Malware detection using Kernel Constrained Subspace Method

2023 18th International Conference on Machine Vision and Applications (MVA) Pub Date : 2023-07-23 DOI:10.23919/MVA57639.2023.10215631

DJAFER YAHIA M BENCHADI, Messaoud Benchadi, Bojan Batalo, K. Fukui

{"title":"Malware detection using Kernel Constrained Subspace Method","authors":"DJAFER YAHIA M BENCHADI, Messaoud Benchadi, Bojan Batalo, K. Fukui","doi":"10.23919/MVA57639.2023.10215631","DOIUrl":null,"url":null,"abstract":"This paper proposes a novel approach based on subspace representation for malware detection, an important task of distinguishing between safe and malware (malicious) file classes. Our solution is to utilize a target software’s byte-level visualization (image pattern) and represent the two classes by low-dimensional subspaces respectively, in high-dimensional vector space. We use the kernel constrained subspace method (KCSM) as a classifier, which has shown excellent results in various pattern recognition tasks. However, its computational cost may be high due to the use of kernel trick, which makes it difficult to achieve real-time detection. To address this issue, we introduce Random Fourier Features (RFF), which we can handle directly like standard vectors, bypassing the kernel trick. This approach reduces execution time by around 99%, while retaining a high recognition rate. We conduct extensive experiments on several public malware datasets, and demonstrate superior results against several baselines and previous approaches.","PeriodicalId":338734,"journal":{"name":"2023 18th International Conference on Machine Vision and Applications (MVA)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 18th International Conference on Machine Vision and Applications (MVA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/MVA57639.2023.10215631","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This paper proposes a novel approach based on subspace representation for malware detection, an important task of distinguishing between safe and malware (malicious) file classes. Our solution is to utilize a target software’s byte-level visualization (image pattern) and represent the two classes by low-dimensional subspaces respectively, in high-dimensional vector space. We use the kernel constrained subspace method (KCSM) as a classifier, which has shown excellent results in various pattern recognition tasks. However, its computational cost may be high due to the use of kernel trick, which makes it difficult to achieve real-time detection. To address this issue, we introduce Random Fourier Features (RFF), which we can handle directly like standard vectors, bypassing the kernel trick. This approach reduces execution time by around 99%, while retaining a high recognition rate. We conduct extensive experiments on several public malware datasets, and demonstrate superior results against several baselines and previous approaches.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于核约束子空间方法的恶意软件检测

本文提出了一种基于子空间表示的恶意软件检测方法，这是区分安全与恶意(恶意)文件类的重要任务。我们的解决方案是利用目标软件的字节级可视化(图像模式)，并在高维向量空间中分别用低维子空间表示这两个类。我们将核约束子空间方法(KCSM)作为分类器，该方法在各种模式识别任务中显示出优异的效果。然而，由于使用核技巧，其计算成本可能很高，难以实现实时检测。为了解决这个问题，我们引入随机傅立叶特征(RFF)，我们可以像处理标准向量一样直接处理它，绕过核技巧。这种方法减少了大约99%的执行时间，同时保持了高识别率。我们在几个公共恶意软件数据集上进行了广泛的实验，并在几个基线和以前的方法上展示了优越的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2023 18th International Conference on Machine Vision and Applications (MVA)

自引率

0.00%

发文量