Abstract
To detect the presence of unknown worms, we propose a technique based on computer measurements extracted from the operating system. We designed a series of experiments to test the new technique by employing several computer configurations and background application activities. In the course of the experiments, 323 computer features were monitored. Four feature-ranking measures were used to reduce the number of features required for classification. We applied support vector machines to the resulting feature subsets. In addition, we used active learning as a selective sampling method to increase the performance of the classifier and improve its robustness in the presence of misleading instances in the data. Our results indicate a mean detection accuracy in excess of 90 %, and an accuracy above 94 % for specific unknown worms using just 20 features, while maintaining a low false-positive rate when the active learning approach is applied.
Original language | English |
---|---|
Pages (from-to) | 459-475 |
Number of pages | 17 |
Journal | Pattern Analysis and Applications |
Volume | 15 |
Issue number | 4 |
DOIs | |
State | Published - 1 Nov 2012 |
Keywords
- Active learning
- Malware detection
- Supervised learning
ASJC Scopus subject areas
- Computer Vision and Pattern Recognition
- Artificial Intelligence