Nauman et al. used game-theoretic rough sets (GTRS) and information-theoretic rough sets (ITRS) to show that a three-way decision-making approach (acceptance, rejection and deferment) outperforms two-way (accept, reject) decision-making techniques in network flow analysis for Windows malware detection. Machine learning techniques have been used for malware detection. True Negative (TN): shows the ratio of malware correctly detected as malware įalse Positive (FP): shows that the ratio of malware files identified as benign andįalse Negative (FN): shows the ratio of goodware classified as malware.Īccuracy (ACC): measures the ratio that a classifier correctly detected malware and benign samples (goodware), and is computed using following formula: True Positive (TP): shows the ratio of goodware classified as benign The following performance indicators are used for evaluating the performance of our machine learning classifiers: These datasets are then evaluated using four main classification techniques, namely: Nave Bayes, Bayesian Net, Multi Layer Perceptron (MLP), Decision Tree-J48, and Weighted Radial Basis Function Kernels-Based Support Vector Machine (Weighted-RBFSVM). This measure weights each library based on its frequency of occurrence in malware and benign applications. We then propose a new weighting measure for classifying OS X goodware and malware based on the frequency of library calling. This provides us a novel measure based on application’s library calling to detect malware from benign samples. In this paper, we propose a machine learning model to detect OS X malware based on the Radial Base Function (RBF) in the SVM technique. This could be, perhaps, due to the lack of a suitable research dataset and the difficulties in collecting OS X malware. While there have been promising results on the use of machine learning in Windows and Android malware detection, there has been no prior work on using machine learning for OS X malware detection. Approaches using unsupervised techniques generally do not require the separation of malware and goodware, and programs are generally classified based on observable similarities or differences. In approaches using supervised techniques, tagged datasets of malicious and benign programs are required for training. Security researchers have developed a wide range of anti-malware tools and malware detection techniques in their battle against the ever increasing malware and potentially malicious programs, including approaches based on supervised and unsupervised machine learning techniques for malware detection. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset. All malware classification experiments are tested using cross validation technique. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were created. The model applies kernel base Support Vector Machine and a novel weighting measure based on application library calls to detect OS X malware. In this paper, we propose a supervised machine learning model. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |