We propose a novel two step dimensionality reduction approach based on correlation using machine learning techniques for identifying unseen malicious Executable Linkable Files (ELF). System calls used as features are dynamically extracted in a sandbox environment. The extended version of symmetric uncertainty (X-SU) proposed by us, ranks feature by determining Feature-Class correlation using entropy, information gain and further eliminate the redundant features by estimating Feature-Feature correlation using weighted probabilistic information gain. Three learning algorithms (J48, Adaboost and Random Forest) are employed to generate prediction models, from the system call traces. Optimal feature vector constructed using minimum feature length (27 no.) resulted in over all classification accuracy of 99.40% with very less false alarm to identify unknown malicious specimens.
CITATION STYLE
Asmitha, K. A., & Vinod, P. (2014). Linux malware detection using extended-symmetric uncertainty. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8804, pp. 319–332). Springer Verlag. https://doi.org/10.1007/978-3-319-12060-7_21
Mendeley helps you to discover research relevant for your work.