Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting
Electronic Theses of Indian Institute of Science
View Archive InfoField | Value | |
Title |
Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting
|
|
Creator |
Saradha, R
|
|
Subject |
Malware (Malicious Software)
Malware, Cyber Attacks Malware Analysis Profile Hidden Markov Models Intrusion Detection Systems Data Mining Malware Classification and Clustering Machine Learning Malware Detection Cyber Attacks Stream-based Learning Polymorphic Malware Detection Huffman Encoding Stream Algorithms Computer Science |
|
Description |
In the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families. The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion. |
|
Contributor |
Balakrishan, N
|
|
Date |
2018-02-17T20:34:28Z
2018-02-17T20:34:28Z 2018-02-18 2014 |
|
Type |
Thesis
|
|
Identifier |
http://hdl.handle.net/2005/3129
http://etd.ncsi.iisc.ernet.in/abstracts/3993/G26341-Abs.pdf |
|
Language |
en_US
|
|
Relation |
G26341
|
|