Adaptive rule-based malware detection employing learning classifier systems

Author

Jonathan Joseph Blount

Abstract

"Efficient and accurate malware detection is increasingly becoming a necessity for society to operate. Existing malware detection systems have excellent performance in identifying known malware for which signatures are available, but poor performance in anomaly detection for zero day exploits for which signatures have not yet been made available or targeted attacks against a specific entity. The primary goal of this thesis is to provide evidence for the potential of learning classier systems to improve the accuracy of malware detection.

A customized system based on a state-of-the-art learning classier system is presented for adaptive rule-based malware detection, which combines a rule-based expert system with evolutionary algorithm based reinforcement learning, thus creating a self-training adaptive malware detection system which dynamically evolves detection rules.

This system is analyzed on a benchmark of malicious and non-malicious files. Experimental results show that the system can outperform C4.5, a well-known non-adaptive machine learning algorithm, under certain conditions. The results demonstrate the system's ability to learn effective rules from repeated presentations of a tagged training set and show the degree of generalization achieved on an independent test set.

This thesis is an extension and expansion of the work published in the Security, Trust, and Privacy for Software Applications workshop in COMPSAC 2011 - the 35th Annual IEEE Signature Conference on Computer Software and Applications"--Abstract, page iii.

Advisor(s)

Tauritz, Daniel R.

Committee Member(s)

McMillin, Bruce M.
Mulder, Samuel A., 1975-

Department(s)

Computer Science

Degree Name

M.S. in Computer Science

Sponsor(s)

Sandia Laboratories

Publisher

Missouri University of Science and Technology

Publication Date

Fall 2011

Pagination

ix, 72 pages

Note about bibliography

Includes bibliographical references (pages 135-137).

Rights

© 2011 Jonathan Joseph Blount, All rights reserved.

Document Type

Thesis - Open Access

File Type

text

Language

English

Subject Headings

Computer security -- Computer programsLearning classifier systemsMalware (Computer software) -- Detection

Thesis Number

T 9917

Print OCLC #

794670887

Electronic OCLC #

755084639

Recommended Citation

Blount, Jonathan Joseph, "Adaptive rule-based malware detection employing learning classifier systems" (2011). Masters Theses. 5008.
https://scholarsmine.mst.edu/masters_theses/5008