Apr 24, 2013

Machine Learning for Anti-virus Software

Symantec is the largest anti-virus software vendor. It has 120 million subscribers, who visit 2 billion websites a day and generate 700 billion submissions. Given such a large number of data, it is paramount that an anti-virus software can detect the virus fast and accurately.

Anti-virus software was originally built manually. Security expert review each malware and construct their “signature”. Each computer file is checked against such signatures. Given the rapid change of malware and many variations, there are not enough human experts to generate all the exact signatures. This gives rise to heuristic or generic signatures which can handle more variations of the same file. However, new types of malware are created every day. Thus we need a more adaptive approach to identify malware automatically (without manual effort of creating signatures). This is where machine learning can help.

Computer virus has come a long way. The first virus “creeper” appeared in 1971. Then we have Rabbit or Wabbit. After that came computer worms like “Love Letter” and Nimda. Today computer virus gets much more sophisticated. It evolves much faster and is constantly changing. Virus creation is now funded by organizations and some governments. There is big incentive to steal user financial information or companies’ trade secrets. In addition, malware enables certain governments to conduct spying or potential cyber war on their targets.

Symantec uses about 500 features for their machine learning model. The feature value can be continuous or discrete. Such features include:
How did it come this machine (through browser, email, ..)
How many other files on this machine?
How many clean files on this machine?
Is file packed or obfuscated? (mutated?)
Does it write, communicate?
How often does it run?
Who runs it?

Researchers at Symantec experiment with SVM, decision tree and linear regression models.

In building a classifier, they are not simply optimizing accuracy or true positive rate. They are also concerned false positive instances where a benign software was classified as malware. Such false positive prediction could have high cost for the users. The balance of true positive vs. false positive leads to using ROC (Receiver Operating Characteristic) curve.

An ROC curve plots the trade-off between true positive rate vs. false positive rate. Each point on the curve corresponds to a cutoff we choose. They use ROC curve to select a target point. Below is an illustration of the tradeoff.

The chart above suggests that when we aim for 90% true positive rate, we will have 20% false positive rate. However, when we only aim for 80% true positive rate, the false positive rate be reduced to 20%. (A better classifier could shift the ROC curve up, so that we achieve high true positive rate for any given false positive rate.)

According their researcher, Symantec has achieved high accuracy rate (the average of True positive and true negative rate) at 95%. Its true positive rate is above 98% and its false positive rate is below 1%.

I am a user of Norton software (by Symantec) and enjoy it. I hope to see more success from Symantec and we are winning the war against malware!


  1. We must have read it all about how to keep safe, use this internet security and use that antivirus. but once you are infected with something like a rootkit they won't really do any good job. 

    sheltered your web Browser

  2. The best way to keep your device away from viruses it's to ind anti-virus program related to your requirement.
    Also, you can try to solve problem with your device protection using guides and any simple tool. If you need some such tools to remove virus visit
    and solve your problem.

  3. Can one jailbreak iOS 10 / iOS 10.0.2 / 10.0.1? If not, what is latest on iOS 10 / 10.0.2 jailbreak status for iPhone, iPad and iPod touch devices? you can get answer of this Question as now you can get iOS 10 jailbreak.

  4. The most exceedingly bad part is that PC infection sneaks into your framework with no earlier notice. Thus, the harm brought on is enormous. You ought to make all the fundamental preventive measures to guarantee that there is no possibility of infection in your framework. Nonetheless, regardless of that, your framework can in any case get influenced some of the time. how to remove zepto file virus

  5. good consents that it needs to meet to place in the app. Click on ikodidownload With an even larger display and a couple of added benefits nice.

  6. I’ve been surfing on-line greater than three hours
    as of late, yet I never found any fascinating article like
    yours. It’s pretty worth sufficient for me. In my opinion,
    if all webmasters and bloggers made excellent content material as you did, the net will probably be a lot more useful than ever before.
    My Web : we like to honor numerous other world wide web web pages around the web,
    Penangkal Petir Mueven though they arent linked to us, Penangkal Petir by linking to them.

