Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Comparative Analysis of Voting Schemes for Ensemble-based Malware Detection
Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation.
Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation.ORCID iD: 0000-0002-0535-1761
2013 (English)In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISSN 2093-5374, E-ISSN 2093-5382, Vol. 4, no 1, 98-117 p.Article in journal (Refereed) Published
Abstract [en]

Malicious software (malware) represents a threat to the security and the privacy of computer users. Traditional signature-based and heuristic-based methods are inadequate for detecting some forms of malware. This paper presents a malware detection method based on supervised learning. The main contributions of the paper are two ensemble learning algorithms, two pre-processing techniques, and an empirical evaluation of the proposed algorithms. Sequences of operational codes are extracted as features from malware and benign files. These sequences are used to create three different data sets with different configurations. A set of learning algorithms is evaluated on the data sets. The predictions from the learning algorithms are combined by an ensemble algorithm. The predicted outcome of the ensemble algorithm is decided on the basis of voting. The experimental results show that the veto approach can accurately detect both novel and known malware instances with the higher recall in comparison to majority voting, however, the precision of the veto voting is lower than the majority voting. The veto voting is further extended as trust-based veto voting. A comparison of the majority voting, the veto voting, and the trust-based veto voting is performed. The experimental results indicate the suitability of each voting scheme for detecting a particular class of software. The experimental results for the composite F1-measure indicate that the majority voting is slightly better than the trusted veto voting while the trusted veto is significantly better than the veto classifier.

Place, publisher, year, edition, pages
Innovative Information Science & Technology Research Group , 2013. Vol. 4, no 1, 98-117 p.
Keyword [en]
Malware detection, scareware, veto voting, feature extraction, classification, majority voting, ensemble, trust, malicious software
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hj:diva-37964OAI: oai:DiVA.org:hj-37964DiVA: diva2:1159722
Note

Open Access Journal

Available from: 2017-11-23 Created: 2017-11-23 Last updated: 2017-11-23Bibliographically approved

Open Access in DiVA

fulltext(1164 kB)1 downloads
File information
File name FULLTEXT01.pdfFile size 1164 kBChecksum SHA-512
46c46f585259ab9b9afe246e9c0705bcefaa87a9fe73f5ee4e4d1917102471e1b7fcb7907fc51533e50a9f4d554d92e372197fc6c2bad5c03c0520a406bd1696
Type fulltextMimetype application/pdf

Authority records BETA

Lavesson, Niklas

Search in DiVA

By author/editor
Lavesson, Niklas
In the same journal
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 5 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf