Title :
Malicious Code Detection and Acquisition Using Active Learning
Author :
Moskovitch, Robert ; Nissim, Nir ; Elovici, Yuval
Author_Institution :
Univ. Ben Gurion, Be´´er Sheva
Abstract :
Detection of known malicious code is commonly performed by anti-virus tools. These tools detect the known malicious code using signature detection methods. Each time a new malicious code is found the anti-virus vendors create a new signature and update their clients. During the period between the appearance of a new unknown malicious code and the update of the signature base of the anti-virus clients, millions of computers might be infected. In order to cope with this problem, new solutions must be found for detecting unknown malicious code at the entrance of a client´s computer. We presented here the use of active learning in the acquisition of unknown malicious code. Preliminary Results are encouraging. We are currently in the process of creating a wide test collection of more than 30,000 benign and malicious files to evaluate several active learning criterions.
Keywords :
digital signatures; invasive software; learning (artificial intelligence); support vector machines; active learning; anti-virus tool; malicious code detection; signature detection; support vector machine; Binary codes; Computer errors; Data mining; Feature extraction; Humans; Labeling; Laboratories; Learning systems; Machine learning; Phase detection;
Conference_Titel :
Intelligence and Security Informatics, 2007 IEEE
Conference_Location :
New Brunswick, NJ
Electronic_ISBN :
1-4244-1329-X
DOI :
10.1109/ISI.2007.379505
