Hash-Grams: Faster N-Gram Features for Classification and Malware Detection

Thumbnail Image

Files

hash-grams-faster.pdf (587.08 KB)

Links to Files

http://www.edwardraff.com/publications/hash-grams-faster.pdf

Permanent Link

https://doi.org/10.1145/3209280.3229085
 http://hdl.handle.net/11603/11343

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2018

Type of Work

conference paper
Text

Department

Program

Citation of Original Publication

Edward Raff and Charles Nicholas. 2018. Hash-Grams: Faster N-Gram Features for Classification and Malware Detection. In DocEng ’18: ACM Symposium on Document Engineering 2018, August 28–31, 2018, Halifax, NS, Canada. ACM, New York, NY, USA, 4 pages. https://doi.org/10.1145/3209280.3229085

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please contact the author.
Public Domain Mark 1.0

Subjects

top-k selection
bottleneck
Hash-Grams

Abstract

N-grams have long been used as features for classification problems, and their distribution often allows selection of the top-k occurring n-grams as a reliable first-pass to feature selection. However, this top-k selection can be a performance bottleneck, especially when dealing with massive item sets and corpora. In this work we introduce Hash-Grams, an approach to perform top-k feature mining for classification problems. We show that the Hash-Gram approach can be up to three orders of magnitude faster than exact top-k selection algorithms. Using a malware corpus of over 2 TB in size, we show how Hash-Grams retain comparable classification accuracy, while dramatically reducing computational requirements.