Behavioral analysis refers to the technique of deciding whether an application is malicious or not, according to what it does. With behavioral analysis research on executables evolving, it is difficult to classify malicious applications and some legal applications called 'gray application', which are classified as malicious sample by 'weak' learners. In theory, boosting can be used to significantly reduce the error of 'weak' learning algorithm that consistently generates classifiers which need only be a little bit better than random guessing. This paper presents an approach based on a new boosting algorithm called AdaBoost, which improves the performance of any 'weak' learning algorithm. Experiment results show that the method has good classification accuracy in experiment data sets.

• 出版日期2008
• 单位合肥工业大学