3 research outputs found
AI assisted Malware Analysis: A Course for Next Generation Cybersecurity Workforce
The use of Artificial Intelligence (AI) and Machine Learning (ML) to solve
cybersecurity problems has been gaining traction within industry and academia,
in part as a response to widespread malware attacks on critical systems, such
as cloud infrastructures, government offices or hospitals, and the vast amounts
of data they generate. AI- and ML-assisted cybersecurity offers data-driven
automation that could enable security systems to identify and respond to cyber
threats in real time. However, there is currently a shortfall of professionals
trained in AI and ML for cybersecurity. Here we address the shortfall by
developing lab-intensive modules that enable undergraduate and graduate
students to gain fundamental and advanced knowledge in applying AI and ML
techniques to real-world datasets to learn about Cyber Threat Intelligence
(CTI), malware analysis, and classification, among other important topics in
cybersecurity.
Here we describe six self-contained and adaptive modules in "AI-assisted
Malware Analysis." Topics include: (1) CTI and malware attack stages, (2)
malware knowledge representation and CTI sharing, (3) malware data collection
and feature identification, (4) AI-assisted malware detection, (5) malware
classification and attribution, and (6) advanced malware research topics and
case studies such as adversarial learning and Advanced Persistent Threat (APT)
detection
Integration of Static and Dynamic Analysis for Malware Family Classification with Composite Neural Network
Deep learning has been used in the research of malware analysis. Most
classification methods use either static analysis features or dynamic analysis
features for malware family classification, and rarely combine them as
classification features and also no extra effort is spent integrating the two
types of features. In this paper, we combine static and dynamic analysis
features with deep neural networks for Windows malware classification. We
develop several methods to generate static and dynamic analysis features to
classify malware in different ways. Given these features, we conduct
experiments with composite neural network, showing that the proposed approach
performs best with an accuracy of 83.17% on a total of 80 malware families with
4519 malware samples. Additionally, we show that using integrated features for
malware family classification outperforms using static features or dynamic
features alone. We show how static and dynamic features complement each other
for malware classification
Defense Methods Against Adversarial Examples for Recurrent Neural Networks
Adversarial examples are known to mislead deep learning models to incorrectly
classify them, even in domains where such models achieve state-of-the-art
performance. Until recently, research on both attack and defense methods
focused on image recognition, primarily using convolutional neural networks
(CNNs). In recent years, adversarial example generation methods for recurrent
neural networks (RNNs) have been published, demonstrating that RNN classifiers
are also vulnerable to such attacks. In this paper, we present a novel defense
method, termed sequence squeezing, to make RNN classifiers more robust against
such attacks. Our method differs from previous defense methods which were
designed only for non-sequence based models. We also implement four additional
RNN defense methods inspired by recently published CNN defense methods. We
evaluate our methods against state-of-the-art attacks in the cyber security
domain where real adversaries (malware developers) exist, but our methods can
be applied against other discrete sequence based adversarial attacks, e.g., in
the NLP domain. Using our methods we were able to decrease the effectiveness of
such attack from 99.9% to 15%.Comment: Submitted as a conference paper to Euro S&P 202