Show simple item record

dc.contributor.advisorBalakrishan, N
dc.contributor.authorSaradha, R
dc.date.accessioned2018-02-17T20:34:28Z
dc.date.accessioned2018-07-31T05:09:15Z
dc.date.available2018-02-17T20:34:28Z
dc.date.available2018-07-31T05:09:15Z
dc.date.issued2018-02-18
dc.date.submitted2014
dc.identifier.urihttps://etd.iisc.ac.in/handle/2005/3129
dc.identifier.abstracthttp://etd.iisc.ac.in/static/etd/abstracts/3993/G26341-Abs.pdfen_US
dc.description.abstractIn the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families. The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion.en_US
dc.language.isoen_USen_US
dc.relation.ispartofseriesG26341en_US
dc.subjectMalware (Malicious Software)en_US
dc.subjectMalware, Cyber Attacksen_US
dc.subjectMalware Analysisen_US
dc.subjectProfile Hidden Markov Modelsen_US
dc.subjectIntrusion Detection Systemsen_US
dc.subjectData Miningen_US
dc.subjectMalware Classification and Clusteringen_US
dc.subjectMachine Learningen_US
dc.subjectMalware Detectionen_US
dc.subjectCyber Attacksen_US
dc.subjectStream-based Learningen_US
dc.subjectPolymorphic Malware Detectionen_US
dc.subjectHuffman Encodingen_US
dc.subjectStream Algorithmsen_US
dc.subject.classificationComputer Scienceen_US
dc.titleMalware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Settingen_US
dc.typeThesisen_US
dc.degree.nameMSc Enggen_US
dc.degree.levelMastersen_US
dc.degree.disciplineFaculty of Engineeringen_US


Files in this item

This item appears in the following Collection(s)

Show simple item record