Using multi-features to reduce false positive in malware classification
Because of the rapid increasing of malware,one of the main challenges in malware detection is how to do malware classification automatically.Although there are many automatic classification methods recently,their results still get high false positive rate.Since the base number of malware samples is huge,a very small false positive can cause a big number of false alarms.Essentially,high false positive rate is usually caused by the adoption of obfuscation and evasion technology by malware.As a result,one or more features would be disguised.In this paper,we propose one method using multi-features to mitigate the effect of disguised features.Through this method,each kind of features is extracted independently,and used to train one classifier respectively.The system adopts the prediction if and only if the output of each classifier is the same.To test our method,we use both static and dynamic features to classify 282 samples.The experiment result shows that this method could improve the accuracy of malware classification and achieve nearly no false positive.
malware classification ensemble multi-features
Xinjian Ma Qi Biao Wu Yang Jianguo Jiang
Institute of Information Engineering,CAS Beijing Key Laboratory of Network Security Technology Beiji Institute of Information Engineering,CAS Beijing,China
国际会议
重庆
英文
361-365
2016-03-20(万方平台首次上网日期,不代表论文的发表时间)