Clustering versus SVM for malware detectionJournal of Computer Virology and Hacking Techniques (2016)
Previous work has shown that cluster analysis can be used to effectively classify malware into meaningful families. In this research, we apply cluster analysis to the challenging problem of classifying previously unknown malware. We perform several experiments involving malware clustering. We compare our clustering results to those obtained when a support vector machine (SVM) is trained on the malware family. Using clustering, we are able to classify malware with an accuracy comparable to that of an SVM. An advantage of the clustering approach is that a new malware family can be classified before a model has been trained specifically for the family.
Publication DateNovember, 2016
Citation InformationMark Stamp, Usha Narra, Fabio Di Troia, Visaggio A. Corrado, et al.. "Clustering versus SVM for malware detection" Journal of Computer Virology and Hacking Techniques Vol. 12 Iss. 4 (2016) p. 213 - 224 ISSN: 2274-2042
Available at: http://works.bepress.com/mark_stamp/34/