Machine Learning-based Malicious Adversaries Detection in an Enterprise Environment by Using Open Source Tools
Post on 29-Jul-2015
51 Views
Preview:
DESCRIPTION
Transcript
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Machine Learning-based Malicious AdversariesDetection in an Enterprise Environment by Using Open
Source Tools
Muhammad Najmi Ahmad ZabidiInternational Islamic University Malaysia
MOSC 2012Berjaya Times Square, Kuala Lumpur
9th July 2012
Muhammad Najmi Ahmad Zabidi MOSC 2012 1/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
About
• I am a research grad student at Universiti TeknologiMalaysia, Skudai, Johor Bahru, Malaysia
• My current employer is International Islamic UniversityMalaysia, Kuala Lumpur
• Research area - malware detection, narrowing onWindows executables
• For past few years (since 2003), I am a Subversion(SVN)committer for KDE localization project to Malay language(but now rarely commit.. need a new intern to replace :) )
Muhammad Najmi Ahmad Zabidi MOSC 2012 2/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Computing world as we knew it
• Interconnected machine
• Previously less connected, now ‘‘socialized’’ machines
• Brought real problems to the cyberworld
Muhammad Najmi Ahmad Zabidi MOSC 2012 3/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Risks
• Financial lost
• Company/government level espionage
• Privacy breach
Muhammad Najmi Ahmad Zabidi MOSC 2012 4/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Types of adversaries
• Spam
• Scam
• Phishing
• Malware, botnet, rookit etc
• Anything else?
Muhammad Najmi Ahmad Zabidi MOSC 2012 5/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Spam
• Annoying
• Productivity wasted in unneccesary file deletion
• Difficult to find important email - extreme case
Muhammad Najmi Ahmad Zabidi MOSC 2012 6/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Spam
• Annoying
• Productivity wasted in unneccesary file deletion
• Difficult to find important email - extreme case
Muhammad Najmi Ahmad Zabidi MOSC 2012 6/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Spam
• Annoying
• Productivity wasted in unneccesary file deletion
• Difficult to find important email - extreme case
Muhammad Najmi Ahmad Zabidi MOSC 2012 6/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Spam
• Annoying
• Productivity wasted in unneccesary file deletion
• Difficult to find important email - extreme case
Muhammad Najmi Ahmad Zabidi MOSC 2012 6/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Scam
• Preying on naive victims
• Sounds to good to be true, but still some people believed
• Organized crime/syndicate... with mules cooperating
Muhammad Najmi Ahmad Zabidi MOSC 2012 7/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Scam
• Preying on naive victims
• Sounds to good to be true, but still some people believed
• Organized crime/syndicate... with mules cooperating
Muhammad Najmi Ahmad Zabidi MOSC 2012 7/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Scam
• Preying on naive victims
• Sounds to good to be true, but still some people believed
• Organized crime/syndicate... with mules cooperating
Muhammad Najmi Ahmad Zabidi MOSC 2012 7/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Scam
• Preying on naive victims
• Sounds to good to be true, but still some people believed
• Organized crime/syndicate... with mules cooperating
Muhammad Najmi Ahmad Zabidi MOSC 2012 7/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Phishing
• Almost similar with scam, but different tactic
• More sophisticated, but does not need mule/physicalmeetup
• Main purpose to gain important details - online bankinglogin name, password hence access to the victim’saccount
• More secure to the criminal
Muhammad Najmi Ahmad Zabidi MOSC 2012 8/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Phishing
• Almost similar with scam, but different tactic
• More sophisticated, but does not need mule/physicalmeetup
• Main purpose to gain important details - online bankinglogin name, password hence access to the victim’saccount
• More secure to the criminal
Muhammad Najmi Ahmad Zabidi MOSC 2012 8/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Phishing
• Almost similar with scam, but different tactic
• More sophisticated, but does not need mule/physicalmeetup
• Main purpose to gain important details - online bankinglogin name, password hence access to the victim’saccount
• More secure to the criminal
Muhammad Najmi Ahmad Zabidi MOSC 2012 8/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Phishing
• Almost similar with scam, but different tactic
• More sophisticated, but does not need mule/physicalmeetup
• Main purpose to gain important details - online bankinglogin name, password hence access to the victim’saccount
• More secure to the criminal
Muhammad Najmi Ahmad Zabidi MOSC 2012 8/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Phishing
• Almost similar with scam, but different tactic
• More sophisticated, but does not need mule/physicalmeetup
• Main purpose to gain important details - online bankinglogin name, password hence access to the victim’saccount
• More secure to the criminal
Muhammad Najmi Ahmad Zabidi MOSC 2012 8/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Malware
• Safely to say,coverstrojan,virus,dialers,rabbits,worms,rootkit(bundlednowadays)
• Already infecting computers since 1980s, threat is moreobvious when the Internet is coming in
• Attacking any operating system, Linux, Windows, Mac...even Android phones
Muhammad Najmi Ahmad Zabidi MOSC 2012 9/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Malware
• Safely to say,coverstrojan,virus,dialers,rabbits,worms,rootkit(bundlednowadays)
• Already infecting computers since 1980s, threat is moreobvious when the Internet is coming in
• Attacking any operating system, Linux, Windows, Mac...even Android phones
Muhammad Najmi Ahmad Zabidi MOSC 2012 9/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Malware
• Safely to say,coverstrojan,virus,dialers,rabbits,worms,rootkit(bundlednowadays)
• Already infecting computers since 1980s, threat is moreobvious when the Internet is coming in
• Attacking any operating system, Linux, Windows, Mac...even Android phones
Muhammad Najmi Ahmad Zabidi MOSC 2012 9/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Malware
• Safely to say,coverstrojan,virus,dialers,rabbits,worms,rootkit(bundlednowadays)
• Already infecting computers since 1980s, threat is moreobvious when the Internet is coming in
• Attacking any operating system, Linux, Windows, Mac...even Android phones
Muhammad Najmi Ahmad Zabidi MOSC 2012 9/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Problems with adversaries detection
• Some manually crafted, some automated
• React relatively fast, difficult to trace
• Too many (for example, spam) hence too time consumingfor manual work
Muhammad Najmi Ahmad Zabidi MOSC 2012 10/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
In house analysis
• Given enough expertise, in house analysis could be useful
• Maintaining reputation, having own group of analysts tohandle incidents
• Try minimize costs, use open source tools wheneverpossible
Muhammad Najmi Ahmad Zabidi MOSC 2012 11/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Machine Learning
• Associated with the Artificial Intelligence
• Mimicking human (brain) learning
• Learns through experience
• Deals with known and unknown patterns
• Overlapping (or somehow originated) with Data Mining,Pattern Recognition
Muhammad Najmi Ahmad Zabidi MOSC 2012 12/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification Clustering
Deals with known data Deals with unknown data
Supervised learning Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005] Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification
Clustering
Deals with known data Deals with unknown data
Supervised learning Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005] Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification
Clustering
Deals with known data
Deals with unknown data
Supervised learning Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005] Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification
Clustering
Deals with known data
Deals with unknown data
Supervised learning
Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005] Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification
Clustering
Deals with known data
Deals with unknown data
Supervised learning
Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005] Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification
Clustering
Deals with known data
Deals with unknown data
Supervised learning
Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005]
Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification Clustering
Deals with known data
Deals with unknown data
Supervised learning
Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005]
Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification Clustering
Deals with known data Deals with unknown data
Supervised learning
Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005]
Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification Clustering
Deals with known data Deals with unknown data
Supervised learning Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005]
Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification Clustering
Deals with known data Deals with unknown data
Supervised learning Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005]
Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Table 1: Differences between clustering and classification
Classification Clustering
Deals with known data Deals with unknown data
Supervised learning Unsupervised learning
Popular algorithms includes:
• Random Forest
• Neural Networks
• k-Nearest Neighbor
• Decision Trees
Popular algorithms includes:
• K-means
• Fuzzy C
• Gaussian
Predictive [Tan et al., 2005] Descriptive [Tan et al., 2005]
Muhammad Najmi Ahmad Zabidi MOSC 2012 13/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
What to look?
