Record Details

Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting

Electronic Theses of Indian Institute of Science

View Archive Info
 
 
Field Value
 
Title Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting
 
Creator Saradha, R
 
Subject Malware (Malicious Software)
Malware, Cyber Attacks
Malware Analysis
Profile Hidden Markov Models
Intrusion Detection Systems
Data Mining
Malware Classification and Clustering
Machine Learning
Malware Detection
Cyber Attacks
Stream-based Learning
Polymorphic Malware Detection
Huffman Encoding
Stream Algorithms
Computer Science
 
Description In the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families.
The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion.
 
Contributor Balakrishan, N
 
Date 2018-02-17T20:34:28Z
2018-02-17T20:34:28Z
2018-02-18
2014
 
Type Thesis
 
Identifier http://hdl.handle.net/2005/3129
http://etd.ncsi.iisc.ernet.in/abstracts/3993/G26341-Abs.pdf
 
Language en_US
 
Relation G26341