"Efficient and accurate malware detection is increasingly becoming a necessity for society to operate. Existing malware detection systems have excellent performance in identifying known malware for which signatures are available, but poor performance in anomaly detection for zero day exploits for which signatures have not yet been made available or targeted attacks against a specific entity. The primary goal of this thesis is to provide evidence for the potential of learning classier systems to improve the accuracy of malware detection.
A customized system based on a state-of-the-art learning classier system is presented for adaptive rule-based malware detection, which combines a rule-based expert system with evolutionary algorithm based reinforcement learning, thus creating a self-training adaptive malware detection system which dynamically evolves detection rules.
This system is analyzed on a benchmark of malicious and non-malicious files. Experimental results show that the system can outperform C4.5, a well-known non-adaptive machine learning algorithm, under certain conditions. The results demonstrate the system's ability to learn effective rules from repeated presentations of a tagged training set and show the degree of generalization achieved on an independent test set.
This thesis is an extension and expansion of the work published in the Security, Trust, and Privacy for Software Applications workshop in COMPSAC 2011 - the 35th Annual IEEE Signature Conference on Computer Software and Applications"--Abstract, page iii.
Tauritz, Daniel R.
McMillin, Bruce M.
Mulder, Samuel A., 1975-
M.S. in Computer Science
Missouri University of Science and Technology
ix, 72 pages
© 2011 Jonathan Joseph Blount, All rights reserved.
Thesis - Open Access
Computer security -- Computer programs
Learning classifier systems
Malware (Computer software) -- Detection
Print OCLC #
Electronic OCLC #
Link to Catalog Record
Blount, Jonathan Joseph, "Adaptive rule-based malware detection employing learning classifier systems" (2011). Masters Theses. 5008.