@inproceedings{213ec8d2c43c4292ac43bb58b70807cb,
title = "Host based intrusion detection using machine learning",
abstract = "Detecting unknown malicious code (malcode) is a challenging task Current common solutions, such as anti-virus tools, rely heavily on prior explicit knowledge of specific instances of malcode binary code signatures. During the time between its appearance and an update being sent to anti-virus tools, a new worm can infect many computers and cause significant damage. We present a new host-based intrusion detection approach, based on analyzing the behavior of the computer to detect the presence of unknown malicious code. The new approach consists on classification algorithms that learn from previous known malcode samples which enable the detection of an unknown malcode. We performed several experiments to evaluate our approach, focusing on computer worms being activated on several computer configurations while running several programs in order to simulate background activity. We collected 323 features in order to measure the computer behavior. Four classification algorithms were applied on several feature subsets. The average detection accuracy that we achieved was above 90% and for specific unknown worms even above 99%.",
keywords = "Component, Malicious code detection, Worms",
author = "Robert Moskovitch and Shay Pluderman and Ido Gus and Dima Stopel and Clint Feher and Yisrael Parmet and Yuval Shahar and Yuval Elovici",
year = "2007",
month = jan,
day = "1",
doi = "10.1109/isi.2007.379542",
language = "English",
isbn = "1424413303",
series = "ISI 2007: 2007 IEEE Intelligence and Security Informatics",
publisher = "Institute of Electrical and Electronics Engineers",
pages = "107--114",
booktitle = "ISI 2007",
address = "United States",
note = "ISI 2007: 2007 IEEE Intelligence and Security Informatics ; Conference date: 23-05-2007 Through 24-05-2007",
}