摘要
近年来,由于机器学习能够很好地解决恶意软件检测问题,因而受到了广泛的关注。为了进一步提高恶意软件的检测性能,将机器学习中的动态集成选择应用到恶意软件检测中。为了满足检测性能和保证检测的实时性需求,在动态集成选择的基础上,提出一种基于聚类的动态集成选择算法CDES(Cluster based Dynamic Ensemble Selection strategy)。该方法首先通过聚类得到多个聚类中心,然后为每一个聚类中心选择一组分类器组成集成分类器。当检测未知样本时,首先找到与该样本最近的聚类中心,那么用于分类该聚类中心的集成分类器就是当前测试样本的集成分类器。最终的检测结果也由这一组分类器通过投票得到。实验中,将所提算法与其他相关算法作比较,实验结果表明所提算法明显优于其他算法。同时,所提算法运行时间远远低于其他算法,可以满足系统的实时性要求。
Recently,as the machine learning can well solve malware detection problem,it has drawn wide attentions. In this paper,for further improving the performance of malware detection,the dynamic ensemble selection(DES) in machine learning technology is applied to malware detection. In order to meet the detection performance and guarantee the real-time requirement of the detection,in this paper we propose a clustering-based dynamic ensemble selection( CDES) algorithm according to dynamic ensemble selection. The algorithm first obtains multiple cluster centres through clustering,and then selects a group of classifiers for each cluster centre to form ensembles classifier.When testing the unknown sample,in the first step it finds the cluster centre which closing the sample the most,thus the ensemble classifier used for classifying that cluster centre will be the one of the testing sample. The final detection result is also determined by this group of classifier through voting. In experiments,we compare the proposed algorithm with other related methods,and the experimental results show that the CDES clearly outperforms other algorithms. Moreover,its computational cost is much lower than other methods as well,and can satisfy the real-time requirement of the system.
出处
《计算机应用与软件》
CSCD
北大核心
2014年第8期317-323,共7页
Computer Applications and Software
关键词
恶意软件
集成学习
动态集成选择
聚类
Malware detection Ensemble learning Dynamic ensemble selection Cluster
