Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey

Abou-Assaleh T, Cercone N, Keselj V, Sweidan R. N-gram based detection of new malicious code. In: Proceedings of the 28th annual international computer software and applications conference; 2004. Bilar, 2007, Opcodes as predictor for malware, International Journal of Electronic Security and Digital Forensic, 1, 2, 10.1504/IJESDF.2007.016865 Bishop, 1995 Buntine W. A theory of learning classification rules. Doctoral dissertation, Sydney: School of Computing Science, University of Technology; 1990. Chawla, 2002, SMOTE: synthetic minority over-sampling technique, Journal of Artificial Intelligence Research (JAIR), 16, 321, 10.1613/jair.953 Chawla, 2004, Editorial: special issue on learning from imbalanced data sets, SIGKDD Explorations Newsletter, 6, 1, 10.1145/1007730.1007733 Christodorescu, 2004, Testing malware detectors, ACM SIGSOFT Software Engineering Notes, 29, 34, 10.1145/1013886.1007518 Clark P, Boswell R. Rule induction with CN2: some recent improvements. In: Proc. of the European working session on learning; 1991. p. 151–63. Dempster, 1967, Upper and lower probabilities induced by multi-valued mapping, Annals of Mathematical Statistics, 2, 325, 10.1214/aoms/1177698950 Dolev S, Tzachar N. Malware signature builder and detection for executable code. Patent application; 2008. Domingos, 1997, On the optimality of simple Bayesian classifier under zero-one loss, Machine Learning, 29, 103, 10.1023/A:1007413511361 Dzeroski, 2004, Is combining classifiers with stacking better than selecting the best one?, Machine Learning, 54, 255, 10.1023/B:MACH.0000015881.36452.6e Elovici Y, Shabtai A, Moskovitch R, Tahan G, Glezer C. Applying machine learning techniques for detection of malicious code in network traffic, KI; 2007. p. 44–50. Fawcett, 1997, Adaptive fraud detection, Data Mining and Knowledge Discovery, 1, 291, 10.1023/A:1009700419189 Freund Y, Schapire RE. A brief introduction to boosting. In: International joint conference on artificial intelligence; 1999. Golub, 1999, Molecular classification of cancer: class discovery and class prediction by gene expression monitoring, Science, 286, 531, 10.1126/science.286.5439.531 Gryaznov D. Scanners of the year 2000: heuristics. In: Proceedings of the 5th international virus bulletin; 1999. Guvenir GD. Classification by voting feature intervals. In: 9th European conference on machine learning; 1997. p. 85–92. Heidari Henchiri O, Japkowicz N. A feature selection and evaluation scheme for computer virus detection. In: Proceedings of ICDM-2006, Hong Kong; 2006. p. 891–95. Holte, 1993, Very simple classification rules perform well on most commonly used datasets, Machine Learning, 11, 63, 10.1023/A:1022631118932 Japkowicz, 2002, The class imbalance problem: a systematic study, Intelligent Data Analysis Journal, 6 Joachims, 1998, Making large-scale support vector machine learning practical Jacob, 2008, Behavioral detection of malware: from a survey towards an established taxonomy, Journal in Computer Virology, 4, 251, 10.1007/s11416-008-0086-0 John GH, Langley P. Estimating continuous distributions in Bayesian classifiers. In: Proc. of the conference on uncertainty in artificial intelligence; 1995. p. 338–45. Kam HT. Random decision forest. In: Proc. of the 3rd int'l conf. on document analysis and recognition, Montreal, Canada, August 14–18; 1995. p. 278–82. Karim, 2005, Malware phylogeny generation using permutations of code, Journal in Computer Virology, 1, 13, 10.1007/s11416-005-0002-9 Kibler, 1991, Instance-based learning algorithms, Machine Learning, 37 Kienzle DM, Elder MC. Internet WORMS: past, present, and future: recent worms: a survey and trends. In: ACM workshop on rapid malcode (WORM03); 2003. Kittler, 1998, On combining classifiers, IEEE Transactions on Pattern Analysis and Machine Intelligence, 20, 226, 10.1109/34.667881 Kolter, 2004, Learning to detect malicious executables in the wild, 470 Kolter, 2006, Learning to detect and classify malicious executables in the wild, Journal of Machine Learning Research, 7, 2721 Kubat M, Matwin S. Addressing the curse of imbalanced data sets: one-sided sampling. In: Proceedings of the 14th international conference on machine learning; 1997. p. 179–86. Kuncheva, 2005, Diversity in multiple classifier systems (editorial), Information Fusion, 6, 3, 10.1016/j.inffus.2004.04.009 Ling CX, Li C. Data mining for direct marketing: problems and solutions. In: Proceedings of the 4th ACM SIGKDD international conference on knowledge discovery and data mining; 1998. p. 73–79. Menahem E. Troika – an improved stacking schema for classification tasks. M.Sc. thesis, Israel: Information System Engineering Dept., Ben-Gurion University of the Negev; 2008. Menahem, 2008, Improving malware detection by applying multi-inducer ensemble, Computational Statistics and Data Analysis Mitchell, 1997 Moskovitch R, Feher, Tzachar N, Berger E, Gitelman M, Dolev S, et al. Unknown malcode detection using OPCODE representation. In: European conference on intelligence and security informatics 2008 (EuroISI08), Esbjerg, Denmark; 2008a. Moskovitch R, Feher C, Elovici Y. Unknown malcode detection – a chronological evaluation. In: IEEE Intelligence And Security Informatics; 2008b. Moskovitch R, Nissim N, Elovici Y. Acquisition of malicious code using active learning. In: PinKDD; 2008c. Moskovitch R, Stopel D, Feher C, Nissim N, Elovici Y. Unknown malcode detection via text categorization and the imbalance problem. In: IEEE Intelligence and Security Informatics, Taiwan; 2008d. Opitz, 1996, Generating accurate and diverse members of a neural network ensemble, Advances in Neural Information Processing Systems, 8, 535 Pearl, 1987, Evidential reasoning using stochastic, simulation of causal models, Artificial Intelligence, 32, 245, 10.1016/0004-3702(87)90012-9 Quinlan, 1993 Roy N, McCallum A. Toward optimal active learning through sampling estimation of error reduction. In: ICML; 2001. Salton, 1975, A vector space model for automatic indexing, Communications of the ACM, 18, 613, 10.1145/361219.361220 Schultz M, Eskin E, Zadok E, Stolfo S. Data mining methods for detection of new malicious executables. In: Proc. of the IEEE symposium on security and privacy; 2001. p. 178–84. Seewald AK. Towards understanding stacking – studies of a general ensemble learning scheme. PhD thesis, TU Wien; 2003. Shin S, Jung J, Balakrishnan H. Malware prevalence in the KaZaA file-sharing network. In: Internet measurement conference (IMC), Brazil; 2006. Siddiqui, 2008, Data mining methods for malware detection using instruction sequences, Artificial Intelligence and Applications Tong, 2000, Support vector machine active learning with applications to text classification, Journal of Machine Learning Research, 2, 45 White, 1999 Witten, 2005 Wolpert, 1992, Stacked generalization, Neural Networks, 5, 241, 10.1016/S0893-6080(05)80023-1 Zhang B, Yin J, Hao J, Zhang D, Wang S. Malicious codes detection based on ensemble learning. Autonomic and trusted computing; 2007. p. 468–27.