Real-Time Malware Process Detection and Automated Process Killing

Perimeter-based detection is no longer sufficient for mitigating the threat posed by malicious software. This is evident as antivirus (AV) products are replaced by endpoint detection and response (EDR) products, the latter allowing visibility into live machine activity rather than relying on the AV to filter out malicious artefacts. This paper argues that detecting malware in real-time on an endpoint necessitates an automated response due to the rapid and destructive nature of some malware. The proposed model uses statistical filtering on top of a machine learning dynamic behavioural malware detection model in order to detect individual malicious processes on the fly and kill those which are deemed malicious. In an experiment to measure the tangible impact of this system, we find that fast-acting ransomware is prevented from corrupting 92% of files with a false positive rate of 14%. Whilst the false-positive rate currently remains too high to adopt this approach as-is, these initial results demonstrate the need for a detection model that is able to act within seconds of the malware execution beginning; a timescale that has not been addressed by previous work.

Download Full-text

The Study of the Ontology and Context Verification Based Intrusion Detection Model

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.3338 ◽

2014 ◽

Vol 644-650 ◽

pp. 3338-3341 ◽

Cited By ~ 1

Author(s):

Guang Feng Guo

Keyword(s):

Intrusion Detection ◽

Knowledge Base ◽

False Positive ◽

Intrusion Detection System ◽

Detection System ◽

False Positive Rate ◽

False Positives ◽

The Real ◽

Detection Model ◽

Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Download Full-text

Deep-learning and radiomics ensemble classifier for false positive reduction in brain metastases segmentation

Physics in Medicine and Biology ◽

10.1088/1361-6560/ac4667 ◽

2021 ◽

Author(s):

Zi Yang ◽

Mingli Chen ◽

Mahdieh Kazemimoghadam ◽

Lin Ma ◽

Strahinja Stojadinovic ◽

...

Keyword(s):

Deep Learning ◽

Brain Metastases ◽

False Positive ◽

False Positive Rate ◽

Ensemble Classifier ◽

Support Vector ◽

Svm Classifier ◽

Siamese Network ◽

Proposed Model ◽

Positive Rate

Abstract Stereotactic radiosurgery (SRS) is now the standard of care for brain metastases (BMs) patients. The SRS treatment planning process requires precise target delineation, which in clinical workflow for patients with multiple (>4) BMs (mBMs) could become a pronounced time bottleneck. Our group has developed an automated BMs segmentation platform to assist in this process. The accuracy of the auto-segmentation, however, is influenced by the presence of false-positive segmentations, mainly caused by the injected contrast during MRI acquisition. To address this problem and further improve the segmentation performance, a deep-learning and radiomics ensemble classifier was developed to reduce the false-positive rate in segmentations. The proposed model consists of a Siamese network and a radiomic-based support vector machine (SVM) classifier. The 2D-based Siamese network contains a pair of parallel feature extractors with shared weights followed by a single classifier. This architecture is designed to identify the inter-class difference. On the other hand, the SVM model takes the radiomic features extracted from 3D segmentation volumes as the input for twofold classification, either a false-positive segmentation or a true BM. Lastly, the outputs from both models create an ensemble to generate the final label. The performance of the proposed model in the segmented mBMs testing dataset reached the accuracy (ACC), sensitivity (SEN), specificity (SPE) and area under the curve (AUC) of 0.91, 0.96, 0.90 and 0.93, respectively. After integrating the proposed model into the original segmentation platform, the average segmentation false negative rate (FNR) and the false positive over the union (FPoU) were 0.13 and 0.09, respectively, which preserved the initial FNR (0.07) and significantly improved the FPoU (0.55). The proposed method effectively reduced the false-positive rate in the BMs raw segmentations indicating that the integration of the proposed ensemble classifier into the BMs segmentation platform provides a beneficial tool for mBMs SRS management.

