Adaptive Rule-Based Malware Detection Employing Learning Classifier Systems: A Proof of ConceptProceedings of the 35th Annual IEEE International Computer Software and Applications Conference
AbstractEfficient and accurate malware detection is increasingly becoming a necessity for society to operate. Existing malware detection systems have excellent performance in identifying known malware for which signatures are available, but poor performance in anomaly detection for zero day exploits for which signatures have not yet been made available or targeted attacks against a specific entity. The primary goal of this paper is to provide evidence for the potential of learning classifier systems to improve the accuracy of malware detection. A proof of concept is presented for adaptive rule-based malware detection employing learning classifier systems, which combines a rule-based expert system with evolutionary algorithm based reinforcement learning, thus creating a self-training adaptive malware detection system which dynamically evolves detection rules. Experimental results are presented which demonstrate the system's ability to learn effective rules from repeated presentations of a tagged training set and show the degree of generalization achieved on an independent test set.
Meeting Name35th Annual IEEE International Computer Software and Applications Conference Workshops, COMPSACW 2011 (2011: Jul. 18-21, Munich, Germany)
Sponsor(s)Missouri University of Science and Technology. Natural Computation Laboratory
Keywords and Phrases
- Learning Classifier Systems,
- Malware Detection
International Standard Book Number (ISBN)9780769544595
Document TypeArticle - Conference proceedings
Rights© 2011 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.
Citation InformationJonathan J. Blount, Daniel R. Tauritz and Samuel A. Mulder. "Adaptive Rule-Based Malware Detection Employing Learning Classifier Systems: A Proof of Concept" Proceedings of the 35th Annual IEEE International Computer Software and Applications Conference (2011) p. 110 - 115 ISSN: 0730-3157
Available at: http://works.bepress.com/daniel-tauritz/15/