Title :
Methodology for Behavioral-based Malware Analysis and Detection Using Random Projections and K-Nearest Neighbors Classifiers
Author :
Hegedus, Jozsef ; Miche, Yoan ; Ilin, Alexander ; Lendasse, Amaury
Author_Institution :
Sch. of Sci., Dept. of Inf. & Comput. Sci., Aalto Univ., Aalto, Finland
Abstract :
In this paper, a two-stage methodology to analyze and detect behavioral-based malware is presented. In the first stage, a random projection is decreasing the variable dimensionality of the problem and is simultaneously reducing the computational time of the classification task by several orders of magnitude. In the second stage, a modified K-Nearest Neighbors classifier is used with Virus Total labeling of the file samples. This methodology is applied to a large number of file samples provided by F-Secure Corporation, for which a dynamic feature has been extracted during Deep Guard sandbox execution. As a result, the files classified as false negatives are used to detect possible malware that were not detected in the first place by Virus Total. The reduced number of selected false negatives allows the manual inspection by a human expert.
Keywords :
computer viruses; feature extraction; pattern classification; random processes; F-Secure Corporation; behavioral-based malware analysis; behavioral-based malware detection; computational time reduction; deep guard sandbox execution; feature extraction; k-nearest neighbors classifiers; random projections; virus total; Accuracy; Bismuth; Engines; Feature extraction; Labeling; Malware; Vectors; k nearest neighbors; machine learning; malware detection; random projections;
Conference_Titel :
Computational Intelligence and Security (CIS), 2011 Seventh International Conference on
Conference_Location :
Hainan
Print_ISBN :
978-1-4577-2008-6
DOI :
10.1109/CIS.2011.227
