Intelligent detection computer viruses based on multiple classifiers

In this paper, we generalize the problem of multi-classifiers combination by using modified bagging method to detect previously unknown viruses. The detection engine applies two algorithms, Support Vector Machine and BP neural network to virus detection. For SVM classifier, we extract the feature vector from the API function calls by monitor the programs. And the static feature of program, n-gram, is used in the BP neural network classifier. Finally, the D-S theory of evidence is used to combine the contribution of each individual classifier to give the final decision. Our extensive experiments have shown that the combination approach improves the performance of the individual classifier significantly. It shows that the present method could effectively be used to discriminate normal and abnormal programs.