Abstract
In this paper, we generalize the problem of multi-classifiers combination by using modified bagging method to detect previously unknown viruses. The detection engine applies two algorithms, Support Vector Machine and BP neural network to virus detection. For SVM classifier, we extract the feature vector from the API function calls by monitor the programs. And the static feature of program, n-gram, is used in the BP neural network classifier. Finally, the D-S theory of evidence is used to combine the contribution of each individual classifier to give the final decision. Our extensive experiments have shown that the combination approach improves the performance of the individual classifier significantly. It shows that the present method could effectively be used to discriminate normal and abnormal programs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kephart, J., Arnold, W.: Automatic Extraction of Computer Virus Signatures. In: Proceedings of the 4th Virus Bulletin International Conference, Abingdon, pp. 178–184 (1994)
Lo, R., Levitt, K., Olsson, R.: MCF: A Malicious Code Filter. Computers and Security 14, 541–566 (1995)
Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert 8, 5–6 (1996)
Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: proceedings of the 10th ACM SIGKDD international conference on knowledge discovery and data mining, pp. 470–478. ACM Press, New York (2004)
Giacinto, G., Roli, F.: An approach to the automatic design of multiple classifier systems. Pattern Recognition Letters 1, 25–33 (2001)
Zhou, Z.H., Wu, J.X., Tang, W.: Ensembling Neural Networks: Many Could be Better than All. Artificial Intelligence 137, 239–263 (2002)
Granitto, P.M., Verdes, P.F., Navone, H.D., Ceccatto, H.A.: Aggregation Algorithms for Neural Network Ensemble Construction. In: Werner, B. (ed.) Proceedings of the VII Brazilian Symposium on Neural Networks, IEEE Computer Society, Pernambuco, Brazil, pp. 178–183. IEEE Computer Society Press, Los Alamitos (2002)
Yan, W.W., Chen, Z.G., Shao, H.H.: Multi support vector machines decision model and its application. Journal of Shanghai Jiaotong University E-7(2), 220–222 (2002)
Jurafsky, D., James, H.: Speech and Language Processing. Prentice-Hall, Inc., New York (2000)
Bauer, E., Kohavi, R.: An empirical comparison of voting classification algorithms: bagging, boosting, and variants. Machine Learning 36, 105–139 (1999)
Dempster, A.: Upper and lower probabilities induced by multi-valued mapping. Annals of Mathematical Statistics 2, 325–339 (1967)
Xu, L., Krzyzak, A., Suen, C.: Methods of combining multiple classifiers and their applications to handwritten recognition. IEEE Transactions on Systems, Man and Cybernetics SMC 22(3), 418–435 (1992)
Orponen, P.: Dempster’s rule of combination is P-complete. Artificial Intelligence 1-2, 245–253 (1990)
Barnet, J.A.: Computational Methods for a Mathematical Theory of Evidence. In: Proceedings of 7th International Conference on Artificial Intelligence, pp. 868–875 (1981)
Vx heavens, http://www.vx.netlux.org
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, B., Yin, J., Hao, J. (2007). Intelligent Detection Computer Viruses Based on Multiple Classifiers. In: Indulska, J., Ma, J., Yang, L.T., Ungerer, T., Cao, J. (eds) Ubiquitous Intelligence and Computing. UIC 2007. Lecture Notes in Computer Science, vol 4611. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73549-6_115
Download citation
DOI: https://doi.org/10.1007/978-3-540-73549-6_115
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73548-9
Online ISBN: 978-3-540-73549-6
eBook Packages: Computer ScienceComputer Science (R0)