Cognitively-Inspired Inference for Malware Task Identification
No Thumbnail Available
Authors
Nunes, Eric
Buto, Casey
Shakarian, Paulo
Lebiere, Christian
Bennati, Stefano
Thomson, Robert
Issue Date
2020-08-01
Type
book-chapter
Language
Keywords
malware identification , instance-based learning , ACT-R , cognitive modeling
Alternative Title
Abstract
Malware reverse-engineering, specifically, identifying the tasks a given piece of malware was designed to perform (e.g., logging keystrokes, recording video, establishing remote access) is a largely human-driven process that is a difficult and time-consuming operation. In this chapter, we present an automated method to identify malware tasks using two different approaches based on the ACT-R cognitive architecture, a popular implementation of a unified theory of cognition. Using three different malware collections, we explore various evaluations for each of an instance-based and rule-based model—including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that our approach based on cognitive inference consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches—often achieving an unbiased F1 score of over 0.9.
Description
Citation
Nunes, E., Buto, C., Shakarian, P., Lebiere, C., Bennati, S., Thomson, R. (2020). Cognitively-Inspired Inference for Malware Task Identification. In: Tayebi, M.A., Glässer, U., Skillicorn, D.B. (eds) Open Source Intelligence and Cyber Crime. Lecture Notes in Social Networks. Springer, Cham. https://doi.org/10.1007/978-3-030-41251-7_7
Publisher
Springer International Publishing
License
Journal
Volume
Issue
PubMed ID
ISSN
2190-5428
2190-5436
2190-5436