Abstract
As malicious codes become more complex and sophisticated, the scanning detection method is no longer able to detect various forms of viruses effectively. In this paper, we explore solutions based on multiple classifiers fusion and not strictly dependent on certain malicious code. Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the n-gram analysis. After selecting features based on information gain, the probabilistic neural network is used in the process of building and testing the proposed multi-classifiers system. Each one of the individual classifiers is used to produce classification evidences. Then these evidences are combined by the Dempster-Shafer combination rules to form the final classification results for new malicious code. Experimental results produced by the proposed detection engine shows improvement compared to the classification results produced by the individual classifiers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kephart, J., Arnold, W.: Automatic Extraction of Computer Virus Signatures. In: Proceedings of the 4th Virus Bulletin International Conference, Abingdon, pp. 178–184 (1994)
Lo, R., Levitt, K., Olsson, R.: MCF: A Malicious Code Filter. Computers and Security 14, 541–566 (1995)
Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert 8, 5–6 (1996)
Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the 10th ACM SIG KDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478. ACM Press, New York (2004)
Hansen, L.K., Salamon, P.: Neural network ensembles. IEEE Trans Pattern Anal. 12(10), 993–1001 (1990)
Jurafsky, D., James, H.: Speech and Language Processing. Prentice-Hall, New York (2000)
Zhou, Z.H., Wu, J.X., Tang, W.: Ensembling Neural Networks: Many Could be Better than All. Artificial Intelligence 137, 239–263 (2002)
Granitto, P.M., Verdes, P.F., Navone, H.D., Ceccatto, H.A.: Aggregation Algorithms for Neural Network Ensemble Construction. In: Werner, B. (ed.) Proceedings of the VII Brazilian Symposium on Neural Networks, pp. 178–183. IEEE Computer Society, Pernambuco (2002)
Breiman, L.: Bagging predictors. Machine Learning 24, 123–140 (1996)
Dempster, A.: Upper and lower probabilities induced by multi-valued mapping. Annals of Mathematical Statistics 2, 325–339 (1967)
Xu, L., Krzyzak, A., Suen, C.: Methods of combining multiple classifiers and their applications to handwritten recognition. IEEE Transactions on Systems, Man and Cybernetics, SMC 22(3), 418–435 (1992)
Orponen, P.: Dempster’s rule of combination is P-complete. Artificial Intelligence 1(2), 245–253 (1990)
Barnett, J.A.: Computational methods for a mathematical theory of evidence. In: Proceedings of 7th Int. Joint Conf. Artificial Intelligence. Vancouver, BC, pp. 868–875 (1981)
Vx heavens: http://www.vx.netlux.org
Perl package Text: Ngrams: http://search.cpan.org/author/vlado/text-ngrams-0.03/ngrams.pm
Mathworks (ed.): Neural Network Toolbox User’s Guide (version 4). The Mathworks, Inc. Ntick, Massachussets (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, B., Yin, J., Hao, J., Zhang, D., Wang, S. (2007). Malicious Codes Detection Based on Ensemble Learning. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds) Autonomic and Trusted Computing. ATC 2007. Lecture Notes in Computer Science, vol 4610. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73547-2_48
Download citation
DOI: https://doi.org/10.1007/978-3-540-73547-2_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73546-5
Online ISBN: 978-3-540-73547-2
eBook Packages: Computer ScienceComputer Science (R0)