A neural network ensemble based method for detecting computer virus

Author

Liu, Gang ; Hu, Fen ; Chen, Wei

Author_Institution

Coll. of Comput. Sci. & Eng., Changchun Univ. of Technol., Changchun, China

Volume

1

fYear

2010

fDate

24-26 Aug. 2010

Firstpage

391

Lastpage

393

Abstract

In this paper, a polymorphic viruses detection method based on neural network ensemble in the Windows platform is proposed. Our approach rests on an analysis using the Windows API calling sequence that reflects the behavior of a particular piece of code. Firstly, the system calling sequence of a program is extracted as eigenvector, and then bootstrap sampling is employed to generate several training subsets randomly. The member classifiers of the neural network ensemble are trained according to these subsets. Utilizing the Dempster-Shafer evidence theory, the member classifiers´ intermediate results are combined to form the final detecting result of the ensemble. The experimental results indicate that this method generates more accurate results than traditional ways and the model proposed can adapt to the environment dynamically.

Keywords

application program interfaces; computer viruses; eigenvalues and eigenfunctions; inference mechanisms; neural nets; uncertainty handling; Dempster-Shafer evidence theory; Windows API calling sequence; bootstrap sampling; computer virus detection; eigenvector; neural network ensemble based method; polymorphic viruses detection method; Accuracy; Artificial neural networks; Computers; Gallium nitride; Support vector machines; API sequence; computer virus; neural network ensemble; virus detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer, Mechatronics, Control and Electronic Engineering (CMCE), 2010 International Conference on

Conference_Location

Changchun

Print_ISBN

978-1-4244-7957-3

Type

conf

DOI

10.1109/CMCE.2010.5610520

Filename

5610520