Malware variants detection based on ensemble learning

扫码查看

原文链接

NETL
NSTL
万方数据
维普

外文摘要：Application programming interface (API) is a procedure call interface to operation system resource.API-based behavior features can capture the malicious behaviors of malware variants.However,existing malware detection approaches have a deal of complex operations on constructing and matching.Furthermore,graph matching is adopted in many approaches,which is a nondeterministic polynominal (NP)-complete problem because of computational complexity.To address these problems,a novel approach is proposed to detect malware variants.Firstly,the API of the malware are divided by their functions and parameters.Then,the classified behavior graph (CBG) is constructed from the API call sequences.Finally,the signature based on CBGs for each malware family is generated.Besides,the malware variants are classified by ensemble learning algorithm.Experiments on 1 220 malware samples show that the true positive rate (TPR) is up to 89.0％ with the low false positive rate (FPR) 3.7％ by ensemble learning.

外文关键词：

classified behaviormalware variantensemble learning

作者：

Ma Yan、Du Donggao

展开 >

作者单位：

Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China

National Engineering Laboratory for Mobile Network Security, Beijing University of Post and Telecommunications, Beijing 100876, China

基金：

This work was supported by National Natural Science Foundation of ChinaFundamental Research Funds for the Central UniversitiesBeijing Talents Foundation

项目编号：

616010412018RC552017000020124G062.

出版年：

2020

DOI：

10.19682/j.cnki.1005-8885.2020.1010

中国邮电高校学报(英文版)

北京邮电大学

中国邮电高校学报(英文版)

CSCDEI

影响因子：0.419

ISSN：1005-8885

年,卷(期)：2020.27(2)

参考文献量17