NORMA eResearch @NCI Library

Identification of Key Factors that Influence False Positive Detection & Classification by Anti-Malware Program

Aniekwena, Onyebuchi (2020) Identification of Key Factors that Influence False Positive Detection & Classification by Anti-Malware Program. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
PDF (Master of Science)
Download (558kB) | Preview
[thumbnail of Configuration manual]
PDF (Configuration manual)
Download (622kB) | Preview


False-Positive detection and classification by anti malware product have been a cause of serious concern by sector leaders in the anti-virus program vendors and respective clients. Irrespective of incredible strides achieved by anti-malware program vendors, by proactively utilise machine learning and signatures heuristics pattern to detects and classify suspicious file and URLs links in real-time by anti-malware programs. The effect of constant mutation of recent malware sample, resulting in a high number of False-Positives seem to a portrayed severe question regarding the integrity of the vendor’s product. This paper proposes an anti-malware detection method expected to improve accurate detection and classification accuracy; that reduces the likelihood of False-Positives detection using security scoring system in conjunction with traditional machine learning technologies. Where suspicious MD5 Hash samples submission from Microsoft Yara Hits through MalShare repository were analysed and matched with various hosts to determine Vendors Detection Rate (VDR) used as security score for this study. Experimental result features and metadata acquired are compared in conjunction with classification models to limit False Positive dictation from suspicious samples, thereby creates a more efficient anti-malware program. The study experiments on two well-performing classifications, algorithm K-NN Classifier and Support Vector Machine (SVM) used for classification and regression to determine the accurate classification of malware sample, for effective False-Positive reduction. The findings from False-Positive results indicate that when the file types are compromised, it gives ample room for inaccurate performance in detection and classifications of anti malware programs with the relative change in file size of the sample.
Keywords: Anti-malware, False-Positive, Obfuscation, Malware Detection, & Classification.

Item Type: Thesis (Masters)
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Dan English
Date Deposited: 27 Jan 2021 19:05
Last Modified: 27 Jan 2021 19:05

Actions (login required)

View Item View Item