International Business Machines Corporation
System and method for staged ensemble classification

Abstract:

A method for training thresholds controlling data flow in a plurality of cascaded classifiers for classifying malicious software, comprising: in each of a plurality of iterations: computing a set of scores, each for one of a set of threshold sequences, each threshold sequence is a sequence of sets of classifier output thresholds, each set of classifier output thresholds used to control a flow of data from a first cascaded classifier of the plurality of cascaded classifiers to a second cascaded classifier of the plurality of cascaded classifiers, each score computed when classifying, using the respective threshold sequence, each of a plurality of software objects as one of a set of maliciousness classes; computing a set of new threshold sequences by applying a genetic algorithm to the set of threshold sequences and the set of scores; and using the set of new threshold sequences in a consecutive iteration.