9,952 research outputs found
Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection
In this paper, we introduce and evaluate PROPEDEUTICA, a novel methodology
and framework for efficient and effective real-time malware detection,
leveraging the best of conventional machine learning (ML) and deep learning
(DL) algorithms. In PROPEDEUTICA, all software processes in the system start
execution subjected to a conventional ML detector for fast classification. If a
piece of software receives a borderline classification, it is subjected to
further analysis via more performance expensive and more accurate DL methods,
via our newly proposed DL algorithm DEEPMALWARE. Further, we introduce delays
to the execution of software subjected to deep learning analysis as a way to
"buy time" for DL analysis and to rate-limit the impact of possible malware in
the system. We evaluated PROPEDEUTICA with a set of 9,115 malware samples and
877 commonly used benign software samples from various categories for the
Windows OS. Our results show that the false positive rate for conventional ML
methods can reach 20%, and for modern DL methods it is usually below 6%.
However, the classification time for DL can be 100X longer than conventional ML
methods. PROPEDEUTICA improved the detection F1-score from 77.54% (conventional
ML method) to 90.25%, and reduced the detection time by 54.86%. Further, the
percentage of software subjected to DL analysis was approximately 40% on
average. Further, the application of delays in software subjected to ML reduced
the detection time by approximately 10%. Finally, we found and discussed a
discrepancy between the detection accuracy offline (analysis after all traces
are collected) and on-the-fly (analysis in tandem with trace collection). Our
insights show that conventional ML and modern DL-based malware detectors in
isolation cannot meet the needs of efficient and effective malware detection:
high accuracy, low false positive rate, and short classification time.Comment: 17 pages, 7 figure
Recommended from our members
The Effect of Limited Attention and Delay on Negative Arousing False Memories
Previous research has shown that, in comparison to neutral stimuli, false memories for high arousing negative stimuli are greater after very fast presentation and limited attention at study. However, full compared to limited attention conditions still produce comparably more false memories for all stimuli types. Research has also shown that emotional stimuli benefit from a period of consolidation. What effect would such consolidation have on false memory formation even when attention is limited at study? The aim of the present study was to investigate the effect of fast presentation on false memory production for negatively-arousing and neutral items over time using the DRM paradigm. Sixty-Eight participants studied Negative and neutral DRM lists with fast or slow presentation conditions. Half completed a recognition test immediately and half completed a recognition test after one-week. Results revealed that, for fast presentation, negative critical lures increased after one week and were comparable to negative critical lures in the slow presentation encoding conditions. Neutral critical lures in the fast presentation condition did not change and remained lower compared to the slow presentation condition. These findings are the first demonstration that arousing negative false memories can increase over time when attention at encoding is limited
ANOMALY NETWORK INTRUSION DETECTION SYSTEM BASED ON DISTRIBUTED TIME-DELAY NEURAL NETWORK (DTDNN)
In this research, a hierarchical off-line anomaly network intrusion detection system based on Distributed Time-Delay Artificial Neural Network is introduced. This research aims to solve a hierarchical multi class problem in which the type of attack (DoS, U2R, R2L and Probe attack) detected by dynamic neural network. The results indicate that dynamic neural nets (Distributed Time-Delay Artificial Neural Network) can achieve a high detection rate, where the overall accuracy classification rate average is equal to 97.24%
Closed-loop experiments and brain machine interfaces with multiphoton microscopy
In the field of neuroscience, the importance of constructing closed-loop
experimental systems has increased in conjunction with technological advances
in measuring and controlling neural activity in live animals. This paper
provides an overview of recent technological advances in the field, focusing on
closed-loop experimental systems where multiphoton microscopy (the only method
capable of recording and controlling targeted population activity of neurons at
a single-cell resolution in vivo) works through real-time feedback.
Specifically, we present some examples of brain machine interfaces (BMIs) using
in vivo two-photon calcium imaging and discuss applications of two-photon
optogenetic stimulation and adaptive optics to real-time BMIs. We also consider
conditions for realizing future optical BMIs at the synaptic level, and their
possible roles in understanding the computational principles of the brain
A proposal for a coordinated effort for the determination of brainwide neuroanatomical connectivity in model organisms at a mesoscopic scale
In this era of complete genomes, our knowledge of neuroanatomical circuitry
remains surprisingly sparse. Such knowledge is however critical both for basic
and clinical research into brain function. Here we advocate for a concerted
effort to fill this gap, through systematic, experimental mapping of neural
circuits at a mesoscopic scale of resolution suitable for comprehensive,
brain-wide coverage, using injections of tracers or viral vectors. We detail
the scientific and medical rationale and briefly review existing knowledge and
experimental techniques. We define a set of desiderata, including brain-wide
coverage; validated and extensible experimental techniques suitable for
standardization and automation; centralized, open access data repository;
compatibility with existing resources, and tractability with current
informatics technology. We discuss a hypothetical but tractable plan for mouse,
additional efforts for the macaque, and technique development for human. We
estimate that the mouse connectivity project could be completed within five
years with a comparatively modest budget.Comment: 41 page
Fast and Efficient Malware Detection with Joint Static and Dynamic Features Through Transfer Learning
In malware detection, dynamic analysis extracts the runtime behavior of
malware samples in a controlled environment and static analysis extracts
features using reverse engineering tools. While the former faces the challenges
of anti-virtualization and evasive behavior of malware samples, the latter
faces the challenges of code obfuscation. To tackle these drawbacks, prior
works proposed to develop detection models by aggregating dynamic and static
features, thus leveraging the advantages of both approaches. However, simply
concatenating dynamic and static features raises an issue of imbalanced
contribution due to the heterogeneous dimensions of feature vectors to the
performance of malware detection models. Yet, dynamic analysis is a
time-consuming task and requires a secure environment, leading to detection
delays and high costs for maintaining the analysis infrastructure. In this
paper, we first introduce a method of constructing aggregated features via
concatenating latent features learned through deep learning with
equally-contributed dimensions. We then develop a knowledge distillation
technique to transfer knowledge learned from aggregated features by a teacher
model to a student model trained only on static features and use the trained
student model for the detection of new malware samples. We carry out extensive
experiments with a dataset of 86709 samples including both benign and malware
samples. The experimental results show that the teacher model trained on
aggregated features constructed by our method outperforms the state-of-the-art
models with an improvement of up to 2.38% in detection accuracy. The distilled
student model not only achieves high performance (97.81% in terms of accuracy)
as that of the teacher model but also significantly reduces the detection time
(from 70046.6 ms to 194.9 ms) without requiring dynamic analysis.Comment: Accepted for presentation and publication at the 21st International
Conference on Applied Cryptography and Network Security (ACNS 2023
Pre-filters in-transit malware packets detection in the network
Conventional malware detection systems cannot detect most of the new malware in the network without the availability of their signatures. In order to solve this problem, this paper proposes a technique to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a combination of known malware sub-signature and machine learning classification. This network-based malware detection is achieved through a middle path for efficient processing of non-malware packets. The proposed technique has been tested and verified using multiple data sets (metamorphic malware, non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in the network-based before they reached the host better than the previous works which detect malware in host-based. Experimental results showed that the proposed technique can speed up the transmission of more than 98% normal packets without sending them to the slow path, and more than 97% of malware packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic malware packets in the test dataset could be detected. The proposed technique is 37 times faster than existing technique
- …