Malware Task Identification: A data driven approach
dc.contributor.author | Nunes, Eric | |
dc.contributor.author | Buto, Casey | |
dc.contributor.author | Shakarian, Paulo | |
dc.contributor.author | Lebiere, Christian | |
dc.contributor.author | Bennati, Stefano | |
dc.contributor.author | Thomson, Robert | |
dc.contributor.author | Jaenisch, Holger | |
dc.date.accessioned | 2024-10-04T20:56:56Z | |
dc.date.available | 2024-10-04T20:56:56Z | |
dc.date.issued | 2015-08-25 | |
dc.description.abstract | Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment. | |
dc.description.sponsorship | IARPA Arizona State University Carnegie Mellon University BS&L EECS Army Cyber Institute | |
dc.identifier.citation | Nunes, Eric, Casey Buto, Paulo Shakarian, Christian Lebiere, Stefano Bennati, Robert Thomson, and Holger Jaenisch. "Malware task identification: A data driven approach." In Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, pp. 978-985. 2015. | |
dc.identifier.doi | 10.1145/2808797.2808894 | |
dc.identifier.uri | https://dl.acm.org/doi/10.1145/2808797.2808894 | |
dc.identifier.uri | https://hdl.handle.net/20.500.14216/1578 | |
dc.publisher | ACM | |
dc.relation.ispartof | Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015 | |
dc.subject | malware identification | |
dc.subject | cognitive modeling | |
dc.title | Malware Task Identification: A data driven approach | |
dc.type | Conference presentations, papers, posters | |
local.USMAemail | robert.thomson@westpoint.edu | |
local.peerReviewed | Yes |
Files
Original bundle
1 - 1 of 1