Perceptron-Based Ensembles and Binary Decision Trees for Malware Detection

  • Cristina Vatamanu
  • Doina Cosovan
  • Dragoş Gavriluţ
  • Henri Luchian
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10614)


Nowadays, security researchers witness an exponential growth of the number of malware variants in the wild. On top of this, various advanced techniques like metamorphism, server-side polymorphism, anti-emulation, commercial or custom packing, and so on, are being used in order to evade detection. It is clear that standard detection techniques no longer cope with the ongoing anti-malware fight. This is why machine learning techniques for malware detection are continually being developed and improved. These, however, operate on huge amounts of data and face challenges like finding an equilibrium between the three most desired requirements: low false positive rate, high detection rate, acceptable performance impact. This paper aims to reach this equilibrium by starting with an algorithm which has a zero false positive rate during the training phase and continuing by further improving it, in order to increase the detection rate without significantly altering the low false positive property.


Linear classifier Perceptron Ensemble One side class perceptron Binary decision tree Hybrid methods False positive rate 


  1. 1.
    Altaher, A., Ramadass, S., Ali, A.: Computer virus detection using features ranking and machine learning. J. Appl. Sci. Res. 7(9), 1482–1486 (2011)Google Scholar
  2. 2.
    Crammer, K., Kandola, J.S., Singer, Y.: Online classification on a budget. In: Advances in Neural Information Processing Systems 16 [Neural Information Processing Systems, NIPS 2003, Vancouver and Whistler, British Columbia, Canada, 8–13 December 2003], pp. 225–232 (2003)Google Scholar
  3. 3.
    Freund, Y., Schapire, R.E.: Large margin classification using the perceptron algorithm. Mach. Learn. 37(3), 277–296 (1999)CrossRefzbMATHGoogle Scholar
  4. 4.
    Gavrilut, D., Benchea, R., Vatamanu, C.: Optimized zero false positives perceptron training for malware detection. In: 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2012, Timisoara, Romania, 26–29 September 2012, pp. 247–253 (2012)Google Scholar
  5. 5.
    Gavrilut, D., Cimpoesu, M., Anton, D., Ciortuz, L.: Malware detection using machine learning. In: Proceedings of the International Multiconference on Computer Science and Information Technology, IMCSIT 2009, Mragowo, Poland, 12–14 October 2009, pp. 735–741 (2009)Google Scholar
  6. 6.
    Kim, H.-C., Pang, S., Je, H.-M., Kim, D., Bang, S.-Y.: Support vector machine ensemble with bagging. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, pp. 397–408. Springer, Heidelberg (2002). doi: 10.1007/3-540-45665-1_31 CrossRefGoogle Scholar
  7. 7.
    Ng, K.L.S., Mishra, S.K.: De novo SVM classification of precursor microRNAs from genomic pseudo hairpins using global and intrinsic folding measures. Bioinform./Comput. Appl. Biosci. 23(11), 1321–1330 (2007)Google Scholar
  8. 8.
    Lu, Y.-B., Din, S.-C., Zheng, C.-F., Gao, B.-J.: Using multi-feature and classifier ensembles to improve malware detection. J. C.C.I.T. 39(2), 57–72 (2010)Google Scholar
  9. 9.
    Menahem, E., Shabtai, A., Rokach, L., Elovici, Y.: Improving malware detection by applying multi-inducer ensemble. Comput. Stat. Data Anal. 53(4), 1483–1494 (2009)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Ozdemir, M., Sogukpinar, I.: An android malware detection architecture based on ensemble learning. Trans. Mach. Learn. Artif. Intell. 2(3), 90–106 (2014)CrossRefGoogle Scholar
  11. 11.
    Rosenblatt, F.: The perceptron: a probabilistic model for information storage and organization in the brain. Psychol. Rev. 65(6), 386 (1958)CrossRefGoogle Scholar
  12. 12.
    Tretyakov, K.: Machine learning techniques in spam filtering. Data Min. Prob.-Oriented Semin. 3(177), 60–79 (2004)Google Scholar
  13. 13.
    Vatamanu, C., Cosovan, D., Gavriluţ, D., Luchian, H.: A comparative study of malware detection techniques using machine learning methods. Int. J. Comput. Electr. Autom. Control Inf. Eng. 9(5), 1157–1164 (2015)Google Scholar
  14. 14.
    Ye, Y., Chen, L., Wang, D., Li, T., Jiang, Q., Zhao, M.: SBMDS: an interpretable string based malware detection system using SVM ensemble with bagging. J. Comput. Virol. 5(4), 283–293 (2009)CrossRefGoogle Scholar
  15. 15.
    Zhang, B., Yin, J., Hao, J., Zhang, D., Wang, S.: Malicious codes detection based on ensemble learning. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 468–477. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-73547-2_48 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Cristina Vatamanu
    • 1
    • 2
  • Doina Cosovan
    • 1
  • Dragoş Gavriluţ
    • 1
    • 2
  • Henri Luchian
    • 1
  1. 1.Faculty of Computer ScienceAlexandru Ioan Cuza UniversityIaşiRomania
  2. 2.Bitdefender Anti-Malware LaboratoryBucharestRomania

Personalised recommendations