Clustering versus SVM for Malware Detection

Author

Usha Narra, San Jose State University

Publication Date

Spring 2015

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Mark Stamp

Second Advisor

Robert Chun

Third Advisor

Fabio Di Troia

Keywords

support vector machines clustering malware detection

Abstract

Previous work has shown that we can effectively cluster certain classes of mal- ware into their respective families. In this research, we extend this previous work to the problem of developing an automated malware detection system. We first compute clusters for a collection of malware families. Then we analyze the effectiveness of clas- sifying new samples based on these existing clusters. We compare results obtained using �-means and Expectation Maximization (EM) clustering to those obtained us- ing Support Vector Machines (SVM). Using clustering, we are able to detect some malware families with an accuracy comparable to that of SVMs. One advantage of the clustering approach is that there is no need to retrain for new malware families.

Recommended Citation

Narra, Usha, "Clustering versus SVM for Malware Detection" (2015). Master's Projects. 405.
DOI: https://doi.org/10.31979/etd.sgwj-a5ab
https://scholarworks.sjsu.edu/etd_projects/405