Article Preview
TopWang, Wu, & Hsieh (2009) proposed a support-vector machine (SVM) model for detecting unseen malware. Using static analysis, these authors extracted portable executable (PE) header entries and trained the SVM classifier using selected features. Wang et al.’s classification model detected viruses and worms with considerable accuracy, but the detection accuracy was lower for trojans and backdoors.
Nguyen et al. (2014) integrated an artificial neural network (ANN) with a clonal selection algorithm (CSA) to create a new virus detection approach, which aimed to handle virus detection. In this approach, these authors used some ANNs as the detectors; also, they used the CSA to find the best ANN’s structure and weights. The CSA is used to train a pool of immature detectors for an adaptation with the problem-space. However, the authors had not examined the coverage of the detector, so they obtained many irrelevant detectors and, thereby, a low detection rate.
Shah, Jani, Shetty and Bhowmick (2013) used Fisher score to select best features. By this way, they extracted the PE features and proceeded to use an ANN for classifying. Although their approach could identify unknown virus patterns, they used only one deployed ANN as learning model, which was not efficient in training cost nor in performance for large data.