Class-wise information gain

Author

Pengtao Zhang ; Ying Tan

Author_Institution

Dept. of Machine Intell., Peking Univ., Beijing, China

fYear

2013

fDate

23-25 March 2013

Firstpage

972

Lastpage

978

Abstract

This paper proposes a new feature-goodness criterion named class-wise information gain (CIG). The CIG is able to measure the goodness of a feature for recognizing a specific class, and further helps to select the features with the highest information content for a specific class. In order to confirm the effectiveness of the CIG, a CIG-based malware detection method is proposed. Eight groups of experiments on three public malware datasets are carried out to evaluate the performance of the proposed CIG-based malware detection method through cross-validation. Comprehensive experimental results suggest that the CIG is an effective feature-goodness criterion, and the proposed CIG-based malware detection method is effective to detect malware loaders and infected executables. This method outperforms the information gain (IG)-based malware detection method for about 26% in detecting infected executables, without decrease in detecting malware loaders, while its memory requirement is about 60% less than that of the IG-based malware detection method empirically.

Keywords

feature selection; invasive software; CIG-based malware detection method; class-wise information gain; cross-validation; feature goodness measurement; feature-goodness criterion; infected executable detection; information content; malware loader detection; memory requirement; performance evaluation; public malware datasets; Computers; Educational institutions; Feature extraction; Grippers; Training; Trojan horses;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Science and Technology (ICIST), 2013 International Conference on

Conference_Location

Yangzhou

Print_ISBN

978-1-4673-5137-9

Type

conf

DOI

10.1109/ICIST.2013.6747700

Filename

6747700