Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Detecting Scareware by Mining Variable Length Instruction Sequences
2011 (engelsk)Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Scareware is a recent type of malicious software that may pose financial and privacy-related threats to novice users. Traditional countermeasures, such as anti-virus software, require regular updates and often lack the capability of detecting novel (unseen) instances. This paper presents a scareware detection method that is based on the application of machine learning algorithms to learn patterns in extracted variable length opcode sequences derived from instruction sequences of binary files. The patterns are then used to classify software as legitimate or scareware but they may also reveal interpretable behavior that is unique to either type of software. We have obtained a large number of real world scareware applications and designed a data set with 550 scareware instances and 250 benign instances. The experimental results show that several common data mining algorithms are able to generate accurate models from the data set. The Random Forest algorithm is shown to outperform the other algorithms in the experiment. Essentially, our study shows that, even though the differences between scareware and legitimate software are subtler than between, say, viruses and legitimate software, the same type of machine learning approach can be used in both of these dissimilar cases.

sted, utgiver, år, opplag, sider
Johannesburg: IEEE Press, 2011.
Emneord [en]
Scareware, Instruction Sequences, Classification
HSV kategori
Identifikatorer
URN: urn:nbn:se:hj:diva-37965ISBN: 978-1-4577-1482-5 (tryckt)OAI: oai:DiVA.org:hj-37965DiVA, id: diva2:1159717
Konferanse
Information Security for South Africa
Tilgjengelig fra: 2017-11-23 Laget: 2017-11-23 Sist oppdatert: 2018-01-13bibliografisk kontrollert

Open Access i DiVA

fulltext(234 kB)50 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 234 kBChecksum SHA-512
0005a687508bef5ee1dd2c93aae7bc798b50c777b3e481eb9a8592dc7f2b1fac65eb982220a966962c9467c637355094366b2047306e31e80ad0f37975109ece
Type fulltextMimetype application/pdf

Personposter BETA

Lavesson, Niklas

Søk i DiVA

Av forfatter/redaktør
Lavesson, Niklas

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 50 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 46 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf