Minimize resources for spam detection
Minimize resources for spam detection
Abstract
Annotation. Protection of computer systems from malicious software is considered. As a tool for
detecting threats, the solution of the recognition problem with non-overlapping classes by precedents is
used. Resource minimization is performed by selection of training sample. During the selection, noise
objects are removed and the problem of the minimum coverage of the sample with standards is solved. As
additional information about the sample, it is proposed to use indicators of two measures of compactness.
The values of these measures reflect the variety of relationships between objects that depend on metrics,
linear and nonlinear transformations of features and the scale of their measurements, the dimension of
space. First measure is an indicator of the connectivity of class objects, the second is the generalizing
ability of recognition algorithms. To determine the generalizing ability of algorithms, it is proposed to use
a measure calculated by the number of removed noise objects and minimum coverage standards. The
effectiveness of detecting threats from malicious software was demonstrated on a sample of 4595 objects.
References
Shibaeva T.A., Ogolyuk A.A., Sheglov A.Yu. Protection against the introduction and launch of malware. // Information security issues , 2011. T. 11. №2. P. 26–30.
NovikovE.A., KrasnopevsevA.A. Comparativea nalysis of intrusion detection methods.// Information technology security ., 2012. №2. P. 47-50.
Ignat‘ev N.A. Structure Choice for Relations between Objects in Metric Classification Algorithms // Pattern Recognition and Image Analysis. 2018. V. 28. №4. P. 590–597.
