Change search
ReferencesLink to record
Permanent link

Direct link
Comparative Analysis of Voting Schemes for Ensemble-based Malware Detection
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2013 (English)In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, ISSN 2093-5374, E-ISSN 2093-5382, Vol. 4, no 1, 98-117 p.Article in journal (Refereed) Published
Abstract [en]

Malicious software (malware) represents a threat to the security and the privacy of computer users. Traditional signature-based and heuristic-based methods are inadequate for detecting some forms of malware. This paper presents a malware detection method based on supervised learning. The main contributions of the paper are two ensemble learning algorithms, two pre-processing techniques, and an empirical evaluation of the proposed algorithms. Sequences of operational codes are extracted as features from malware and benign files. These sequences are used to create three different data sets with different configurations. A set of learning algorithms is evaluated on the data sets. The predictions from the learning algorithms are combined by an ensemble algorithm. The predicted outcome of the ensemble algorithm is decided on the basis of voting. The experimental results show that the veto approach can accurately detect both novel and known malware instances with the higher recall in comparison to majority voting, however, the precision of the veto voting is lower than the majority voting. The veto voting is further extended as trust-based veto voting. A comparison of the majority voting, the veto voting, and the trust-based veto voting is performed. The experimental results indicate the suitability of each voting scheme for detecting a particular class of software. The experimental results for the composite F1-measure indicate that the majority voting is slightly better than the trusted veto voting while the trusted veto is significantly better than the veto classifier.

Place, publisher, year, edition, pages
Innovative Information Science & Technology Research Group , 2013. Vol. 4, no 1, 98-117 p.
Keyword [en]
Malware detection, scareware, veto voting, feature extraction, classification, majority voting, ensemble, trust, malicious software
National Category
Computer Science
URN: urn:nbn:se:bth-7001Local ID: diva2:834570

Open Access Journal

Available from: 2013-03-20 Created: 2013-03-20 Last updated: 2016-09-08Bibliographically approved

Open Access in DiVA

fulltext(1164 kB)69 downloads
File information
File name FULLTEXT01.pdfFile size 1164 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Shahzad, Raja KhurramLavesson, Niklas
By organisation
School of Computing
In the same journal
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 69 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 109 hits
ReferencesLink to record
Permanent link

Direct link