Improving the detection of unknown computer worms activity using active learning

被引：0

作者：

Moskovitch, Robert ^{[1
]}

Nissim, Nir ^{[1
]}

Stopel, Dima ^{[1
]}

Feher, Clint ^{[1
]}

Englert, Roman ^{[1
]}

Elovici, Yuval ^{[1
]}

机构：

[1] Ben Gurion Univ Negev, Deutsch Telekom Labs, IL-84105 Beer Sheva, Israel

来源：

KI 2007: ADVANCES IN ARTIFICIAL INTELLIGENCE, PROCEEDINGS | 2007年 / 4667卷

关键词：

classification; active learning; support vector machines; malcode detection;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Detecting unknown worms is a challenging task. Extant solutions, such as anti-virus tools, rely mainly on prior explicit knowledge of specific worm signatures. As a result, after the appearance of a new worm on the Web there is a significant delay until an update carrying the worm's signature is distributed to anti-virus tools. We propose an innovative technique for detecting the presence of an unknown worm, based on the computer operating system measurements. We monitored 323 computer features and reduced them to 20 features through feature selection. Support vector machines were applied using 3 kernel functions. In addition we used active learning as a selective sampling method to increase the performance of the classifier, exceeding above 90% mean accuracy, and for specific unknown worms 94% accuracy.

引用

页码：489 / +

页数：2

共 50 条

[1] Detection of unknown computer worms activity based on computer Behavior using data mining
Moskovitch, Robert
Gus, Ido
Pluderman, Shay
Stopel, Dima
Glezer, Chanan
Shahar, Yuval
Elovici, Yuval
[J]. 2007 IEEE SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE IN SECURITY AND DEFENSE APPLICATIONS, 2007, : 169 - +
[2] Detection of unknown computer worms activity based on computer Behavior using data mining
Moskovitch, Robert
Gus, Ido
Pluderman, Shay
Stopel, Dima
Feher, Clint
Glezer, Chanan
Shahar, Yuval
Elovici, Yuval
[J]. 2007 IEEE SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE AND DATA MINING, VOLS 1 AND 2, 2007, : 202 - 209
[3] Detection of unknown computer worms based on behavioral classification of the host
Moskovitch, Robert
Elovici, Yuval
Rokach, Lior
[J]. COMPUTATIONAL STATISTICS & DATA ANALYSIS, 2008, 52 (09) : 4544 - 4566
[4] Using artificial neural networks to detect unknown computer worms
Stopel, Dima
Moskovitch, Robert
Boger, Zvi
Shahar, Yuval
Elovici, Yuval
[J]. NEURAL COMPUTING & APPLICATIONS, 2009, 18 (07): : 663 - 674
[5] Using artificial neural networks to detect unknown computer worms
Dima Stopel
Robert Moskovitch
Zvi Boger
Yuval Shahar
Yuval Elovici
[J]. Neural Computing and Applications, 2009, 18 : 663 - 674
[6] Detecting unknown computer worm activity via support vector machines and active learning
Nissim, Nir
Moskovitch, Robert
Rokach, Lior
Elovici, Yuval
[J]. PATTERN ANALYSIS AND APPLICATIONS, 2012, 15 (04) : 459 - 475
[7] Detecting unknown computer worm activity via support vector machines and active learning
Nir Nissim
Robert Moskovitch
Lior Rokach
Yuval Elovici
[J]. Pattern Analysis and Applications, 2012, 15 : 459 - 475
[8] Proactive Detection of Computer Worms Using Model Checking
Kinder, Johannes
Katzenbeisser, Stefan
Schallhart, Christian
Veith, Helmut
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2010, 7 (04) : 424 - 438
[9] Improving Detection of Unknown Signal with Unknown Duration using an Information Criterion
Taylor, Abigael
Rabaste, Olivier
[J]. 2020 IEEE RADAR CONFERENCE (RADARCONF20), 2020,
[10] Improving the Detection of Unknown DDoS Attacks through Continual Learning
Nugraha, Beny
Yadav, Krishna
Patil, Parag
Bauschert, Thomas
[J]. 2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR, 2023, : 477 - 483

← 1 2 3 4 5 →