Malgazer: An Automated Malware Classifier With Running Window Entropy And Machine Learning

机译：Malgazer：具有运行窗口熵和机器学习功能的自动化恶意软件分类器

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Malware classification determines what type of behavior, function and family the malware exhibited. As detection efficacy continues to improve in practice, classification efficacy is a more complex, interesting, and richer problem that requires more research. This paper explores automated malware classification using running window entropy (RWE) as the feature set to several machine learning algorithms. An RWE-based malware classifier, Malgazer, is designed and developed in the research. Our final data set includes 60,000 malware samples from six malware classification groups: Backdoor, Worm, Trojan, Virus, PUA, and Ransom. Eight machine learning algorithms were studied during this research. Each machine learning algorithm was evaluated using the RWE and the GIST features. The highest accuracy model using the running window entropy comes from the Adaboost and random forest algorithms with window size 1,024 bytes and 1,024 data points. The testing and evaluation results show that the RWE-based classifier, Malgazer, is approximately 0.76% more accurate than a leading classifier, GIST, from prior literature on the same data sets. This research demonstrates that RWE could be used for malware classification, and if applied appropriately, could increase automated classification accuracy.

机译：恶意软件分类确定了恶意软件表现出的行为，功能和家族类型。随着实践中检测效力的不断提高，分类效力是一个更复杂，有趣和更丰富的问题，需要更多的研究。本文探索了使用运行窗口熵（RWE）作为几种机器学习算法的功能集进行的自动恶意软件分类。在研究中设计和开发了基于RWE的恶意软件分类器Malgazer。我们的最终数据集包括来自六个恶意软件分类组的60,000个恶意软件样本：后门，蠕虫，特洛伊木马，病毒，PUA和勒索。在这项研究中，研究了八种机器学习算法。使用RWE和GIST功能评估了每种机器学习算法。使用运行中窗口熵的最高精度模型来自Adaboost和随机森林算法，窗口大小为1,024字节，数据点为1,024。测试和评估结果表明，基于RWE的分类器Malgazer比相同数据集的现有文献中的领先分类器GIST精确约0.76％。这项研究表明，RWE可以用于恶意软件分类，如果应用得当，可以提高自动分类的准确性。

著录项

来源
《International Conference on Mobile and Secure Services》|2020年|1-6|共6页
会议地点
作者
Keith J. Jones; Yong Wang;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
entropy; invasive software; learning (artificial intelligence); pattern classification;

机译：熵;入侵软件;学习（人工智能）;模式分类;

相似文献

外文文献
中文文献
专利

1. Evaluation of machine learning classifiers for mobile malware detection [J] . Narudin Fairuz Amalina, Feizollah Ali, Anuar Nor Badrul, Soft computing: A fusion of foundations, methodologies and applications . 2016,第1期

机译：评估机器学习分类器以检测移动恶意软件
2. Automated multi-level malware detection system based on reconstructed semantic view of executables using machine learning techniques at VMM [J] . Ajay Kumara M.A., Jaidhar C.D. Future generation computer systems . 2018,第PTa1期

机译：在VMM上使用机器学习技术基于可执行文件的重构语义视图的自动化多级恶意软件检测系统
3. Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach [J] . Sen Chen, Minhui Xue, Lingling Fan, Computers & Security . 2018,第MARa期

机译：恶意软件检测系统中的自动中毒攻击和防御：对抗性机器学习方法
4. Malgazer: An Automated Malware Classifier With Running Window Entropy And Machine Learning [C] . Keith J. Jones, Yong Wang International Conference on Mobile and Secure Services . 2020

机译：malgazer：具有运行窗口熵和机器学习的自动恶意软件分类器
5. Automating malware detection in Windows memory images using machine learning [D] . Glendowne, Dae 2015

机译：使用机器学习自动检测Windows内存映像中的恶意软件
6. Retracted: Medical Dataset Classification: A Machine Learning Paradigm Integrating Particle Swarm Optimization with Extreme Learning Machine Classifier [O] . The Scientific World Journal 2016

机译：缩回：医学数据集分类：结合粒子群优化与极限学习机分类器的机器学习范例
7. Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection [O] . Robertas Damaševičius, Algimantas Venčkauskas, Jevgenijus Toldinas, 2021

机译：基于基于组合的分类，使用神经网络和机器学习模型进行Windows PE恶意软件检测

Malgazer: An Automated Malware Classifier With Running Window Entropy And Machine Learning

摘要

著录项

相似文献

相关主题

期刊订阅