Title :
Class-wise information gain
Author :
Pengtao Zhang ; Ying Tan
Author_Institution :
Dept. of Machine Intell., Peking Univ., Beijing, China
Abstract :
This paper proposes a new feature-goodness criterion named class-wise information gain (CIG). The CIG is able to measure the goodness of a feature for recognizing a specific class, and further helps to select the features with the highest information content for a specific class. In order to confirm the effectiveness of the CIG, a CIG-based malware detection method is proposed. Eight groups of experiments on three public malware datasets are carried out to evaluate the performance of the proposed CIG-based malware detection method through cross-validation. Comprehensive experimental results suggest that the CIG is an effective feature-goodness criterion, and the proposed CIG-based malware detection method is effective to detect malware loaders and infected executables. This method outperforms the information gain (IG)-based malware detection method for about 26% in detecting infected executables, without decrease in detecting malware loaders, while its memory requirement is about 60% less than that of the IG-based malware detection method empirically.
Keywords :
feature selection; invasive software; CIG-based malware detection method; class-wise information gain; cross-validation; feature goodness measurement; feature-goodness criterion; infected executable detection; information content; malware loader detection; memory requirement; performance evaluation; public malware datasets; Computers; Educational institutions; Feature extraction; Grippers; Training; Trojan horses;
Conference_Titel :
Information Science and Technology (ICIST), 2013 International Conference on
Conference_Location :
Yangzhou
Print_ISBN :
978-1-4673-5137-9
DOI :
10.1109/ICIST.2013.6747700
