Loading…
Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers
In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of m...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference Proceeding |
| Language: | English |
| Subjects: | |
| Online Access: | Request full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 1023 |
| container_issue | |
| container_start_page | 1016 |
| container_title | |
| container_volume | |
| creator | Hegedus, J. Miche, Y. Ilin, A. Lendasse, A. |
| description | In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of magnitude. In the second stage, a modified K-Nearest Neighbors classifier is used with Virus Total labeling of the file samples. This methodology is applied to a large number of file samples provided by F-Secure Corporation, for which a dynamic feature has been extracted during Deep Guard sandbox execution. As a result, the files classified as false negatives are used to detect possible malware that were not detected in the first place by Virus Total. The reduced number of selected false negatives allows the manual inspection by a human expert. |
| doi_str_mv | 10.1109/CIS.2011.227 |
| format | conference_proceeding |
| fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6128278</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6128278</ieee_id><sourcerecordid>6128278</sourcerecordid><originalsourceid>FETCH-LOGICAL-i1287-cd6de572e8a7db5d094f331e3b3e996110f2aa5b08714636a61316cf6f05b4423</originalsourceid><addsrcrecordid>eNotUM1KAzEYjIig1t68eckLbM1_sse6Wi22VdSCt5JtvrQp240ki1Lw4V2ocxkYZgZmELqmZEQpKW-r6fuIEUpHjOkTdEm0KqWQRnyeomGpDRVSa0aIUedomPOO9FDKlKW6QL9z6LbRxSZuDtjHhO9ga79DTLYpapvB4bltfmwCPG5tc8ghY9s6fA8drLsQW7zMod3gt16Me_ya4u6oH23PxQL6bO7wAsJmW8eUcdXYnIMPkPIVOvO2yTD85wFaTh4-qqdi9vI4rcazIlBmdLF2yoHUDIzVrpaOlMJzToHXHPoR_QWeWStrYjQViiurKKdq7ZUnshaC8QG6OfYGAFh9pbC36bBSfTnThv8Bn6RfAQ</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Hegedus, J. ; Miche, Y. ; Ilin, A. ; Lendasse, A.</creator><creatorcontrib>Hegedus, J. ; Miche, Y. ; Ilin, A. ; Lendasse, A.</creatorcontrib><description>In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of magnitude. In the second stage, a modified K-Nearest Neighbors classifier is used with Virus Total labeling of the file samples. This methodology is applied to a large number of file samples provided by F-Secure Corporation, for which a dynamic feature has been extracted during Deep Guard sandbox execution. As a result, the files classified as false negatives are used to detect possible malware that were not detected in the first place by Virus Total. The reduced number of selected false negatives allows the manual inspection by a human expert.</description><identifier>ISBN: 9781457720086</identifier><identifier>ISBN: 1457720086</identifier><identifier>EISBN: 076954584X</identifier><identifier>EISBN: 9780769545844</identifier><identifier>DOI: 10.1109/CIS.2011.227</identifier><language>eng</language><publisher>IEEE</publisher><subject>Accuracy ; Bismuth ; Engines ; Feature extraction ; k nearest neighbors ; Labeling ; machine learning ; Malware ; malware detection ; random projections ; Vectors</subject><ispartof>2011 Seventh International Conference on Computational Intelligence and Security, 2011, p.1016-1023</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6128278$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,778,782,787,788,2054,27912,54907</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6128278$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hegedus, J.</creatorcontrib><creatorcontrib>Miche, Y.</creatorcontrib><creatorcontrib>Ilin, A.</creatorcontrib><creatorcontrib>Lendasse, A.</creatorcontrib><title>Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers</title><title>2011 Seventh International Conference on Computational Intelligence and Security</title><addtitle>cis</addtitle><description>In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of magnitude. In the second stage, a modified K-Nearest Neighbors classifier is used with Virus Total labeling of the file samples. This methodology is applied to a large number of file samples provided by F-Secure Corporation, for which a dynamic feature has been extracted during Deep Guard sandbox execution. As a result, the files classified as false negatives are used to detect possible malware that were not detected in the first place by Virus Total. The reduced number of selected false negatives allows the manual inspection by a human expert.