Download Full-text

What We Think before a Voluntary Movement

Journal of Cognitive Neuroscience ◽

10.1162/jocn_a_00360 ◽

2013 ◽

Vol 25 (6) ◽

pp. 822-829 ◽

Cited By ~ 14

Author(s):

Logan Schneider ◽

Elise Houdayer ◽

Ou Bai ◽

Mark Hallett

Keyword(s):

Real Time ◽

False Positive ◽

Voluntary Movement ◽

False Positive Rate ◽

Central Feature ◽

Voluntary Movements ◽

Eeg Signal ◽

Positive Rate ◽

Multiple Variables ◽

The Brain

A central feature of voluntary movement is the sense of volition, but when this sense arises in the course of movement formulation and execution is not clear. Many studies have explored how the brain might be actively preparing movement before the sense of volition; however, because the timing of the sense of volition has depended on subjective and retrospective judgments, these findings are still regarded with a degree of scepticism. EEG events such as beta event-related desynchronization and movement-related cortical potentials are associated with the brain's programming of movement. Using an optimized EEG signal derived from multiple variables, we were able to make real-time predictions of movements in advance of their occurrence with a low false-positive rate. We asked participants what they were thinking at the time of prediction: Sometimes they were thinking about movement, and other times they were not. Our results indicate that the brain can be preparing to make voluntary movements while participants are thinking about something else.

Download Full-text

A Network Troubleshooting Method Based on Dempster Rule

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.687-691.2611 ◽

2014 ◽

Vol 687-691 ◽

pp. 2611-2617

Author(s):

Hong Hai Zhou ◽

Pei Bin Liu ◽

Zhi Hao Jin

Keyword(s):

Fault Diagnosis ◽

Real Time ◽

False Positive ◽

Response Rate ◽

False Positive Rate ◽

False Positives ◽

Belief Functions ◽

Positive Rate ◽

New Formula ◽

Network Troubleshooting

In this paper, a new method which is named DRNFD for network troubleshooting is brought forward in which “abnormal degree” is defined by the vector of probability and belief functions in a privileged process. A new formula based on Dempster Rule is presented to decrease false positives. This method (DRNFD) can effectively reduce false positive rate and non-response rate and can be applied to real-time fault diagnosis. The operational prototypical system demonstrates its feasibility and gets the effectiveness of real-time fault diagnosis.

Download Full-text

A Novel Real-Time PCR Assay for Detection of HLA-A*31:01 in Individuals Being Considered for Carbamazepine Therapy

CNS Spectrums ◽

10.1017/s1092852920002461 ◽

2021 ◽

Vol 26 (2) ◽

pp. 154-155

Author(s):

David S. Krause ◽

Kathleen Davis ◽

Daniel Dowd ◽

David J. Robbins

Keyword(s):

Real Time ◽

Real Time Pcr ◽

False Positive ◽

False Positive Rate ◽

Hla Typing ◽

Stevens Johnson Syndrome ◽

Pcr Assay ◽

Tag Snp ◽

Carbamazepine Therapy ◽

Positive Rate

AbstractBackgroundCarbamazepine, an anticonvulsant also used as a mood stabilizer and for trigeminal neuralgia, is associated with serious, sometimes fatal cutaneous adverse drug reactions, including Stevens Johnson Syndrome and toxic epidermal necrolysis1. Current literature demonstrates a genetic predisposition linked to specific class I and II human leukocyte antigen (HLA) types in various ethnic populations2. HLA-A*31:01 is one such HLA type, and is routinely identified by the tag SNP rs1061235. However, rs1061235 has poor specificity for HLA*31:01 due to interference of HLA-A*33 types3. We investigated the false positive rate in our population and developed a novel real-time PCR assay that distinguishes HLA-A*31:01 from other HLA-A types including HLA-A*33.Methods120 unique samples were tested in triplicate during the validation of this assay and were sent to a reference lab for HLA next generation sequencing (NGS) typing, including 89 in-house samples and 31 Coriell samples with documented HLA typing results. The results from our real-time PCR assay were compared to the HLA typing results. HLA typing results were also compared to the tag SNP rs1061235 results to calculate the false positive rate.ResultsThere was 100% concordance between our real-time PCR results and expected results based on HLA typing. 89 sample results for tag SNP rs1061235 were compared to HLA typing results. 75/89 samples had a rs1061235 variant, but 31/75 (41%) samples did not have the HLA-A*31:01 type, thus defining the false positive rate of the tag SNP for our population. We theorized there would be a small subset of rare HLA-A types that would interfere with the assay and we tested the three types available to us. We confirmed that 3 of the HLA types (HLA-A*31:04, 31:12, and 31:16) result falsely positive due to sequence homology with 31:01. There is no known literature indicating whether these rare HLA-A*31 subtypes are associated with cutaneous adverse reactions. These 3 HLA types and the other suspected interfering HLA types have limited frequency data sets and are expected to occur rarely in our patient population; we expect these HLA types make up less than 0.003% of the our population. Our assay specificity for the validation is >99%.ConclusionsOur custom real-time PCR assay for detection of HLA-A*31:01 is significantly more specific than the commonly used tag SNP rs1061235. Clinicians considering carbamazepine therapy for their patients will have a better understanding of cutaneous adverse reaction risk and can make improved personalized treatment decisions. This quick, cost effective assay allows more patients in need of carbamazepine treatment to benefit from its use.FundingGenomind, Inc.

