Research on virus detection technique based on ensemble neural network and SVM

Computer viruses have become a serious threat to the information system. Due to the complexity and behavioral uncertainty of virus codes, as well as the emergence of encryption and metamorphic viruses which lead to the ineffectiveness of traditional detection methods, applying artificial intelligenc...

Full description

Saved in:
Bibliographic Details
Published in:Neurocomputing (Amsterdam) 2014-08, Vol.137, p.24-33
Main Authors: Zhang, Bo-yun, Yin, Jian-ping, Wang, Shu-Lin, Yan, Xi-ai
Format: Article
Language:English
Subjects:
Classifiers
Computer virus
Dynamical systems
Dynamics
D–S theory of evidence
Emergence
Ensemble neural network
Information security
Metamorphic
Neural networks
Support vector machines
Viruses
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Computer viruses have become a serious threat to the information system. Due to the complexity and behavioral uncertainty of virus codes, as well as the emergence of encryption and metamorphic viruses which lead to the ineffectiveness of traditional detection methods, applying artificial intelligence based approach to virus detection has become the focal issue of the current antivirus research. In this paper, we propose a novel approach that introduces ensemble learning into automatic virus detection technique, which is based on the integration of dynamic virus detection and static detection. The detection system utilizes support vector machine (SVM) as member classifier to construct the dynamic behavior model of viruses, and also uses probabilistic neural network (NN) as member classifier for static behavior modeling. Finally, the detection results from all member classifiers are integrated by D–S theory of evidence. The experiments show that the diversity of combining heterogeneous classifiers leads to the great performance improvement of the ensemble method of virus detector. The experimental results show that the proposed approach is very efficient in detecting unknown and metamorphic viruses, and further comparison indicates that its performance is superior to most of the popular commercial antivirus tools.
ISSN:0925-2312
1872-8286
DOI:10.1016/j.neucom.2013.04.055