Malicious Codes Detection Based on Ensemble Learning

  • Boyun Zhang
  • Jianping Yin
  • Jingbo Hao
  • Dingxing Zhang
  • Shulin Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


As malicious codes become more complex and sophisticated, the scanning detection method is no longer able to detect various forms of viruses effectively. In this paper, we explore solutions based on multiple classifiers fusion and not strictly dependent on certain malicious code. Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the n-gram analysis. After selecting features based on information gain, the probabilistic neural network is used in the process of building and testing the proposed multi-classifiers system. Each one of the individual classifiers is used to produce classification evidences. Then these evidences are combined by the Dempster-Shafer combination rules to form the final classification results for new malicious code. Experimental results produced by the proposed detection engine shows improvement compared to the classification results produced by the individual classifiers.


Information Gain Individual Classifier Probabilistic Neural Network Ensemble Learn Malicious Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kephart, J., Arnold, W.: Automatic Extraction of Computer Virus Signatures. In: Proceedings of the 4th Virus Bulletin International Conference, Abingdon, pp. 178–184 (1994)Google Scholar
  2. 2.
    Lo, R., Levitt, K., Olsson, R.: MCF: A Malicious Code Filter. Computers and Security 14, 541–566 (1995)CrossRefGoogle Scholar
  3. 3.
    Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert 8, 5–6 (1996)CrossRefGoogle Scholar
  4. 4.
    Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the 10th ACM SIG KDD International Conference on Knowledge Discovery and Data Mining, pp. 470–478. ACM Press, New York (2004)CrossRefGoogle Scholar
  5. 5.
    Hansen, L.K., Salamon, P.: Neural network ensembles. IEEE Trans Pattern Anal. 12(10), 993–1001 (1990)CrossRefGoogle Scholar
  6. 6.
    Jurafsky, D., James, H.: Speech and Language Processing. Prentice-Hall, New York (2000)Google Scholar
  7. 7.
    Zhou, Z.H., Wu, J.X., Tang, W.: Ensembling Neural Networks: Many Could be Better than All. Artificial Intelligence 137, 239–263 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Granitto, P.M., Verdes, P.F., Navone, H.D., Ceccatto, H.A.: Aggregation Algorithms for Neural Network Ensemble Construction. In: Werner, B. (ed.) Proceedings of the VII Brazilian Symposium on Neural Networks, pp. 178–183. IEEE Computer Society, Pernambuco (2002)CrossRefGoogle Scholar
  9. 9.
    Breiman, L.: Bagging predictors. Machine Learning 24, 123–140 (1996)zbMATHMathSciNetGoogle Scholar
  10. 10.
    Dempster, A.: Upper and lower probabilities induced by multi-valued mapping. Annals of Mathematical Statistics 2, 325–339 (1967)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Xu, L., Krzyzak, A., Suen, C.: Methods of combining multiple classifiers and their applications to handwritten recognition. IEEE Transactions on Systems, Man and Cybernetics, SMC 22(3), 418–435 (1992)CrossRefGoogle Scholar
  12. 12.
    Orponen, P.: Dempster’s rule of combination is P-complete. Artificial Intelligence 1(2), 245–253 (1990)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Barnett, J.A.: Computational methods for a mathematical theory of evidence. In: Proceedings of 7th Int. Joint Conf. Artificial Intelligence. Vancouver, BC, pp. 868–875 (1981)Google Scholar
  14. 14.
  15. 15.
  16. 16.
    Mathworks (ed.): Neural Network Toolbox User’s Guide (version 4). The Mathworks, Inc. Ntick, Massachussets (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Boyun Zhang
    • 1
    • 2
  • Jianping Yin
    • 1
  • Jingbo Hao
    • 1
  • Dingxing Zhang
    • 1
  • Shulin Wang
    • 1
  1. 1.School of Computer Science, National University of Defense Technology, Changsha 410073P.R. China
  2. 2.Department of Computer Science, Hunan Public Security College, Changsha 410138P.R. China

Personalised recommendations