COLLECTIVE CLASSIFICATION FOR UNKNOWN MALWARE DETECTION

Igor Santos; Carlos Laorden; Pablo G. Bringas

doi:10.5220/0003452802510256

COLLECTIVE CLASSIFICATION FOR UNKNOWN MALWARE DETECTION

Igor Santos, Carlos Laorden, Pablo G. Bringas

2011

Abstract

Malware is any type of computer software harmful to computers and networks. The amount of malware is increasing every year and poses as a serious global security threat. Signature-based detection is the most broadly used commercial antivirus method, however, it fails to detect new and previously unseen malware. Supervised machine-learning models have been proposed in order to solve this issue, but the usefulness of supervised learning is far to be perfect because it requires a significant amount of malicious code and benign software to be identified and labelled in beforehand. In this paper, we propose a new method that adopts a collective learning approach to detect unknown malware. Collective classification is a type of semi-supervised learning that presents an interesting method for optimising the classification of partially-labelled data. In this way, we propose here, for the first time, collective classification algorithms to build different machine-learning classifiers using a set of labelled (as malware and legitimate software) and unlabelled instances. We perform an empirical validation demonstrating that the labelling efforts are lower than when supervised learning is used, while maintaining high accuracy rates.

Download

Paper Citation

in Harvard Style

Santos I., Laorden C. and G. Bringas P. (2011). COLLECTIVE CLASSIFICATION FOR UNKNOWN MALWARE DETECTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 251-256. DOI: 10.5220/0003452802510256

in Bibtex Style

@conference{secrypt11,
author={Igor Santos and Carlos Laorden and Pablo G. Bringas},
title={COLLECTIVE CLASSIFICATION FOR UNKNOWN MALWARE DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={251-256},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003452802510256},
isbn={978-989-8425-71-3},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - COLLECTIVE CLASSIFICATION FOR UNKNOWN MALWARE DETECTION
SN - 978-989-8425-71-3
AU - Santos I.
AU - Laorden C.
AU - G. Bringas P.
PY - 2011
SP - 251
EP - 256
DO - 10.5220/0003452802510256