Malware identification using cognitively-inspired inference

Date

2015

Journal Title

Journal ISSN

Volume Title

Publisher

BRiMS Annual Conference

Abstract

Malware reverse-engineering is an important type of analysis in cybersecurity. Rapidly identifying the tasks that a piece of malware is designed to perform is an important part of reverse engineering that is generally manually performed as it relies heavily on human intuition This paper describes how the use of cognitively-inspired inference can assist in automating some of malware task identification. Computational models derived from human-inspired inference were able to reach relatively higher asymptotic performance faster than traditional machine learning approaches such as decision trees and naïve Bayes classifiers. Using a real-world malware dataset, these cognitive models identified sets of tasks with an unbiased F1 measure of 0.94. Even when trained on historical datasets of malware samples from different families, the cognitive models still maintained the precision of decision tree and Bayes classifiers while providing a significant improvement to recall.

Description

Keywords

malware identification, instance-based learning, cognitive modeling, cognitive architecture

Citation

Thomson, Robert, Christian Lebiere, Stefano Bennati, Paulo Shakarian, and Eric Nunes. "Malware identification using cognitively-inspired inference." Proceedings of Behavior Representation in Modeling and Simulation Annual Conference(2015).

DOI