Malware Task Identification: A data driven approach

dc.contributor.authorNunes, Eric
dc.contributor.authorButo, Casey
dc.contributor.authorShakarian, Paulo
dc.contributor.authorLebiere, Christian
dc.contributor.authorBennati, Stefano
dc.contributor.authorThomson, Robert
dc.contributor.authorJaenisch, Holger
dc.date.accessioned2024-10-04T20:56:56Z
dc.date.available2024-10-04T20:56:56Z
dc.date.issued2015-08-25
dc.description.abstractIdentifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.
dc.description.sponsorshipIARPA Arizona State University Carnegie Mellon University BS&L EECS Army Cyber Institute
dc.identifier.citationNunes, Eric, Casey Buto, Paulo Shakarian, Christian Lebiere, Stefano Bennati, Robert Thomson, and Holger Jaenisch. "Malware task identification: A data driven approach." In Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015, pp. 978-985. 2015.
dc.identifier.doi10.1145/2808797.2808894
dc.identifier.urihttps://dl.acm.org/doi/10.1145/2808797.2808894
dc.identifier.urihttps://hdl.handle.net/20.500.14216/1578
dc.publisherACM
dc.relation.ispartofProceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015
dc.subjectmalware identification
dc.subjectcognitive modeling
dc.titleMalware Task Identification: A data driven approach
dc.typeConference presentations, papers, posters
local.USMAemailrobert.thomson@westpoint.edu
local.peerReviewedYes

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
2808797.2808894.pdf
Size:
1.88 MB
Format:
Adobe Portable Document Format