z-logo
open-access-imgOpen Access
Human-Readable Real-Time Classifications of Malicious Executables
Author(s) -
Anselm Teh,
Arran Stewart
Publication year - 2012
Publication title -
australasian journal of paramedicine
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.177
H-Index - 15
ISSN - 2202-7270
DOI - 10.4225/75/57b55339cd8d3
Subject(s) - computer science , executable , malware , classifier (uml) , perceptron , data mining , decision tree , artificial intelligence , machine learning , pattern recognition (psychology) , artificial neural network , computer security , operating system
Shafiq et al. (2009a) propose a non–signature-based technique for detecting malware which applies data mining techniques to features extracted from executable files. Their technique has a high level of accuracy, a low false positive rate, and a speed on par with commercial anti-virus products. One portion of their technique uses a multi-layer perceptron as a classifier, which provides little insight into the reasons for classification. Our experience is that network security analysts prefer tools which provide human-comprehensible reasons for a classification, rather than operating as “black boxes”. We therefore build on the results of Shafiq et al. by demonstrating a technique which uses decision trees to distinguish packed from non-packed files, producing a classification diagram which can be understood by analysts. We show that the resulting detector still provides high accuracy and classifies files rapidly.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.
Having issues? You can contact us here
Accelerating Research

Address

John Eccles House
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom