Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection

Sun, Ruimin; Yuan, Xiaoyong; He, Pan; Zhu, Qile; Chen, Aokun; Grégio, André; Oliveira, Daniela; Li, Xin

doi:10.48550/arxiv.1712.01145

Cited by 4 publications

(2 citation statements)

References 80 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deep learning has been used in static and behavioral-based malware detection due to its capability of detecting zeroday malware [14]- [17]. Recent studies generated adversarial malware samples to evade deep learning-based malware detection [101]- [103], [105].…”

Section: G Malware Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Examples: Attacks and Defenses for Deep Learning

Yuan

Zhu

et al. 2019

IEEE Trans. Neural Netw. Learning Syst.

Self Cite

1,462

821

View full text Add to dashboard Cite

With rapid progress and significant successes in a wide spectrum of applications, deep learning is being applied in many safety-critical environments. However, deep neural networks have been recently found vulnerable to well-designed input samples, called adversarial examples. Adversarial examples are imperceptible to human but can easily fool deep neural networks in the testing/deploying stage. The vulnerability to adversarial examples becomes one of the major risks for applying deep neural networks in safety-critical environments. Therefore, attacks and defenses on adversarial examples draw great attention. In this paper, we review recent findings on adversarial examples for deep neural networks, summarize the methods for generating adversarial examples, and propose a taxonomy of these methods. Under the taxonomy, applications for adversarial examples are investigated. We further elaborate on countermeasures for adversarial examples and explore the challenges and the potential solutions.

show abstract

Section: G Malware Detectionmentioning

confidence: 99%

“…Apple also provides face authentication to unlock mobile phones [13]. Behavior-based malware detection and anomaly detection solutions are built upon deep learning to find semantic features [14]- [17].…”

Section: Introductionmentioning

confidence: 99%

Adversarial Examples: Attacks and Defenses for Deep Learning

Yuan

Zhu

et al. 2019

IEEE Trans. Neural Netw. Learning Syst.

Self Cite

1,462

821

View full text Add to dashboard Cite

show abstract

Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes

Alexander¹,

Mantovani²,

Han

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

The amount of time in which a sample is executed is one of the key parameters of a malware analysis sandbox. Setting the threshold too high hinders the scalability and reduces the number of samples that can be analyzed in a day; too low and the samples may not have the time to show their malicious behavior, thus reducing the amount and quality of the collected data. Therefore, an analyst needs to find the 'sweet spot' that allows to collect only the minimum amount of information required to properly classify each sample. Anything more is wasting resources, anything less is jeopardizing the experiments. Despite its importance, there are no clear guidelines on how to choose this parameter, nor experiments that can help companies to assess the pros and cons of a choice over another. To fill this gap, in this paper we provide the first large-scale study of the impact that the execution time has on both the amount and the quality of the collected events. We measure the evolution of system calls and code coverage, to draw a precise picture of the fraction of runtime behavior we can expect to observe in a sandbox. Finally, we implemented a machine learning based malware detection method, and applied it to the data collected in different time windows, to also report on the relevance of the events observed at different points in time. Our results show that most samples run for either less than two minutes or for more than ten. However, most of the behavior (and 98% of the executed basic blocks) are observed during the first two minutes of execution, which is also the time windows that result in a higher accuracy of our ML classifier. We believe this information can help future researchers and industrial sandboxes to better tune their analysis systems.

show abstract

Adversarial Examples: Attacks and Defenses for Deep Learning

Yuan

Zhu

et al. 2017

Preprint

View full text Add to dashboard Cite

Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection

Cited by 4 publications

References 80 publications

Adversarial Examples: Attacks and Defenses for Deep Learning

Adversarial Examples: Attacks and Defenses for Deep Learning

Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes

Adversarial Examples: Attacks and Defenses for Deep Learning

Contact Info

Product

Resources

About