Using Four Modalities for Malware Detection Based on Feature Level and Decision Level Fusion
| Autor: | Jarilyn M. Hernández Jiménez, Katerina Goseva-Popstojanova |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
021110 strategic
defence & security studies Artificial neural network Computer science business.industry 0211 other engineering and technologies Evasion (network security) 02 engineering and technology computer.software_genre Machine learning Random forest C4.5 algorithm Feature (computer vision) 0202 electrical engineering electronic engineering information engineering Code (cryptography) Malware 020201 artificial intelligence & image processing Artificial intelligence business computer |
| Zdroj: | Advanced Information Networking and Applications ISBN: 9783030440404 AINA |
| DOI: | 10.1007/978-3-030-44041-1_117 |
| Popis: | This paper is focused on multimodal approaches to malware detection, which have not been explored widely in related works. We use static code-based features and dynamic power-based, network traffic-based, and system log-based features, and propose multimodal approaches that use feature level and decision level fusion. Our findings include: (1) For all considered learners, power-based features alone were very good predictors; some learners performed well using only network traffic-based features. (2) For most standard supervised learning algorithms, feature level fusion improved all performance metrics. If Recall is the highest priority, Random Forest or J48 with feature level fusion should be selected. (3) The proposed deep neural network with decision level fusion had lower Recall, but higher Precision and (1-FPR) values, which led to comparable F-score and better G-score than the Random Forest with feature level fusion. In addition to improving classification performance, multimodal approaches make malware evasion of detection much harder. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|