Download Full-text

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

MENDEL ◽

10.13164/mendel.2019.2.001 ◽

2019 ◽

Vol 25 (2) ◽

pp. 1-10 ◽

Cited By ~ 2

Author(s):

Ivan Zelinka ◽

Eslam Amer

Keyword(s):

Machine Learning ◽

False Positive Rate ◽

Malware Detection ◽

Machine Learning Techniques ◽

Detection Methods ◽

Detection Model ◽

Learning Techniques ◽

Proposed Model ◽

Positive Rate ◽

Minimum Number

Current commercial antivirus detection engines still rely on signature-based methods. However, with the huge increase in the number of new malware, current detection methods become not suitable. In this paper, we introduce a malware detection model based on ensemble learning. The model is trained using the minimum number of signification features that are extracted from the file header. Evaluations show that the ensemble models slightly outperform individual classification models. Experimental evaluations show that our model can predict unseen malware with an accuracy rate of 0.998 and with a false positive rate of 0.002. The paper also includes a comparison between the performance of the proposed model and with different machine learning techniques. We are emphasizing the use of machine learning based approaches to replace conventional signature-based methods.

Download Full-text

Optimizing Android Malware Detection Via Ensemble Learning

International Journal of Interactive Mobile Technologies (iJIM) ◽

10.3991/ijim.v14i09.11548 ◽

2020 ◽

Vol 14 (09) ◽

pp. 61

Author(s):

Abikoye Oluwakemi Christianah ◽

Benjamin Aruwa Gyunka ◽

Akande Noah Oluwatobi

Keyword(s):

Random Forest ◽

False Positive ◽

False Positive Rate ◽

True Positive Rate ◽

Ensemble Model ◽

True Positive ◽

Android Malware ◽

Detection Model ◽

Android Malware Detection ◽

Positive Rate

<p>Android operating system has become very popular, with the highest market share, amongst all other mobile operating systems due to its open source nature and users friendliness. This has brought about an uncontrolled rise in malicious applications targeting the Android platform. Emerging trends of Android malware are employing highly sophisticated detection and analysis avoidance techniques such that the traditional signature-based detection methods have become less potent in their ability to detect new and unknown malware. Alternative approaches, such as the Machine learning techniques have taken the lead for timely zero-day anomaly detections. The study aimed at developing an optimized Android malware detection model using ensemble learning technique. Random Forest, Support Vector Machine, and k-Nearest Neighbours were used to develop three distinct base models and their predictive results were further combined using Majority Vote combination function to produce an ensemble model. Reverse engineering procedure was employed to extract static features from large repository of malware samples and benign applications. WEKA 3.8.2 data mining suite was used to perform all the learning experiments. The results showed that Random Forest had a true positive rate of 97.9%, a false positive rate of 1.9% and was able to correctly classify instances with 98%, making it a strong base model. The ensemble model had a true positive rate of 98.1%, false positive rate of 1.8% and was able to correctly classify instances with 98.16%. The finding shows that, although the base learners had good detection results, the ensemble learner produced a better optimized detection model compared with the performances of those of the base learners.</p>

Download Full-text

Detection Performance in a Simulated Real-Time Airborne Reconnaissance Mission

Human Factors The Journal of the Human Factors and Ergonomics Society ◽

10.1177/001872087101300101 ◽

1971 ◽

Vol 13 (1) ◽

pp. 1-9 ◽

Cited By ~ 7

Author(s):

Bernard R. Bernstein

Keyword(s):

Real Time ◽

False Positive ◽

False Positive Rate ◽

Search Time ◽

Detection Performance ◽

Probability Of Detection ◽

Target Type ◽

Cathode Ray Tube ◽

Positive Rate ◽

Background Contrast

The ability of fifty-four subjects to find and designate tactical military targets on a cathode-ray-tube display was evaluated as a function of five experimental variables. Results indicated that probability of detection was sensitive to variations in target type, target-to-background contrast, and image rate of motion, or time available for search. False positive rate was affected only by available search time. Implications of these results for the design of real-time reconnaissance systems are discussed.

