Boosting training for PDF malware classifier via active learning

Xinxin Wang; Yuanzhang Li; Quanxin Zhang; Xiaohui Kuang

doi:10.1007/978-3-030-37352-8_9

Boosting training for PDF malware classifier via active learning

Xinxin Wang^*, Yuanzhang Li, Quanxin Zhang, Xiaohui Kuang

^*Corresponding author for this work

School of Computer Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Malicious code has been a serious threat in the field of network security. PDF (Portable Document Format) is a widely used file format, and often utilized as a vehicle for malicious behavior. In this paper, machine learning algorithm will be used to detect malicious PDF document, and evaluated on experimental data. The main work of this paper is to implement a malware detection method, which utilizes static pre-processing and machine learning algorithm for classification. During the period of classifying, the differences in structure and content between malicious and benign PDF files will be taken as the classification basis. What’s more, we boost training for the PDF malware classifier via active learning based on mutual agreement analysis. The detector is retrained according to the truth value of the uncertain samples, which can not only reduce the training time consumption of the detector, but also improve the detection performance.

Original language	English
Title of host publication	Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings
Editors	Jaideep Vaidya, Xiao Zhang, Jin Li
Publisher	Springer
Pages	101-110
Number of pages	10
ISBN (Print)	9783030373511
DOIs	https://doi.org/10.1007/978-3-030-37352-8_9
Publication status	Published - 2019
Event	11th International Symposium on Cyberspace Safety and Security, CSS 2019 - Guangzhou, China Duration: 1 Dec 2019 → 3 Dec 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11983 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	11th International Symposium on Cyberspace Safety and Security, CSS 2019
Country/Territory	China
City	Guangzhou
Period	1/12/19 → 3/12/19

Keywords

Active learning
Information security
Malware detection
PDF

Access to Document

10.1007/978-3-030-37352-8_9

Cite this

Wang, X., Li, Y., Zhang, Q., & Kuang, X. (2019). Boosting training for PDF malware classifier via active learning. In J. Vaidya, X. Zhang, & J. Li (Eds.), Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings (pp. 101-110). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11983 LNCS). Springer. https://doi.org/10.1007/978-3-030-37352-8_9

Wang, Xinxin ; Li, Yuanzhang ; Zhang, Quanxin et al. / Boosting training for PDF malware classifier via active learning. Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. editor / Jaideep Vaidya ; Xiao Zhang ; Jin Li. Springer, 2019. pp. 101-110 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{115d2bb9b03c45f29d3b9e16f7bb86ee,

title = "Boosting training for PDF malware classifier via active learning",

abstract = "Malicious code has been a serious threat in the field of network security. PDF (Portable Document Format) is a widely used file format, and often utilized as a vehicle for malicious behavior. In this paper, machine learning algorithm will be used to detect malicious PDF document, and evaluated on experimental data. The main work of this paper is to implement a malware detection method, which utilizes static pre-processing and machine learning algorithm for classification. During the period of classifying, the differences in structure and content between malicious and benign PDF files will be taken as the classification basis. What{\textquoteright}s more, we boost training for the PDF malware classifier via active learning based on mutual agreement analysis. The detector is retrained according to the truth value of the uncertain samples, which can not only reduce the training time consumption of the detector, but also improve the detection performance.",

keywords = "Active learning, Information security, Malware detection, PDF",

author = "Xinxin Wang and Yuanzhang Li and Quanxin Zhang and Xiaohui Kuang",

note = "Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 11th International Symposium on Cyberspace Safety and Security, CSS 2019 ; Conference date: 01-12-2019 Through 03-12-2019",

year = "2019",

doi = "10.1007/978-3-030-37352-8_9",

language = "English",

isbn = "9783030373511",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "101--110",

editor = "Jaideep Vaidya and Xiao Zhang and Jin Li",

booktitle = "Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings",

address = "Germany",

}

Wang, X, Li, Y , Zhang, Q & Kuang, X 2019, Boosting training for PDF malware classifier via active learning. in J Vaidya, X Zhang & J Li (eds), Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11983 LNCS, Springer, pp. 101-110, 11th International Symposium on Cyberspace Safety and Security, CSS 2019, Guangzhou, China, 1/12/19. https://doi.org/10.1007/978-3-030-37352-8_9

Boosting training for PDF malware classifier via active learning. / Wang, Xinxin; Li, Yuanzhang ; Zhang, Quanxin et al.
Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. ed. / Jaideep Vaidya; Xiao Zhang; Jin Li. Springer, 2019. p. 101-110 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11983 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Boosting training for PDF malware classifier via active learning

AU - Wang, Xinxin

AU - Li, Yuanzhang

AU - Zhang, Quanxin

AU - Kuang, Xiaohui

PY - 2019

Y1 - 2019

N2 - Malicious code has been a serious threat in the field of network security. PDF (Portable Document Format) is a widely used file format, and often utilized as a vehicle for malicious behavior. In this paper, machine learning algorithm will be used to detect malicious PDF document, and evaluated on experimental data. The main work of this paper is to implement a malware detection method, which utilizes static pre-processing and machine learning algorithm for classification. During the period of classifying, the differences in structure and content between malicious and benign PDF files will be taken as the classification basis. What’s more, we boost training for the PDF malware classifier via active learning based on mutual agreement analysis. The detector is retrained according to the truth value of the uncertain samples, which can not only reduce the training time consumption of the detector, but also improve the detection performance.

AB - Malicious code has been a serious threat in the field of network security. PDF (Portable Document Format) is a widely used file format, and often utilized as a vehicle for malicious behavior. In this paper, machine learning algorithm will be used to detect malicious PDF document, and evaluated on experimental data. The main work of this paper is to implement a malware detection method, which utilizes static pre-processing and machine learning algorithm for classification. During the period of classifying, the differences in structure and content between malicious and benign PDF files will be taken as the classification basis. What’s more, we boost training for the PDF malware classifier via active learning based on mutual agreement analysis. The detector is retrained according to the truth value of the uncertain samples, which can not only reduce the training time consumption of the detector, but also improve the detection performance.

KW - Active learning

KW - Information security

KW - Malware detection

KW - PDF

UR - http://www.scopus.com/inward/record.url?scp=85078541668&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-37352-8_9

DO - 10.1007/978-3-030-37352-8_9

M3 - Conference contribution

AN - SCOPUS:85078541668

SN - 9783030373511

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 101

EP - 110

BT - Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings

A2 - Vaidya, Jaideep

A2 - Zhang, Xiao

A2 - Li, Jin

PB - Springer

T2 - 11th International Symposium on Cyberspace Safety and Security, CSS 2019

Y2 - 1 December 2019 through 3 December 2019

ER -

Wang X, Li Y , Zhang Q, Kuang X. Boosting training for PDF malware classifier via active learning. In Vaidya J, Zhang X, Li J, editors, Cyberspace Safety and Security - 11th International Symposium, CSS 2019, Proceedings. Springer. 2019. p. 101-110. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-37352-8_9

Boosting training for PDF malware classifier via active learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this