Research on virus detection technique based on ensemble neural network and SVM

Abstract

Computer viruses have become a serious threat to the information system. Due to the complexity and behavioral uncertainty of virus codes, as well as the emergence of encryption and metamorphic viruses which lead to the ineffectiveness of traditional detection methods, applying artificial intelligence based approach to virus detection has become the focal issue of the current antivirus research. In this paper, we propose a novel approach that introduces ensemble learning into automatic virus detection technique, which is based on the integration of dynamic virus detection and static detection. The detection system utilizes support vector machine (SVM) as member classifier to construct the dynamic behavior model of viruses, and also uses probabilistic neural network (NN) as member classifier for static behavior modeling. Finally, the detection results from all member classifiers are integrated by D–S theory of evidence. The experiments show that the diversity of combining heterogeneous classifiers leads to the great performance improvement of the ensemble method of virus detector. The experimental results show that the proposed approach is very efficient in detecting unknown and metamorphic viruses, and further comparison indicates that its performance is superior to most of the popular commercial antivirus tools.