</description><subject>Accuracy</subject><subject>Bismuth</subject><subject>Engines</subject><subject>Feature extraction</subject><subject>k nearest neighbors</subject><subject>Labeling</subject><subject>machine learning</subject><subject>Malware</subject><subject>malware detection</subject><subject>random projections</subject><subject>Vectors</subject><isbn>9781457720086</isbn><isbn>1457720086</isbn><isbn>076954584X</isbn><isbn>9780769545844</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotUM1KAzEYjIig1t68eckLbM1_sse6Wi22VdSCt5JtvrQp240ki1Lw4V2ocxkYZgZmELqmZEQpKW-r6fuIEUpHjOkTdEm0KqWQRnyeomGpDRVSa0aIUedomPOO9FDKlKW6QL9z6LbRxSZuDtjHhO9ga79DTLYpapvB4bltfmwCPG5tc8ghY9s6fA8drLsQW7zMod3gt16Me_ya4u6oH23PxQL6bO7wAsJmW8eUcdXYnIMPkPIVOvO2yTD85wFaTh4-qqdi9vI4rcazIlBmdLF2yoHUDIzVrpaOlMJzToHXHPoR_QWeWStrYjQViiurKKdq7ZUnshaC8QG6OfYGAFh9pbC36bBSfTnThv8Bn6RfAQ</recordid><startdate>201112</startdate><enddate>201112</enddate><creator>Hegedus, J.</creator><creator>Miche, Y.</creator><creator>Ilin, A.</creator><creator>Lendasse, A.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201112</creationdate><title>Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers</title><author>Hegedus, J. ; Miche, Y. ; Ilin, A. ; Lendasse, A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i1287-cd6de572e8a7db5d094f331e3b3e996110f2aa5b08714636a61316cf6f05b4423</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Accuracy</topic><topic>Bismuth</topic><topic>Engines</topic><topic>Feature extraction</topic><topic>k nearest neighbors</topic><topic>Labeling</topic><topic>machine learning</topic><topic>Malware</topic><topic>malware detection</topic><topic>random projections</topic><topic>Vectors</topic><toplevel>online_resources</toplevel><creatorcontrib>Hegedus, J.</creatorcontrib><creatorcontrib>Miche, Y.</creatorcontrib><creatorcontrib>Ilin, A.</creatorcontrib><creatorcontrib>Lendasse, A.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore (IEEE/IET Electronic Library - IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hegedus, J.</au><au>Miche, Y.</au><au>Ilin, A.</au><au>Lendasse, A.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers</atitle><btitle>2011 Seventh International Conference on Computational Intelligence and Security</btitle><stitle>cis</stitle><date>2011-12</date><risdate>2011</risdate><spage>1016</spage><epage>1023</epage><pages>1016-1023</pages><isbn>9781457720086</isbn><isbn>1457720086</isbn><eisbn>076954584X</eisbn><eisbn>9780769545844</eisbn><abstract>In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of magnitude. In the second stage, a modified K-Nearest Neighbors classifier is used with Virus Total labeling of the file samples. This methodology is applied to a large number of file samples provided by F-Secure Corporation, for which a dynamic feature has been extracted during Deep Guard sandbox execution. As a result, the files classified as false negatives are used to detect possible malware that were not detected in the first place by Virus Total. The reduced number of selected false negatives allows the manual inspection by a human expert.</abstract><pub>IEEE</pub><doi>10.1109/CIS.2011.227</doi><tpages>8</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISBN: 9781457720086 |
| ispartof | 2011 Seventh International Conference on Computational Intelligence and Security, 2011, p.1016-1023 |
| issn | |
| language | eng |
| recordid | cdi_ieee_primary_6128278 |
| source | IEEE Electronic Library (IEL) Conference Proceedings |
| subjects | Accuracy Bismuth Engines Feature extraction k nearest neighbors Labeling machine learning Malware malware detection random projections Vectors |
| title | Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T18%3A45%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Methodology%20for%20Behavioral-based%20Malware%20Analysis%20and%20Detection%20Using%20Random%20Projections%20and%20K-Nearest%20Neighbors%20Classifiers&rft.btitle=2011%20Seventh%20International%20Conference%20on%20Computational%20Intelligence%20and%20Security&rft.au=Hegedus,%20J.&rft.date=2011-12&rft.spage=1016&rft.epage=1023&rft.pages=1016-1023&rft.isbn=9781457720086&rft.isbn_list=1457720086&rft_id=info:doi/10.1109/CIS.2011.227&rft.eisbn=076954584X&rft.eisbn_list=9780769545844&rft_dat=%3Cieee_6IE%3E6128278%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i1287-cd6de572e8a7db5d094f331e3b3e996110f2aa5b08714636a61316cf6f05b4423%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6128278&rfr_iscdi=true |