ABSTRACT
This chapter covers two very different security-related applications of support vector machines (SVM). First, it applies SVMs to the problem of malware detection, where one can use an SVM to generate a classification based on three distinct malware scores. Second, it shows that the SVM generally outperforms each of the three individual scores, and the improvement is largest in most challenging cases. Finally, it turns attention to the use of SVMs for image spam detection. The chapter considers the use of an SVM as a "meta-score" for malware, that is, one can use the SVM to generate classification based on a set of scores. Beyond elementary signature detection, most malware scoring techniques fit into one of the following three broad categories: Statistical-based, Structural-based and Graph-based. Examples of statistical-based scores include those that rely on HMMs and simple substitution distance (SSD). Examples of graph-based scores include the opcode graph similarity (OGS) score considered in and the function call graph score in.
