEARN, V6, P37, DOI 10.1007/BF00153759
[3]  
[Anonymous], Data Mining Practical Machine Learning Tools and Techniques with Java
[4]  
[Anonymous], 1997, MACHINE LEARNING, MCGRAW-HILL SCIENCE/ENGINEERING/MATH
[5]  
Buntine W.L, 1990, THESIS U TECHNOLOGY
[6]   Comparison of feature selection and classification algorithms in identifying malicious executables [J].
Cai, D. Michael ;
Gokhale, Maya ;
Theiler, James .
COMPUTATIONAL STATISTICS & DATA ANALYSIS, 2007, 51 (06) :3156-3172
[7]  
Clark P, 1991, P 5 EUR WORK SESS LE, P151, DOI DOI 10.1007/BFB0017011
[8]  
Demiroz G, 1997, LECT NOTES ARTIF INT, V1224, P85
[9]  
Demsar J, 2006, J MACH LEARN RES, V7, P1
[10]  
DIKINSON J, 2005, NEW ANTIVIRUS FORMUL