SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection

N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information forensics and security 2013-03, Vol.8 (3), p.500-509
Hauptverfasser: O'Kane, P., Sezer, S., McLaughlin, K., Eul Gyu Im
Format: Artikel
Sprache:eng
Schlagworte:
Applied sciences
Computer science
control theory
systems
Data processing. List processing. Character string processing
Exact sciences and technology
Filtering
Kernel
KNN
Malware
Materials
Memory and file management (including protection and security)
Memory organisation. Data processing
metamorphism malware
obfuscation
packers
polymorphism
Software
Support vector machines
SVM
Training
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are "area of intersect" and "subspace analysis using eigenvectors." The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2013.2242890