Quarterly journal published in SPbPU
and edited by prof. Peter Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
DETECTION MALWARE BASED ON CLUSTERIZATION OF PERFORMED ACTIONS

R.A. Ognev, E.V. Zhukovskiy, D.P. Zegzhda

Annotation: The application of classification algorithms for detecting malicious software is investigated using classes of actions obtained as a result of clustering based on the analysis of sequences of calls to WinAPI-functions as features. The application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and the forest case. The quality assessment was carried out using the accuracy metrics, F1-measure, the area under the ROC curve, as well as taking into account the training time.
Keywords: classification, clustering, malicious software, malicious behavior, machine learning, behavioral analysis, dynamic analysis, computer security
Pages 118-126