Malware and Machine Learning

LeDoux, Charles; Lakhotia, Arun

doi:10.1007/978-3-319-08624-8_1

Cited by 33 publications

(14 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In such a way, we can create a model that identifies all those elements belonging to the related APT while considering the other samples as anomalies. All the one-class classifiers form an ensemble classifier [14] where it is sufficient that one of them recognizes a sample to be associated to the relative APT to raise the alarm in the triage phase. Whenever a new sample is identified and associated with a known APT, it is going to enforce the knowledge base, and it is sufficient to re-train the related APT classifier in the case it would exhibit a concept drift [25], i.e., its statistical properties drifts from the ones at the time of training.…”

Section: One-class Classificationmentioning

confidence: 99%

Malware Triage for Early Identification of Advanced Persistent Threat Activities

2020

View full text Add to dashboard Cite

In the past decade, a new class of cyber-threats, known as "Advanced Persistent Threat" (APT), has emerged and has been used by different organizations to perform dangerous and effective attacks against financial and politic entities, critical infrastructures, and so on. To identify APT related malware early, a semi-automatic approach for malware samples analysis is needed. Recently, a malware triage step for a semi-automatic malware analysis architecture has been introduced. This step identifies incoming APT samples early, among all the malware delivered per day in the cyber-space, to immediately dispatch them to deeper analysis. In the article, the authors have built the knowledge base on known APTs obtained from publicly available reports. For efficiency reasons, they rely on static malware features, extracted with negligible delay, and use machine learning techniques for the identification. Unfortunately, the proposed solution has the disadvantage of requiring a long training time and needs to be completely retrained each time new APT samples or even a new APT class are discovered. In this article, we move from multi-class classification to a group of one-class classifiers, which significantly decreases runtime and allows higher modularity, while still guaranteeing precision and accuracy over 90%. CCS Concepts: • Social and professional topics → Malware/spyware crime;

show abstract

Section: One-class Classificationmentioning

confidence: 99%

Malware Triage for Early Identification of Advanced Persistent Threat Activities

2020

View full text Add to dashboard Cite

show abstract

“…A machine learning model may be good at detecting threats [19] but may fail to classify the benign ones, or vice versa. For different types of alert different threshold of confidence might be more applicable.…”

Section: Discussionmentioning

confidence: 99%

Machine Learning for Security Operation Center

sopan¹,

Berninger²,

Mulakalur³

et al. 2018

Preprint

View full text Add to dashboard Cite

This work demonstrates an ongoing effort to employ and explain machine learning model predictions for classifying alerts in Security Operations Centers (SOC). Our ultimate goal is to reduce analyst workload by automating the process of decision making for investigating alerts using the machine learning model in cases where we can completely trust the model. This way, SOC analysts will be able to focus their time and effort to investigate more complex cases of security alerts. To achieve this goal, we developed a system that shows the prediction for an alert and the prediction explanation to security analysts during their daily workflow of investigating individual security alerts. Another part of our system presents the aggregated model analytics to the managers and stakeholders to help them understand the model and decide,on when to trust the model and let the model make the final decision. Using our prediction explanation visualization, security analysts will be able to classify oncoming alerts more efficiently and gain insight into how a machine learning model generates predictions. Our model performance analysis dashboard helps decision makers analyze the model in signature level granularity and gain more insights about the model.

show abstract

“…Many researchers has studied on static file detection of malicious content using machine by automatic malware detection [3,4,7,8,9]. However , D.Maiorca, N.Srndic, W.Xu et al [10,11,12] has identified that threat of evasion attack is more on static file base malware identification.…”

Section: Methods Of Malware Detectionmentioning

confidence: 99%

A Novel Approach for Predicting the Malware Attacks

Rokkathapa¹,

Kanrar²

2019

IJCA

View full text Add to dashboard Cite

Malware means malicious software. Detecting malware over a system is malware analysis. It consists of two parts static analysis and dynamic analysis. Static analysis includes analyzing a suspicious file and dynamic analysis means observing a file during its process time. In this paper, we have proposed a framework for malware analysis based on semi automated malware detection usually machine learning which is based on dynamic malware detection . The framework shows the quality of experience (QoE) to maintain the efficiency tradeoffs and uses the method of classification. The samples of malware also shows that the framework create a strong detection method.

show abstract

Malware and Machine Learning

Cited by 33 publications

References 46 publications

Malware Triage for Early Identification of Advanced Persistent Threat Activities

Malware Triage for Early Identification of Advanced Persistent Threat Activities

Machine Learning for Security Operation Center

A Novel Approach for Predicting the Malware Attacks

Contact Info

Product

Resources

About