Detecting unknown computer worm activity via support vector machines and active learning

Research output: Contribution to journalArticlepeer-review

57 Scopus citations

Abstract

To detect the presence of unknown worms, we propose a technique based on computer measurements extracted from the operating system. We designed a series of experiments to test the new technique by employing several computer configurations and background application activities. In the course of the experiments, 323 computer features were monitored. Four feature-ranking measures were used to reduce the number of features required for classification. We applied support vector machines to the resulting feature subsets. In addition, we used active learning as a selective sampling method to increase the performance of the classifier and improve its robustness in the presence of misleading instances in the data. Our results indicate a mean detection accuracy in excess of 90 %, and an accuracy above 94 % for specific unknown worms using just 20 features, while maintaining a low false-positive rate when the active learning approach is applied.

Original languageEnglish
Pages (from-to)459-475
Number of pages17
JournalPattern Analysis and Applications
Volume15
Issue number4
DOIs
StatePublished - 1 Nov 2012

Keywords

  • Active learning
  • Malware detection
  • Supervised learning

ASJC Scopus subject areas

  • Computer Vision and Pattern Recognition
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Detecting unknown computer worm activity via support vector machines and active learning'. Together they form a unique fingerprint.

Cite this