454 research outputs found
Machine Learning and other Computational-Intelligence Techniques for Security Applications
L'abstract è presente nell'allegato / the abstract is in the attachmen
Evolution of Computer Virus Concealment and Anti-Virus Techniques: A Short Survey
This paper presents a general overview on evolution of concealment methods in
computer viruses and defensive techniques employed by anti-virus products. In
order to stay far from the anti-virus scanners, computer viruses gradually
improve their codes to make them invisible. On the other hand, anti-virus
technologies continually follow the virus tricks and methodologies to overcome
their threats. In this process, anti-virus experts design and develop new
methodologies to make them stronger, more and more, every day. The purpose of
this paper is to review these methodologies and outline their strengths and
weaknesses to encourage those are interested in more investigation on these
areas
Integrating Multiple Data Views for Improved Malware Analysis
Malicious software (malware) has become a prominent fixture in computing. There have been many methods developed over the years to combat the spread of malware, but these methods have inevitably been met with countermeasures. For instance, signature-based malware detection gave rise to polymorphic viruses. This arms race\u27 will undoubtedly continue for the foreseeable future as the incentives to develop novel malware continue to outweigh the costs. In this dissertation, I describe analysis frameworks for three important problems related to malware: classification, clustering, and phylogenetic reconstruction. The important component of my methods is that they all take into account multiple views of malware. Typically, analysis has been performed in either the static domain (e.g. the byte information of the executable) or the dynamic domain (e.g. system call traces). This dissertation develops frameworks that can easily incorporate well-studied views from both domains, as well as any new views that may become popular in the future. The only restriction that must be met is that a positive semidefinite similarity (kernel) matrix must be defined on the view, a restriction that is easily met in practice. While the classification problem can be solved with well known multiple kernel learning techniques, the clustering and phylogenetic problems required the development of novel machine learning methods, which I present in this dissertation. It is important to note that although these methods were developed in the context of the malware problem, they are applicable to a wide variety of domains
Recommended from our members
MDEA : malware detection with evolutionary adversarial learning
Many applications have used machine learning as a tool to detect malware. These
applications take in raw or processed binary data to feed neural network models to classify
benign or malicious files. Even though this approach has proved effective against dynamic
changes, such as encrypting, obfuscating and packing techniques, it is vulnerable to
specific evasion attacks to where that small changes to the input data cause
misclassification at test time. In this paper, I propose MDEA, an Adversarial Malware
Detection model that combines a neural network and evolutionary optimization attack
samples to make the network robust against evasion attacks. By retraining the model with
the evolved malware samples, network performance improves a big margin.Computer Science
Automatic Malware Detection
The problem of automatic malware detection presents challenges for antivirus vendors. Since the manual investigation is not possible due to the massive number of samples being submitted every day, automatic malware classication is necessary. Our work is focused on an automatic malware detection framework based on machine learning algorithms. We proposed several static malware detection systems for the Windows operating system to achieve the primary goal of distinguishing between malware and benign software. We also considered the more practical goal of detecting as much malware as possible while maintaining a suciently low false positive rate. We proposed several malware detection systems using various machine learning techniques, such as ensemble classier, recurrent neural network, and distance metric learning. We designed architectures of the proposed detection systems, which are automatic in the sense that extraction of features, preprocessing, training, and evaluating the detection model can be automated. However, antivirus program relies on more complex system that consists of many components where several of them depends on malware analysts and researchers. Malware authors adapt their malicious programs frequently in order to bypass antivirus programs that are regularly updated. Our proposed detection systems are not automatic in the sense that they are not able to automatically adapt to detect the newest malware. However, we can partly solve this problem by running our proposed systems again if the training set contains the newest malware. Our work relied on static analysis only. In this thesis, we discuss advantages and drawbacks in comparison to dynamic analysis. Static analysis still plays an important role, and it is used as one component of a complex detection system.The problem of automatic malware detection presents challenges for antivirus vendors. Since the manual investigation is not possible due to the massive number of samples being submitted every day, automatic malware classication is necessary. Our work is focused on an automatic malware detection framework based on machine learning algorithms. We proposed several static malware detection systems for the Windows operating system to achieve the primary goal of distinguishing between malware and benign software. We also considered the more practical goal of detecting as much malware as possible while maintaining a suciently low false positive rate. We proposed several malware detection systems using various machine learning techniques, such as ensemble classier, recurrent neural network, and distance metric learning. We designed architectures of the proposed detection systems, which are automatic in the sense that extraction of features, preprocessing, training, and evaluating the detection model can be automated. However, antivirus program relies on more complex system that consists of many components where several of them depends on malware analysts and researchers. Malware authors adapt their malicious programs frequently in order to bypass antivirus programs that are regularly updated. Our proposed detection systems are not automatic in the sense that they are not able to automatically adapt to detect the newest malware. However, we can partly solve this problem by running our proposed systems again if the training set contains the newest malware. Our work relied on static analysis only. In this thesis, we discuss advantages and drawbacks in comparison to dynamic analysis. Static analysis still plays an important role, and it is used as one component of a complex detection system
DEVELOPMENT OF SECUREPLUS ANTIVIRUS WITH THE ARTIFICIAL IMMUNE SYSTEMMODEL
This paper is about Malware proliferation in the wide and the development of an Antivirus called Secure Plus. Malware is a generic name for malfunctioned program codes that could wreak destructive impacts on Information Technology critical infrastructures. These malware usually use various techniques to avoid being detected; usually they are encrypted using hybridized cryptographic algorithms. Malware may be detected using antivirus that can scan the database signatures already accumulated and stored by antivirus vendors in some server. These stored databases signatures can then be compared with zero-day malware through comparison with the benign software. The zero-day malware are of sophisticated program codes that can transmute into different transforming patterns; yet retain their portent functionalities attributes and are now of billion categories by deverse clones. This paper after over viewing the literatures on ground (and they are of large numerical numbers), attempts to make its contribution to the design and development of Antivirus that can detect those zero-day or metamorphic malware. This proposed Antivirus being developed is christened Secure Plus that applies the heuristic Artificial Immune System Algorithm for the design and development. The tested experimental outputs are provided as prove of the Secure Plus effectual functionality worthy of application but need further works through to detect malware proactively
MDEA: Malware Detection with Evolutionary Adversarial Learning
Malware detection have used machine learning to detect malware in programs.
These applications take in raw or processed binary data to neural network
models to classify as benign or malicious files. Even though this approach has
proven effective against dynamic changes, such as encrypting, obfuscating and
packing techniques, it is vulnerable to specific evasion attacks where that
small changes in the input data cause misclassification at test time. This
paper proposes a new approach: MDEA, an Adversarial Malware Detection model
uses evolutionary optimization to create attack samples to make the network
robust against evasion attacks. By retraining the model with the evolved
malware samples, its performance improves a significant margin.Comment: 8 pages, 6 figure
- …