查詢結果分析
來源資料
頁籤選單縮合
題名 | Using Multi-Feature and Classifier Ensembles to Improve Malware Detection=運用多重特徵及集成分類法以改善惡意程式的偵測 |
---|---|
作者姓名(中文) | 陸儀斌; 丁淑章; 鄭朝福; 高百健; | 書刊名 | 中正嶺學報 |
卷期 | 39:2(A) 2010.11[民99.11] |
頁次 | 頁57-71 |
分類號 | 312.76 |
關鍵詞 | 惡意程式; 機器學習; 特徵; 集成分類法; Malware; Machine learning; Features; Classifier ensembles; |
語文 | 英文(English) |
中文摘要 | 網際網路的蓬勃發展使得惡意程式對資訊安全造成嚴重的威脅。傳統上是以病毒碼比對的方式偵測惡意程式,其缺點是無法偵測出新型及未知的惡意程式。近年來許多研究顯示運用機器學習可有效偵測出未知的惡意程式,其缺點是錯誤率過高。本文針對特徵及演算法這兩項影響機器學習準確性的關鍵因素著手改進。在特徵方面,結合內容及行為特徵來表示樣本;在演算法方面,運用集成分類法取代單一分類法。基於上述改進方法,本文提出一個混合型分類法用來區分未知程式屬於惡意或正常類別。實驗結果顯示,本文所提出的方法可有效提高惡意程式偵測的準確性。 |
英文摘要 | With the rapid growth of internet application, malware has become one of the major threats to information security. Traditionally, anti-virus products use signature matching to detect malware, but the drawback is that they can not detect new and unknown malware. Recent studies showed that the use of machine learning can successfully detect new and unknown malware, but the limitation of this technique is its high false rate. The performance of machine learning is influenced by two main factors: (1) the features used to represent the instances; and (2) the algorithm used to generate classifier. In this paper, we improved the accuracy of machine learning from these two factors. On the one hand we combined features extracted from both content-based and behavior-based analyses to represent the instances; on the other hand, we used classifier ensembles to replace individual classifier. Based on our methodology, a hybrid-classifier was implemented to classify unknown executables as either malicious or benign. Experimental results show that the methods proposed in this paper can improve the accuracy of malware detection effectively. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。