• We look for patterns
• In some case, have the spam,phishing mails corpus ready
• We call these patterns as ‘‘features’’
Muhammad Najmi Ahmad Zabidi MOSC 2012 14/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Spam/scam
• The language that being used
• Perhaps words like ‘‘You have won GBP100,000,000’’notification through emails
• Spam bombarded emails, some might be true businesses,but irresistable to handle.
• Scam, asking people to bank in money for untruthfulreasons
Muhammad Najmi Ahmad Zabidi MOSC 2012 15/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Phishing mails
• Look for URL
• Current effort for example by PhishTank is done by usingpublic submission and (I believe) manual verification
Muhammad Najmi Ahmad Zabidi MOSC 2012 16/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Malware
• Researchers tend to look on the ApplicationProgramming Interface (API) calls, some on the opcodes
• Analysis done either by using static or dynamic analysis
Muhammad Najmi Ahmad Zabidi MOSC 2012 17/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Categories
Some example
Figure 1: Automated classification proposed by [Rieck et al., 2009]
Muhammad Najmi Ahmad Zabidi MOSC 2012 18/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
The datasets
• Spam email research is already quite sometimescompared to the other (phishing)
• Sample dataset:• http://csmining.org/index.php/spam-email-datasets-.html• http://archive.ics.uci.edu/ml/datasets/Spambase
• Scam email somehow very much associated with spam,since it is unwanted email. Might as well beingcategorized as ‘‘sub-spam’’
• Phishing emails samples:• Sample dataset:
• http://phishtank.com
Muhammad Najmi Ahmad Zabidi MOSC 2012 19/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
Feature Selection/Extraction
• When analyzing, we’re interested with features• What kind of feature?
• Important keywords, strong features• Non important features will be phased out.. unneccesary• Some features might be redundant
Muhammad Najmi Ahmad Zabidi MOSC 2012 20/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
• There are algorithms which meant for this:• Information Gain• Support Vector Machine (SVM)• other... some maybe hybrid algoritms(combining several
algorithms altogether) - also known as ensemble
Muhammad Najmi Ahmad Zabidi MOSC 2012 21/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
List of tools
• Weka
• R language
• Octave (as replacement for Matlab)
• Python Sci-py with Matplotlib
Muhammad Najmi Ahmad Zabidi MOSC 2012 22/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
List of tools
• Weka
• R language
• Octave (as replacement for Matlab)
• Python Sci-py with Matplotlib
Muhammad Najmi Ahmad Zabidi MOSC 2012 22/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
List of tools
• Weka
• R language
• Octave (as replacement for Matlab)
• Python Sci-py with Matplotlib
Muhammad Najmi Ahmad Zabidi MOSC 2012 22/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
List of tools
• Weka
• R language
• Octave (as replacement for Matlab)
• Python Sci-py with Matplotlib
Muhammad Najmi Ahmad Zabidi MOSC 2012 22/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
List of tools
• Weka
• R language
• Octave (as replacement for Matlab)
• Python Sci-py with Matplotlib
Muhammad Najmi Ahmad Zabidi MOSC 2012 22/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Figure 2: Weka
Muhammad Najmi Ahmad Zabidi MOSC 2012 23/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Weka
• Obtained data are in numbers and visualizations
• Need to do some reading on how to interpret them
• Test with different algorithms to get the best results
Muhammad Najmi Ahmad Zabidi MOSC 2012 24/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
R language
• No merely a tool, but a language by itself
• Usually being used by data analysts
Muhammad Najmi Ahmad Zabidi MOSC 2012 25/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Figure 3: These books use R language for their analysis purposes
Muhammad Najmi Ahmad Zabidi MOSC 2012 26/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Octave
• Octave is an open source alternative for Matlab (MATrixLABoratory)
• Works almost similar like Matlab does
Muhammad Najmi Ahmad Zabidi MOSC 2012 27/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Figure 4: Octave also has GUI, QtOctave - discontinued