  7. Real Estate is an old-fashioned band that doesn’t have a predilection for publicity stunts. Frankly, the level of relevance that the band has maintained since it released its debut album in 2009 is amazing. Everything about Real Estate is soft or subtle. And despite being a band that is constantly in flux, with secondary members coming and going, the essence of its sound has persisted — the tinny guitars chords that form helixes in the air, the sentimental spirit and the dreaminess.Lear more:

  8. Of course, Symantec is the largest anti-virus software, but nevertheless, I'd prefer to use another program which is more convenient and free.

  9. You are absolutely right every machine should learn about antivirus. Because when you want to download any genuine software there may be some harmful virus. That's why every machine should know which is genuine software and which is virus. Get xbox live gratuit without any virus here.

  10. Howdy! I could have sworn I’ve visited this blog before but after browsing through some
    of the posts I realized it’s new to me. Nonetheless, I’m definitely happy I found it
    and I’ll be book-marking it and checking back often!

  11. Good day! Would you mind if I share your blog with my myspace group?
    There’s a lot of folks that I think would really
    appreciate your content. Please let me know. Many thanks

  12. My brother recommended I may like this web site. He was once totally right.
    This publish truly made my day. You can not imagine
    just how a lot time I had spent for this information! Thanks!

  13. Hi my family member! I wish to say that this post is awesome, nice written and include
    almost all vital infos. I’d like to look more posts like
    this .

  14. After I originally commented I seem to have clicked on the -Notify me when new comments are added- checkbox and now every time a comment
    is added I recieve 4 emails with the same comment. There has to be an easy method you can remove me from that service?
    Thank you!

  15. Do you have a spam problem on this website; I also am a blogger, and I was wanting to know your situation; many of us
    have developed some nice practices and we are looking to trade methods
    with other folks, why not shoot me an email if interested.

  16. The code for uploading the files running fine I am getting only one issue that after going to the destination location it again creates sub folder in that location and then copy the file.There is multiple folders created. Jual Boneka Wisuda | Jaket Bomber Pria

  17. I love it. I hope that more and more Blogger will use this feature in the future, because it just makes the internet better I think!

    RRB Trivandrum Official Website
    RRB Siliguri Result 2017

  18. This is very nice blog and informative. I have searched many sites but was not able to get information same as your site. I really like the ideas and very intersting to read so much and Please Update and i would love to read more from your site

    Afghanistan vs Ireland 2nd T20 Playing XI, Team Squad
    South Africa Team Squad Players List

  19. Welcome to Dubai Escorts Agency.
    Pakistani Escort In Dubai
    Dubai Escorts
    Call Girls In Dubai
    Indian Escort In Dubai

  20. Indian And Pakistani Escort Girls In Dubai Companions and Elite Sweetheart Experience Administrations.
    Regardless of whether The Model Girls are Really at That Level or Recently Advertised That Way,
    The Fortunate Respectable Who Have This Gigantic Choice of Cute Models.
    Indian Escort In Dubai

  21. This comment has been removed by the author.

  22. That is so good to have the software that can protect your computer.

  23. Useful post. When you want bought argumentative essays by best writers you might also thought about your security. Even if writer writing my review about book or another assignment was tested good protection must help with my thesis paper.

  24. Your blog is one of the best virus removal l blogs I have discovered by far. It made me understand everything I needed to know about internet security.
    antivirus protection

  25. Now that’s what I call a tremendous blog. Beautifully written.
    software development company in delhi

  26. antivirus helps to protect your pc from outside threats

  27. mytectra placement Portal is a Web based portal brings Potentials Employers and myTectra Candidates on a common platform for placement assistance.

  28. At this point in my writing career, I simply want to get more visibility for your writing and I will write for free as long as you are okay with me adding a small author bio section next to each blog post about myself.Thank you, friend! I got A for this essay! I really appreciate that! I will undoubtedly choose you for my paper next time! Best regards.Facebook Video Downloader

  29. So luck to come across your excellent blog. Your blog brings me a great deal of fun.. Good luck with the site. Onsist

  30. website

    Halloween wallpaper & Images are the best way to wish your friend a happy Halloween day.