DETECTION MALWARE BASED ON CLUSTERIZATION OF PERFORMED ACTIONS
R.A. Ognev, E.V. Zhukovskiy, D.P. Zegzhda
Annotation: The application of classification algorithms for detecting malicious software is investigated using classes of actions obtained as a result of clustering based on the analysis of sequences of calls to WinAPI-functions as features. The application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and the forest case. The quality assessment was carried out using the accuracy metrics, F1-measure, the area under the ROC curve, as well as taking into account the training time.
Keywords: classification, clustering, malicious software, malicious behavior, machine learning, behavioral analysis, dynamic analysis, computer security