Muhammad Najmi Ahmad Zabidi MOSC 2012 28/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Python Scipy
#!/usr/bin/env python"""Example: simple line plot.Show how to make and save a simple lineplot with labels, title and grid"""import numpyimport pylab
t = numpy.arange(0.0, 1.0+0.01, 0.01)s = numpy.cos(2*2*numpy.pi*t)pylab.plot(t, s)
pylab.xlabel(’time (s)’)pylab.ylabel(’voltage (mV)’)pylab.title(’About as simple as it gets,folks’)pylab.grid(True)pylab.savefig(’simple_plot’)
pylab.show()
Muhammad Najmi Ahmad Zabidi MOSC 2012 29/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
WekaR languageOctavePython Scipy
Muhammad Najmi Ahmad Zabidi MOSC 2012 30/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
The flow
Feature Selection Feature Categorization
Clustering Classification
Visualization
Weka,Octave,R
scipy, octave,R
Weka,Octave,R
scipy, octave,R
Muhammad Najmi Ahmad Zabidi MOSC 2012 31/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Conclusion
• Malicious/unwanted threats from spam, scam, phishingand malware is not easy
• Perhaps one sample could be done by hands, but havingthousands per day is tedious
• Machine learning assist in automation
• Open source provides alternative (free as in minimal cost)for the analysis
• In house analysis provides security in anorganization/enterprise reputation
Muhammad Najmi Ahmad Zabidi MOSC 2012 32/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Conclusion
• Malicious/unwanted threats from spam, scam, phishingand malware is not easy
• Perhaps one sample could be done by hands, but havingthousands per day is tedious
• Machine learning assist in automation
• Open source provides alternative (free as in minimal cost)for the analysis
• In house analysis provides security in anorganization/enterprise reputation
Muhammad Najmi Ahmad Zabidi MOSC 2012 32/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Conclusion
• Malicious/unwanted threats from spam, scam, phishingand malware is not easy
• Perhaps one sample could be done by hands, but havingthousands per day is tedious
• Machine learning assist in automation
• Open source provides alternative (free as in minimal cost)for the analysis
• In house analysis provides security in anorganization/enterprise reputation
Muhammad Najmi Ahmad Zabidi MOSC 2012 32/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Conclusion
• Malicious/unwanted threats from spam, scam, phishingand malware is not easy
• Perhaps one sample could be done by hands, but havingthousands per day is tedious
• Machine learning assist in automation
• Open source provides alternative (free as in minimal cost)for the analysis
• In house analysis provides security in anorganization/enterprise reputation
Muhammad Najmi Ahmad Zabidi MOSC 2012 32/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Conclusion
• Malicious/unwanted threats from spam, scam, phishingand malware is not easy
• Perhaps one sample could be done by hands, but havingthousands per day is tedious
• Machine learning assist in automation
• Open source provides alternative (free as in minimal cost)for the analysis
• In house analysis provides security in anorganization/enterprise reputation
Muhammad Najmi Ahmad Zabidi MOSC 2012 32/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Conclusion
• Malicious/unwanted threats from spam, scam, phishingand malware is not easy
• Perhaps one sample could be done by hands, but havingthousands per day is tedious
• Machine learning assist in automation
• Open source provides alternative (free as in minimal cost)for the analysis
• In house analysis provides security in anorganization/enterprise reputation
Muhammad Najmi Ahmad Zabidi MOSC 2012 32/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Get in touch!
najmi.zabidi @ gmail.comhttp://mypacketstream.blogspot.com
This slides was created with LATEX Beamer
Muhammad Najmi Ahmad Zabidi MOSC 2012 33/34
IntroThe issues in general
MotivationSolution
ExperimentsToolseof()
FlowchartConclusion
Bibliography
Rieck, K., Trinius, P., Willems, C., and Holz, T. (2009).
Automatic analysis of malware behavior using machine learning.TU, Professoren der Fak. IV.
Tan, P.-N., Steinbach, M., and Kumar, V. (2005).
Introduction to Data Mining, (First Edition).Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
Muhammad Najmi Ahmad Zabidi MOSC 2012 34/34
top related