11 4 ��; Worm signature if �� 1 7 [90] 0 a 1 [60] ��R4:

11..4..��; Worm signature if ��..1..7..[90]..0..a..1..[60]..��R4: Virus signature if ��..2..1..2..��R5: Virus signature if ��..[6e]8c5..757..��; Worm signature if ��..3..��4. Discussion of ResultsTable 3 indicates that the mode of representation affects both unaligned and doubly aligned sequences. The two-layer perceptron performs best on the unaligned sequences (0.562) and Naive Bayes selleck chemical Cisplatin on aligned sequences (0.983) in terms of accuracy. There are major improvements in the results for double aligned sequences, irrespective of representation. The perfect accuracy returned by perceptrons and Naive Bayes on R4 indicates that the insertion of gaps (coded as W and Y) has allowed these two techniques, which use the information present in all attributes including gaps, to distinguish between doubly aligned worm and virus signatures.

That is, these two techniques found sufficient information in combinations of attributes (weighted in the case of perceptrons, frequency of occurrence in the case of Naive Bayes) to classify perfectly. J48, however, looks for minimal and selective attributes that distinguish between the two classes. Its performance across all five representations (0.905 average accuracy) is still a major improvement in comparison to unaligned performance (0.527). Across the three machine learning algorithms, R5 was best for accuracy and specificity (0.98 and 0.994, resp.), and R3 for sensitivity (0.978). When R1 was used with 60 virus and 60 worm signatures, the metasignatures ��..1..b3..4..0..1..1(/c)..1..�� for virus and ��..0..2..83(/0)e.. 7..0..f..6(/c)fa(/0)3(/c).

.�� were reported [42]. The results above indicate that the choice of alignment method and use of substation matrix can affect the metasignatures extracted. R1 appears to be best for extracting metasignatures for both virus and worms in terms of information contained in the patterns, followed by R2 and R4 for worm metasignatures only and R5 for virus signatures only. The metasignature for virus using R5 (��..[6e]8c5..757..��) in particular contains a number of contiguous hexadecimal characters (no gaps) that could be useful for future AVS to help distinguish viral malware from nonmalware. 5. ConclusionsThe results indicate that aligning computer virus and worm signatures using multiple alignment techniques leads to improved classification accuracy using the techniques described in this paper.

While the differences GSK-3 in representation are reflected to some extent in classification accuracy after alignment, there is a difference when PRISM is used, with R1 producing more informative metasignatures for both virus and worm. The method of converting malware hexadecimal signatures to residue representation has been clearly demonstrated to affect learning and the motifs extracted. More work is required to determine the tradeoff between representations and richness or usefulness of motifs extracted.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>