|
使用集群集成的自动恶意软件分类
Automatic Malware Categorization Using Cluster Ensemble |
|
| |
| 课程网址: |
http://videolectures.net/kdd2010_ye_amcu/
|
| 主讲教师: |
Yanfang Ye
|
| 开课单位: |
西弗吉尼亚大学
|
| 开课时间: |
2010-10-01
|
| 课程语种: |
英语
|
| 中文简介: |
本文在分析指令频率和基于函数的指令序列的基础上,开发了一种自动恶意软件分类系统(AMCS),通过对不同类型的恶意软件产生的聚类解进行聚类,将恶意软件样本自动分组为具有相同特征的族。T基聚类算法。我们提出了一个基于一致性划分的组合单个集群解决方案的原则性集群集成框架。以样本级约束形式的领域知识可以自然地融入到集成框架中。此外,针对特征表示的特点,提出了一种混合层次聚类算法,结合层次聚类和k-类星体算法的优点,结合加权子空间k-类星体算法生成基聚类。我们的AMCS系统的分类结果可用于生成对恶意软件检测有用的恶意软件系列的签名。金山杀毒实验室对大型和真实的日常恶意软件收集的案例研究证明了我们的AMCS系统的有效性和效率。
|
| 课程简介: |
In this paper, resting on the analysis of instruction frequency and function-based instruction sequences, we develop an Automatic Malware Categorization System (AMCS) for automatically grouping malware samples into families that share some common characteristics using a cluster ensemble by aggregating the clustering solutions generated by different base clustering algorithms. We propose a principled cluster ensemble framework for combining individual clustering solutions based on the consensus partition. The domain knowledge in the form of sample-level constraints can be naturally incorporated in the ensemble framework. In addition, to account for the characteristics of feature representations, we propose a hybrid hierarchical clustering algorithm which combines the merits of hierarchical clustering and k-medoids algorithms and a weighted subspace K-medoids algorithm to generate base clusterings. The categorization results of our AMCS system can be used to generate signatures for malware families that are useful for malware detection. The case studies on large and real daily malware collection from Kingsoft Anti-Virus Lab demonstrate the effectiveness and efficiency of our AMCS system.
|
| 关 键 词: |
指令频率; 恶意软件分类系统; 聚类集成; 样本级约束
|
| 课程来源: |
视频讲座网
|
| 最后编审: |
2019-12-24:lxf
|
| 阅读次数: |
32
|
|
图 书 馆