Advancing Malware Classification With an Evolving Clustering Method

2018 ◽  
Vol 9 (3) ◽  
pp. 1-12
Author(s):  
Chia-Mei Chen ◽  
Shi-Hao Wang
Keyword(s):  
Intrusion Detection ◽  
Static Analysis ◽  
Intrusion Detection Systems ◽  
Clustering Method ◽  
System Protection ◽  
Detection Systems ◽  
Malware Classification ◽  
Timely Response ◽  
Network Administrators

This article describes how honeypots and intrusion detection systems serve as major mechanisms for security administrators to collect a variety of sample viruses and malware for further analysis, classification, and system protection. However, increased variety and complexity of malware makes the analysis and classification challenging, especially when efficiency and timely response are two contradictory yet equally significant criteria in malware classification. Besides, similarity-based classifications exhibit insufficiency because the mutation and fuzzification of malware exacerbate classification difficulties. In order to improve malware classification speed and attend to mutation, this research proposes the ameliorated progressive classification that integrates static analysis and improved k-means algorithm. This proposed classification aims at assisting network administrators to have a malware classification preprocess and make efficient malware classifications upon the capture of new malware, thus enhancing the defense against malware.

Advancing Malware Classification With an Evolving Clustering Method

2020 ◽  
pp. 1882-1894
Author(s):  
Chia-Mei Chen ◽  
Shi-Hao Wang
Keyword(s):  
Intrusion Detection ◽  
Static Analysis ◽  
Intrusion Detection Systems ◽  
Clustering Method ◽  
System Protection ◽  
Detection Systems ◽  
Malware Classification ◽  
Timely Response ◽  
Network Administrators

This article describes how honeypots and intrusion detection systems serve as major mechanisms for security administrators to collect a variety of sample viruses and malware for further analysis, classification, and system protection. However, increased variety and complexity of malware makes the analysis and classification challenging, especially when efficiency and timely response are two contradictory yet equally significant criteria in malware classification. Besides, similarity-based classifications exhibit insufficiency because the mutation and fuzzification of malware exacerbate classification difficulties. In order to improve malware classification speed and attend to mutation, this research proposes the ameliorated progressive classification that integrates static analysis and improved k-means algorithm. This proposed classification aims at assisting network administrators to have a malware classification preprocess and make efficient malware classifications upon the capture of new malware, thus enhancing the defense against malware.

Current Challenges in Intrusion Detection Systems

2009 ◽  
pp. 458-466
Author(s):  
H. Gunes Kayacik ◽  
A. Nur Zincir-Heywood
Keyword(s):  
Intrusion Detection ◽  
Network Management ◽  
Denial Of Service ◽  
Security Management ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Network Information ◽  
Detection Systems ◽  
Timely Response ◽  
Unauthorized Disclosure

Along with its numerous benefits, the Internet also created numerous ways to compromise the security and stability of the systems connected to it. In 1995, 171 vulnerabilities were reported to CERT/CC © while in 2003, there were 3,784 reported vulnerabilities, increasing to 8,064 in 2006 (CERT/CC©, 2006). Operations, which are primarily designed to protect the availability, confidentiality, and integrity of critical network information systems are considered to be within the scope of security management. Security management operations protect computer networks against denial-of-service attacks, unauthorized disclosure of information, and the modification or destruction of data. Moreover, the automated detection and immediate reporting of these events are required in order to provide the basis for a timely response to attacks (Bass, 2000). Security management plays an important, albeit often neglected, role in network management tasks.

Intrusion Detection Systems

2011 ◽  
pp. 494-499
Author(s):  
H. Gunes Kayacik ◽  
A. Nur Zincir-Heywood ◽  
Malcolm I. Heywood
Keyword(s):  
Intrusion Detection ◽  
Network Management ◽  
Denial Of Service ◽  
Security Management ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Network Information ◽  
Detection Systems ◽  
Timely Response ◽  
Unauthorized Disclosure

Along with its numerous benefits, the Internet also created numerous ways to compromise the security and stability of the systems connected to it. In 2003, 137529 incidents were reported to CERT/CC© while in 1999, there were 9859 reported incidents (CERT/CC©, 2003). Operations, which are primarily designed to protect the availability, confidentiality, and integrity of critical network information systems, are considered to be within the scope of security management. Security management operations protect computer networks against denial-of-service attacks, unauthorized disclosure of information, and the modification or destruction of data. Moreover, the automated detection and immediate reporting of these events are required in order to provide the basis for a timely response to attacks (Bass, 2000). Security management plays an important, albeit often neglected, role in network management tasks.

Disadvantages of Modern Intrusion Detection Systems

2006 ◽  
Vol 65 (10) ◽  
pp. 929-936
Author(s):  
A. V. Agranovskiy ◽  
S. A. Repalov ◽  
R. A. Khadi ◽  
M. B. Yakubets
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Detection Systems
Sign in / Sign up

Export Citation Format

Share Document