Combined kNN Classification and Hierarchical Similarity Hash for Fast Malware Detection

Sunoh Choi

doi:10.3390/app10155173

Applied Sciences (Jul 2020)

Combined kNN Classification and Hierarchical Similarity Hash for Fast Malware Detection

Sunoh Choi

Affiliations

Sunoh Choi: Department of Computer Engineering, Honam University, Gwangju 62399, Korea

DOI: https://doi.org/10.3390/app10155173
Journal volume & issue: Vol. 10, no. 15
p. 5173

Abstract

Read online

Every day, hundreds of thousands of new malicious files are created. Existing pattern-based antivirus solutions have difficulty detecting these new malicious files. Artificial intelligence (AI)–based malware detection has been proposed to solve the problem; however, it takes a long time. Similarity hash–based detection has also been proposed; however, it has a low detection rate. To solve these problems, we propose k-nearest-neighbor (kNN) classification for malware detection with a vantage-point (VP) tree using a similarity hash. When we use kNN classification, we reduce the detection time by 67% and increase the detection rate by 25%. With a VP tree using a similarity hash, we reduce the similarity-hash search time by 20%.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords