"Clustering versus SVM for malware detection" by Mark Stamp

Selected Works of Mark Stamp

Follow Contact

Article

Clustering versus SVM for malware detection

Journal of Computer Virology and Hacking Techniques (2016)

Mark Stamp, San Jose State University
Usha Narra, San Jose State University
Fabio Di Troia, Università degli Studi del Sannio
Visaggio A. Corrado, Università degli Studi del Sannio
Thomas H. Austin, San Jose State University

Link

Abstract

Previous work has shown that cluster analysis can be used to effectively classify malware into meaningful families. In this research, we apply cluster analysis to the challenging problem of classifying previously unknown malware. We perform several experiments involving malware clustering. We compare our clustering results to those obtained when a support vector machine (SVM) is trained on the malware family. Using clustering, we are able to classify malware with an accuracy comparable to that of an SVM. An advantage of the clustering approach is that a new malware family can be classified before a model has been trained specifically for the family.

Disciplines

Computer Sciences

Publication Date

November, 2016

DOI

10.1007/s11416-015-0253-z

Publisher Statement

SJSU Users: use the following link to login and access the article via SJSU databases.

Citation Information

Mark Stamp, Usha Narra, Fabio Di Troia, Visaggio A. Corrado, et al.. "Clustering versus SVM for malware detection" Journal of Computer Virology and Hacking Techniques Vol. 12 Iss. 4 (2016) p. 213 - 224 ISSN: 2274-2042
Available at: http://works.bepress.com/mark_stamp/34/