TY - GEN
T1 - Training a multi-criteria decision system and application to the detection of PHP webshells
AU - Croix, Alexandre
AU - Debatty, Thibault
AU - Mees, Wim
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - In this paper we present an algorithm designed to train a multi-criteria decision system. This kind of system is very important and used a lot in different military fields and, particularly in cyber-defense. We developed this algorithm to be used with different multi-agent detection systems. The MASFAD system is a typical example [1]. It is a multi-agent system for Advanced Persistent Threat (APT) detection. In this paper we compare different optimization methods for learning Weighted Ordered Weighted Averaging (WOWA) coefficients in order to perform a binary classification. The WOWA function is an aggregation function that is a generalization of OrderedWeighted Averaging (OWA) and the Weighted mean. The WOWA operator combines both of their advantages The learning part is based on a Genetic Algorithm and uses a training dataset. We perform a complete parameter study and we determine the efficiency of our model by evaluating the performance during the classification of different PHP files as webshells or normal files. These PHP files were previously analyzed by a program developed at the Royal Military Academy. We obtain very accurate results and a good stability during the decision process. This system could be used in a lot of different fields.
AB - In this paper we present an algorithm designed to train a multi-criteria decision system. This kind of system is very important and used a lot in different military fields and, particularly in cyber-defense. We developed this algorithm to be used with different multi-agent detection systems. The MASFAD system is a typical example [1]. It is a multi-agent system for Advanced Persistent Threat (APT) detection. In this paper we compare different optimization methods for learning Weighted Ordered Weighted Averaging (WOWA) coefficients in order to perform a binary classification. The WOWA function is an aggregation function that is a generalization of OrderedWeighted Averaging (OWA) and the Weighted mean. The WOWA operator combines both of their advantages The learning part is based on a Genetic Algorithm and uses a training dataset. We perform a complete parameter study and we determine the efficiency of our model by evaluating the performance during the classification of different PHP files as webshells or normal files. These PHP files were previously analyzed by a program developed at the Royal Military Academy. We obtain very accurate results and a good stability during the decision process. This system could be used in a lot of different fields.
KW - Webshell
KW - aggregation functions
KW - machine learning
KW - multi-criteria decision
UR - http://www.scopus.com/inward/record.url?scp=85073210149&partnerID=8YFLogxK
U2 - 10.1109/ICMCIS.2019.8842705
DO - 10.1109/ICMCIS.2019.8842705
M3 - Conference contribution
AN - SCOPUS:85073210149
T3 - 2019 International Conference on Military Communications and Information Systems, ICMCIS 2019
BT - 2019 International Conference on Military Communications and Information Systems, ICMCIS 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 International Conference on Military Communications and Information Systems, ICMCIS 2019
Y2 - 14 May 2019 through 15 May 2019
ER -