• DocumentCode
    2919418
  • Title

    Malicious Code Detection and Acquisition Using Active Learning

  • Author

    Moskovitch, Robert ; Nissim, Nir ; Elovici, Yuval

  • Author_Institution
    Univ. Ben Gurion, Be´´er Sheva
  • fYear
    2007
  • fDate
    23-24 May 2007
  • Firstpage
    371
  • Lastpage
    371
  • Abstract
    Detection of known malicious code is commonly performed by anti-virus tools. These tools detect the known malicious code using signature detection methods. Each time a new malicious code is found the anti-virus vendors create a new signature and update their clients. During the period between the appearance of a new unknown malicious code and the update of the signature base of the anti-virus clients, millions of computers might be infected. In order to cope with this problem, new solutions must be found for detecting unknown malicious code at the entrance of a client´s computer. We presented here the use of active learning in the acquisition of unknown malicious code. Preliminary Results are encouraging. We are currently in the process of creating a wide test collection of more than 30,000 benign and malicious files to evaluate several active learning criterions.
  • Keywords
    digital signatures; invasive software; learning (artificial intelligence); support vector machines; active learning; anti-virus tool; malicious code detection; signature detection; support vector machine; Binary codes; Computer errors; Data mining; Feature extraction; Humans; Labeling; Laboratories; Learning systems; Machine learning; Phase detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics, 2007 IEEE
  • Conference_Location
    New Brunswick, NJ
  • Electronic_ISBN
    1-4244-1329-X
  • Type

    conf

  • DOI
    10.1109/ISI.2007.379505
  • Filename
    4258731
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2919418