Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Comparative Analysis of Voting Schemes for Ensemble-based Malware Detection
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2013 (English)In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISSN 2093-5374, E-ISSN 2093-5382, Vol. 4, no 1, 98-117 p.Article in journal (Refereed) Published
Abstract [en]

Malicious software (malware) represents a threat to the security and the privacy of computer users. Traditional signature-based and heuristic-based methods are inadequate for detecting some forms of malware. This paper presents a malware detection method based on supervised learning. The main contributions of the paper are two ensemble learning algorithms, two pre-processing techniques, and an empirical evaluation of the proposed algorithms. Sequences of operational codes are extracted as features from malware and benign files. These sequences are used to create three different data sets with different configurations. A set of learning algorithms is evaluated on the data sets. The predictions from the learning algorithms are combined by an ensemble algorithm. The predicted outcome of the ensemble algorithm is decided on the basis of voting. The experimental results show that the veto approach can accurately detect both novel and known malware instances with the higher recall in comparison to majority voting, however, the precision of the veto voting is lower than the majority voting. The veto voting is further extended as trust-based veto voting. A comparison of the majority voting, the veto voting, and the trust-based veto voting is performed. The experimental results indicate the suitability of each voting scheme for detecting a particular class of software. The experimental results for the composite F1-measure indicate that the majority voting is slightly better than the trusted veto voting while the trusted veto is significantly better than the veto classifier.

Place, publisher, year, edition, pages
Innovative Information Science & Technology Research Group , 2013. Vol. 4, no 1, 98-117 p.
Keyword [en]
Malware detection, scareware, veto voting, feature extraction, classification, majority voting, ensemble, trust, malicious software
National Category
Computer Science
Identifiers
URN: urn:nbn:se:bth-7001Local ID: oai:bth.se:forskinfo026B75A577C2FBD6C1257B3400281F31OAI: oai:DiVA.org:bth-7001DiVA: diva2:834570
Note

Open Access Journal

Available from: 2013-03-20 Created: 2013-03-20 Last updated: 2016-09-08Bibliographically approved

Open Access in DiVA

fulltext(1164 kB)102 downloads
File information
File name FULLTEXT01.pdfFile size 1164 kBChecksum SHA-512
46c46f585259ab9b9afe246e9c0705bcefaa87a9fe73f5ee4e4d1917102471e1b7fcb7907fc51533e50a9f4d554d92e372197fc6c2bad5c03c0520a406bd1696
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Shahzad, Raja KhurramLavesson, Niklas
By organisation
School of Computing
In the same journal
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 102 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 283 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf