Toward Robust Classifiers for PDF Malware Detection

Malicious Portable Document Format (PDF) files represent one of the largest threats in the computer security space. Significant research has been done using handwritten signatures and machine learning based on detection via manual feature extraction. These approaches are time consuming, require substantial prior knowledge, and the list of features must be updated with each newly discovered vulnerability individually. In this study, we propose two models for PDF malware detection. The first model is a convolutional neural network (CNN) integrated into a standard deviation based regularization model to detect malicious PDF documents. The second model is a support vector machine (SVM) based ensemble model with three different kernels. The two models were trained and tested on two different datasets. The experimental results show that the accuracy of both models is approximately 100%, and the robustness against evasive samples is excellent. Further, the robustness of the models was evaluated with malicious PDF documents generated using Mimicus. Both models can distinguish the different vulnerabilities exploited in malicious files and achieve excellent performance in terms of generalization ability, accuracy, and robustness.     

Using Object Detection Network for Malware Detection and Identification in Network Traffic Packets

In recent years, the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware. Malware detection has attracted more attention and still faces severe challenges. As malware detection based traditional machine learning relies on exports’ experience to design efficient features to distinguish different malware, it causes bottleneck on feature engineer and is also time-consuming to find efficient features. Due to its promising ability in automatically proposing and selecting significant features, deep learning has gradually become a research hotspot. In this paper, aiming to detect the malicious payload and identify their categories with high accuracy, we proposed a packet-based malicious payload detection and identification algorithm based on object detection deep learning network. A dataset of malicious payload on code execution vulnerability has been constructed under the Metasploit framework and used to evaluate the performance of the proposed malware detection and identification algorithm. The experimental results demonstrated that the proposed object detection network can efficiently find and identify malicious payloads with high accuracy.     

基于Choquet模糊积分SVM集成及其实证研究

为了进一步提高SVM集成的泛化能力,提出了基于Choquet模糊积分的SVMs集成方法,综合考虑各个子SVM输出重要性,避免了现有SVM集成方法中忽略次要信息的问题。应用该方法,以高校的区域经济贡献度为例进行仿真试验,结果表明基于Choquet模糊积分的SVMs集成方法较基于Sugeno模糊积分SVMs集成方法和基于投票策略的SVMs集成方法具有更高的准确性。该方法是可行、有效的,具有一定的推广价值。     

MRI brain image classification—a hybrid approach

The present article proposes a novel computer‐aided diagnosis (CAD) technique for the classification of the magnetic resonance brain images. The current method adopt color converted hybrid clustering segmentation algorithm with hybrid feature selection approach based on IGSFFS (Information gain and Sequential Forward Floating Search) and Multi‐Class Support Vector Machine (MC‐SVM) classifier technique to segregate the magnetic resonance brain images into three categories namely normal, benign and malignant. The proposed hybrid evolutionary segmentation algorithm which is the combination of WFF(weighted firefly) and K‐means algorithm called WFF‐K‐means and modified cuckoo search (MCS) and K‐means algorithm called MCS‐K‐means, which can find better cluster partition in brain tumor datasets and also overcome local optima problems in K‐means clustering algorithm. The experimental results show that the performance of the proposed algorithm is better than other algorithms such as PSO‐K‐means, color converted K‐means, FCM and other traditional approaches. The multiple feature set comprises color, texture and shape features derived from the segmented image. These features are then fed into a MC‐SVM classifier with hybrid feature selection algorithm, trained with data labeled by experts, enabling the detection of brain images at high accuracy levels. The performance of the method is evaluated using classification accuracy, sensitivity, specificity, and receiver operating characteristic (ROC) curves. The proposed method provides highest classification accuracy of greater than 98% with high sensitivity and specificity rates of greater than 95% for the proposed diagnostic model and this shows the promise of the approach. © 2015 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 25, 226–244, 2015     

Performance analysis of EM,SVD, and SVM classifiers in classification of carcinogenic regions of medical images

In this article, the performance analysis of Expectation Maximization (EM), Singular Value Decomposition (SVD), and Support Vector Machines (SVM) classifiers for classification of carcinogenic regions from various medical images is carried out. Cancer detection is one of the critical issues where excessive care needs to be taken for better diagnosis. Any classifier needs to detect the cancer with respect to the efficiency in time of detection and performance. Due to these, three classifiers are selected: Expectation Maximization (EM), Singular Value Decomposition (SVD), and Support Vector Machines (SVM). EM classifier performs as the optimizer and SVD classifier performs as the dual class classifier. SVM classifier is used as both optimizer and classifier for multiclass classification procedure and for wide stage cancer detection procedures. The performance analysis of all the three classifiers are analyzed for a group of 100 cancer patients based on the benchmark parameter such as Performance Measures and Quality Metrics. From the experimental results it is evident, that the SVM classifier significantly outperforms other classifiers in the classification of carcinogenic regions of medical images.     

基于谱聚类下采样失衡数据下SVM故障检测

在故障诊断领域中,对传统支持向量机（SVM）算法在数据失衡情况下无法有效实现故障检测的不足,提出一种基于谱聚类下采样失衡数据下SVM故障检测算法。该算法在核空间中对多数类进行谱聚类,然后选择具有代表意义的信息点,最终实现样本均衡。将该算法应用在轴承故障检测领域,并同其他算法进行比较,试验结果表明本文建议的算法在失衡数据情况下较其他算法具有较强的故障检测性能。     

Diagnosing the variance shifts signal in multivariate process control using ensemble classifiers

Statistical process control charts have been successfully used to monitor process stability in various industries. The need to simultaneously monitor two or more quality characteristics has led to the prevalent adoption of multivariate control charts. However, out-of-control signals in multivariate control charts may be caused by one or more variables, or a set of variables. Therefore, effective quality control requires not only the rapid detection of process fluctuations, but also the correct identification of the variable(s) responsible for those changes. This study approaches the diagnosis of out-of-control signals as a classification task and proposes a support vector machine (SVM)-based ensemble classification model focused on variance shifts in multivariate processes. We address the issues of data diversity and ensemble method in constructing an ensemble model. Simulation results demonstrate the effectiveness of the proposed ensemble classification model in identifying the source of variance change. The proposed method clearly outperforms single classifiers as well as other comparable models including bagging and boosting. The results also reveal that the use of extracted features as input vectors for SVM provides better classification performance than the use of raw data. The proposed SVM-based ensemble classification system provides a reliable tool for the interpretation of out-of-control signals in multivariate process control.     

Investigating driver injury severity patterns in rollover crashes using support vector machine models

Rollover crash is one of the major types of traffic crashes that induce fatal injuries. It is important to investigate the factors that affect rollover crashes and their influence on driver injury severity outcomes. This study employs support vector machine (SVM) models to investigate driver injury severity patterns in rollover crashes based on two-year crash data gathered in New Mexico. The impacts of various explanatory variables are examined in terms of crash and environmental information, vehicle features, and driver demographics and behavior characteristics. A classification and regression tree (CART) model is utilized to identify significant variables and SVM models with polynomial and Gaussian radius basis function (RBF) kernels are used for model performance evaluation. It is shown that the SVM models produce reasonable prediction performance and the polynomial kernel outperforms the Gaussian RBF kernel. Variable impact analysis reveals that factors including comfortable driving environment conditions, driver alcohol or drug involvement, seatbelt use, number of travel lanes, driver demographic features, maximum vehicle damages in crashes, crash time, and crash location are significantly associated with driver incapacitating injuries and fatalities. These findings provide insights for better understanding rollover crash causes and the impacts of various explanatory factors on driver injury severity patterns.     

A structural analysis of benchmarks on different bibliometrical indicators for European research institutes based on their research profile

The present study is part of an ongoing project on clustering European research institutions according to their publication profiles. Using hierarchical clustering eight clusters have been found the optimum solution for the classification. Aim of the present study is a structural analysis for the evaluation of research performance of specialised and multidisciplinary institutions. A breakdown by subject fields is used to characterise field-specific peculiarities of individual clusters by bibliometric indicators and to allow comparison within the same and among different clusters. Finally, benchmarks can then be used to study national research performance on basis of the institutional classification.     

An enhanced approach for the progressive mean control charts

To maintain and improve the quality of the processes, control charts play an important role for reduction of variation. To detect large shifts in the process parameters, Shewhart control charts are commonly applied but for small shifts, exponentially weighted moving averages (EWMA), cumulative sum (CUSUM), double exponentially weighted moving average (DEWMA), double CUSUM, moving average (MA), double moving average (DMA), and progressive mean (PM) control charts, are used. This study proposes double progressive mean (DPM) and optimal DPM control charts to enhance the performance of the PM chart. As the proposed DPM control charts use information sequentially, hence their performance is compared with natural competitors EWMA, CUSUM, DEWMA, double CUSUM, MA, DMA, and PM control charts. Run length and its different properties are evaluated to compare the performance of the proposed charts and counterparts. Results reveal that proposed optimal DPM outperforms the other charts. An example related to voltage on fixed capacitance level is also provided to illustrate the proposed charts.     

Learning methods for melanoma recognition

Melanoma is the most deadly skin cancer. Early diagnosis is a challenge for clinicians. Current algorithms for skin lesions' classification focus mostly on segmentation and feature extraction. This article instead puts the emphasis on the learning process, testing the recognition performance of three different classifiers: support vector machine (SVM), artificial neural network and k‐nearest neighbor. Extensive experiments were run on a database of more than 5000 dermoscopy images. The obtained results show that the SVM approach outperforms the other methods reaching an average recognition rate of 82.5% comparable with those obtained by skilled clinicians. If confirmed, our data suggest that this method may improve classification results of a computer‐assisted diagnosis of melanoma. © 2010 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 20, 316–322, 2010     

Unstructured Oncological Image Cluster Identification Using Improved Unsupervised Clustering Techniques

This paper presents, a new approach of Medical Image Pixels Clustering (MIPC), aims to trace the dissimilar patterns over the Magnetic Resonance (MR) image through the process of automatically identify the appropriate number of distinct clusters based on different improved unsupervised clustering schemes for enrichment, pattern predication and deeper investigation. The proposed MIPC consists of two stages: clustering and validation. In the clustering stage, the MIPC automatically identifies the distinct number of dissimilar clusters over the gray scale MR image based on three different improved unsupervised clustering schemes likely improved Limited Agglomerative Clustering (iLIAC), Dynamic Automatic Agglomerative Clustering (DAAC) and Optimum N-Means (ONM). In the second stage, the performance of MIPC approach is estimated by measuring Intra intimacy and Intra contrast of each individual cluster in the result of MR image based on proposed validation method namely Shreekum Intra Cluster Measure (SICM). Experimental results show that the MIPC approach is better suited for automatic identification of highly relative dissimilar clusters over the MR cancer images with higher Intra closeness and lower Intra contrast based on improved unsupervised clustering schemes.     

Earlier detection of cancer regions from MR image features and SVM classifiers

In this article, we examine the use of several segmentation algorithms for medical image classification. This work detects the cancer region from magnetic resonance (MR) images in earlier stage. This is accomplished in three stages. In first stage, four kinds of region‐based segmentation techniques are used such as K‐means clustering algorithm, expectation–maximization algorithm, partial swarm optimization algorithm, and fuzzy c‐means algorithm. In second stage, 18 texture features are extracting using gray level co‐occurrence matrix (GLCM). In stage three, classification is based on multi‐class support vector machine (SVM) classifier. Finally, the performance analysis of SVM classifier is analyzed using the four types of segmentation algorithm for a group of 200 patients (32—Glioma, 32—Meningioma, 44—Metastasis, 8—Astrocytoma, 72—Normal). The experimental results indicate that EM is an efficient segmentation method with 100% accuracy. In SVM, quadratic and RBF (σ = 0.5) kernel methods provide the highest classification accuracy compared to all other SVM kernel methods. © 2016 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 26, 196–208, 2016     

Robust Attack Detection Approach for IIoT Using Ensemble Classifier

Generally, the risks associated with malicious threats are increasing for the Internet of Things (IoT) and its related applications due to dependency on the Internet and the minimal resource availability of IoT devices. Thus, anomaly-based intrusion detection models for IoT networks are vital. Distinct detection methodologies need to be developed for the Industrial Internet of Things (IIoT) network as threat detection is a significant expectation of stakeholders. Machine learning approaches are considered to be evolving techniques that learn with experience, and such approaches have resulted in superior performance in various applications, such as pattern recognition, outlier analysis, and speech recognition. Traditional techniques and tools are not adequate to secure IIoT networks due to the use of various protocols in industrial systems and restricted possibilities of upgradation. In this paper, the objective is to develop a two-phase anomaly detection model to enhance the reliability of an IIoT network. In the first phase, SVM and Naïve Bayes, are integrated using an ensemble blending technique. K-fold cross-validation is performed while training the data with different training and testing ratios to obtain optimized training and test sets. Ensemble blending uses a random forest technique to predict class labels. An Artificial Neural Network (ANN) classifier that uses the Adam optimizer to achieve better accuracy is also used for prediction. In the second phase, both the ANN and random forest results are fed to the model’s classification unit, and the highest accuracy value is considered the final result. The proposed model is tested on standard IoT attack datasets, such as WUSTL_IIOT-2018, N_BaIoT, and Bot_IoT. The highest accuracy obtained is 99%. A comparative analysis of the proposed model using state-of-the-art ensemble techniques is performed to demonstrate the superiority of the results. The results also demonstrate that the proposed model outperforms traditional techniques and thus improves the reliability of an IIoT network.     

Optimal Bottleneck-Driven Deep Belief Network Enabled Malware Classification on IoT-Cloud Environment

Cloud Computing (CC) is the most promising and advanced technology to store data and offer online services in an effective manner. When such fast evolving technologies are used in the protection of computer-based systems from cyberattacks, it brings several advantages compared to conventional data protection methods. Some of the computer-based systems that effectively protect the data include Cyber-Physical Systems (CPS), Internet of Things (IoT), mobile devices, desktop and laptop computer, and critical systems. Malicious software (malware) is nothing but a type of software that targets the computer-based systems so as to launch cyber-attacks and threaten the integrity, secrecy, and accessibility of the information. The current study focuses on design of Optimal Bottleneck driven Deep Belief Network-enabled Cybersecurity Malware Classification (OBDDBN-CMC) model. The presented OBDDBN-CMC model intends to recognize and classify the malware that exists in IoT-based cloud platform. To attain this, Z-score data normalization is utilized to scale the data into a uniform format. In addition, BDDBN model is also exploited for recognition and categorization of malware. To effectually fine-tune the hyperparameters related to BDDBN model, Grasshopper Optimization Algorithm (GOA) is applied. This scenario enhances the classification results and also shows the novelty of current study. The experimental analysis was conducted upon OBDDBN-CMC model for validation and the results confirmed the enhanced performance of OBDDBN-CMC model over recent approaches.     

Impact of Portable Executable Header Features on Malware DetectionAccuracy

One aspect of cybersecurity, incorporates the study of Portable Executables (PE) files maleficence. Artificial Intelligence (AI) can be employed in such studies, since AI has the ability to discriminate benign from malicious files. In this study, an exclusive set of 29 features was collected from trusted implementations, this set was used as a baseline to analyze the presented work in this research. A Decision Tree (DT) and Neural Network Multi-Layer Perceptron (NN-MLPC) algorithms were utilized during this work. Both algorithms were chosen after testing a few diverse procedures. This work implements a method of subgrouping features to answer questions such as, which feature has a positive impact on accuracy when added? Is it possible to determine a reliable feature set to distinguish a malicious PE file from a benign one? when combining features, would it have any effect on malware detection accuracy in a PE file? Results obtained using the proposed method were improved and carried few observations. Generally, the obtained results had practical and numerical parts, for the practical part, the number of features and which features included are the main factors impacting the calculated accuracy, also, the combination of features is as crucial in these calculations. Numerical results included, finding accuracies with enhanced values, for example, NN_MLPC attained 0.979 and 0.98; for DT an accuracy of 0.9825 and 0.986 was attained.     

Failure and reliability prediction by support vector machines regression of time series data

Support Vector Machines (SVMs) are kernel-based learning methods, which have been successfully adopted for regression problems. However, their use in reliability applications has not been widely explored. In this paper, a comparative analysis is presented in order to evaluate the SVM effectiveness in forecasting time-to-failure and reliability of engineered components based on time series data. The performance on literature case studies of SVM regression is measured against other advanced learning methods such as the Radial Basis Function, the traditional MultiLayer Perceptron model, Box-Jenkins autoregressive-integrated-moving average and the Infinite Impulse Response Locally Recurrent Neural Networks. The comparison shows that in the analyzed cases, SVM outperforms or is comparable to other techniques.     

Adaptation of Vehicular Ad hoc Network Clustering Protocol for Smart Transportation

Clustering algorithms optimization can minimize topology maintenance overhead in large scale vehicular Ad hoc networks (VANETs) for smart transportation that results from dynamic topology, limited resources and non-centralized architecture. The performance of a clustering algorithm varies with the underlying mobility model to address the topology maintenance overhead issue in VANETs for smart transportation. To design a robust clustering algorithm, careful attention must be paid to components like mobility models and performance objectives. A clustering algorithm may not perform well with every mobility pattern. Therefore, we propose a supervisory protocol (SP) that observes the mobility pattern of vehicles and identifies the realistic Mobility model through microscopic features. An analytical model can be used to determine an efficient clustering algorithm for a specific mobility model (MM). SP selects the best clustering scheme according to the mobility model and guarantees a consistent performance throughout VANET operations. The simulation has performed in three parts that is the central part simulation for setting up the clustering environment, In the second part the clustering algorithms are tested for efficiency in a constrained atmosphere for some time and the third part represents the proposed scheme. The simulation results show that the proposed scheme outperforms clustering algorithms such as honey bee algorithm-based clustering and memetic clustering in terms of cluster count, re-affiliation rate, control overhead and cluster lifetime.     

Using support vector machine models for crash injury severity analysis

The study presented in this paper investigated the possibility of using support vector machine (SVM) models for crash injury severity analysis. Based on crash data collected at 326 freeway diverge areas, a SVM model was developed for predicting the injury severity associated with individual crashes. An ordered probit (OP) model was also developed using the same dataset. The research team compared the performance of the SVM model and the OP model. It was found that the SVM model produced better prediction performance for crash injury severity than did the OP model. The percent of correct prediction for the SVM model was found to be 48.8%, which was higher than that produced by the OP model (44.0%). Even though the SVM model may suffer from the multi-class classification problem, it still provides better prediction results for small proportion injury severities than the OP model does.