Download Full-text

Improving diagnosis of acute appendicitis with atypical findings by Tc-99m HMPAO leukocyte scan

Nuklearmedizin ◽

10.1055/s-0038-1623994 ◽

2002 ◽

Vol 41 (01) ◽

pp. 37-41 ◽

Cited By ~ 3

Author(s):

S. Shung-Shung ◽

S. Yu-Chien ◽

Y. Mei-Due ◽

W. Hwei-Chung ◽

A. Kao

Keyword(s):

Acute Appendicitis ◽

False Positive ◽

False Positive Rate ◽

Accurate Method ◽

Clinical Findings ◽

Pathological Findings ◽

Lower Quadrant ◽

Predictive Values ◽

Positive Rate

Summary Aim: Even with careful observation, the overall false-positive rate of laparotomy remains 10-15% when acute appendicitis was suspected. Therefore, the clinical efficacy of Tc-99m HMPAO labeled leukocyte (TC-WBC) scan for the diagnosis of acute appendicitis in patients presenting with atypical clinical findings is assessed. Patients and Methods: Eighty patients presenting with acute abdominal pain and possible acute appendicitis but atypical findings were included in this study. After intravenous injection of TC-WBC, serial anterior abdominal/pelvic images at 30, 60, 120 and 240 min with 800k counts were obtained with a gamma camera. Any abnormal localization of radioactivity in the right lower quadrant of the abdomen, equal to or greater than bone marrow activity, was considered as a positive scan. Results: 36 out of 49 patients showing positive TC-WBC scans received appendectomy. They all proved to have positive pathological findings. Five positive TC-WBC were not related to acute appendicitis, because of other pathological lesions. Eight patients were not operated and clinical follow-up after one month revealed no acute abdominal condition. Three of 31 patients with negative TC-WBC scans received appendectomy. They also presented positive pathological findings. The remaining 28 patients did not receive operations and revealed no evidence of appendicitis after at least one month of follow-up. The overall sensitivity, specificity, accuracy, positive and negative predictive values for TC-WBC scan to diagnose acute appendicitis were 92, 78, 86, 82, and 90%, respectively. Conclusion: TC-WBC scan provides a rapid and highly accurate method for the diagnosis of acute appendicitis in patients with equivocal clinical examination. It proved useful in reducing the false-positive rate of laparotomy and shortens the time necessary for clinical observation.

Download Full-text

Predicting Fetal Chromosome Anomalies in the First Trimester Using Pregnancy Associated Plasma Protein-A: A Comparison of Statistical Methods

Methods of Information in Medicine ◽

10.1055/s-0038-1634910 ◽

1993 ◽

Vol 32 (02) ◽

pp. 175-179 ◽

Cited By ~ 7

Author(s):

B. Brambati ◽

T. Chard ◽

J. G. Grudzinskas ◽

M. C. M. Macintosh

Keyword(s):

Logistic Regression ◽

General Population ◽

Likelihood Ratio ◽

False Positive ◽

False Positive Rate ◽

Ratio Method ◽

Detection Rates ◽

Gaussian Distributions ◽

Positive Rate ◽

Likelihood Ratio Method

Abstract:The analysis of the clinical efficiency of a biochemical parameter in the prediction of chromosome anomalies is described, using a database of 475 cases including 30 abnormalities. A comparison was made of two different approaches to the statistical analysis: the use of Gaussian frequency distributions and likelihood ratios, and logistic regression. Both methods computed that for a 5% false-positive rate approximately 60% of anomalies are detected on the basis of maternal age and serum PAPP-A. The logistic regression analysis is appropriate where the outcome variable (chromosome anomaly) is binary and the detection rates refer to the original data only. The likelihood ratio method is used to predict the outcome in the general population. The latter method depends on the data or some transformation of the data fitting a known frequency distribution (Gaussian in this case). The precision of the predicted detection rates is limited by the small sample of abnormals (30 cases). Varying the means and standard deviations (to the limits of their 95% confidence intervals) of the fitted log Gaussian distributions resulted in a detection rate varying between 42% and 79% for a 5% false-positive rate. Thus, although the likelihood ratio method is potentially the better method in determining the usefulness of a test in the general population, larger numbers of abnormal cases are required to stabilise the means and standard deviations of the fitted log Gaussian distributions.

Download Full-text