@inproceedings{b6ef153781d54e6cb28119a55bae6892,
title = "Improving the detection of unknown computer worms activity using active learning",
abstract = "Detecting unknown worms is a challenging task. Extant solutions, such as anti-virus tools, rely mainly on prior explicit knowledge of specific worm signatures. As a result, after the appearance of a new worm on the Web there is a significant delay until an update carrying the worm's signature is distributed to anti-virus tools. We propose an innovative technique for detecting the presence of an unknown worm, based on the computer operating system measurements. We monitored 323 computer features and reduced them to 20 features through feature selection. Support vector machines were applied using 3 kernel functions. In addition we used active learning as a selective sampling method to increase the performance of the classifier, exceeding above 90% mean accuracy, and for specific unknown worms 94% accuracy.",
keywords = "Active learning, Classification, Malcode detection, Support vector machines",
author = "Robert Moskovitch and Nir Nissim and Dima Stopel and Clint Feher and Roman Englert and Yuval Elovici",
year = "2007",
month = jan,
day = "1",
doi = "10.1007/978-3-540-74565-5_47",
language = "English",
isbn = "9783540745648",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "489--493",
booktitle = "KI 2007",
address = "Germany",
note = "30th Annual German Conference on Artificial Intelligence, KI 2007 ; Conference date: 10-09-2007 Through 13-09-2007",
}