Cognitively-Inspired Inference for Malware Task Identification
dc.contributor.author | Nunes, Eric | |
dc.contributor.author | Buto, Casey | |
dc.contributor.author | Shakarian, Paulo | |
dc.contributor.author | Lebiere, Christian | |
dc.contributor.author | Bennati, Stefano | |
dc.contributor.author | Thomson, Robert | |
dc.date.accessioned | 2024-09-30T14:20:29Z | |
dc.date.available | 2024-09-30T14:20:29Z | |
dc.date.issued | 2020-08-01 | |
dc.description.abstract | Malware reverse-engineering, specifically, identifying the tasks a given piece of malware was designed to perform (e.g., logging keystrokes, recording video, establishing remote access) is a largely human-driven process that is a difficult and time-consuming operation. In this chapter, we present an automated method to identify malware tasks using two different approaches based on the ACT-R cognitive architecture, a popular implementation of a unified theory of cognition. Using three different malware collections, we explore various evaluations for each of an instance-based and rule-based model—including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that our approach based on cognitive inference consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches—often achieving an unbiased F1 score of over 0.9. | |
dc.description.sponsorship | BS&L EECS Army Cyber Institute IARPA | |
dc.identifier.citation | Nunes, E., Buto, C., Shakarian, P., Lebiere, C., Bennati, S., Thomson, R. (2020). Cognitively-Inspired Inference for Malware Task Identification. In: Tayebi, M.A., Glässer, U., Skillicorn, D.B. (eds) Open Source Intelligence and Cyber Crime. Lecture Notes in Social Networks. Springer, Cham. https://doi.org/10.1007/978-3-030-41251-7_7 | |
dc.identifier.doi | 10.1007/978-3-030-41251-7_7 | |
dc.identifier.isbn | 9783030412500 | |
dc.identifier.isbn | 9783030412517 | |
dc.identifier.issn | 2190-5428 | |
dc.identifier.issn | 2190-5436 | |
dc.identifier.uri | https://link.springer.com/chapter/10.1007/978-3-030-41251-7_7 | |
dc.identifier.uri | https://hdl.handle.net/20.500.14216/1545 | |
dc.publisher | Springer International Publishing | |
dc.relation.ispartof | Lecture Notes in Social Networks | |
dc.relation.ispartof | Open Source Intelligence and Cyber Crime | |
dc.subject | malware identification | |
dc.subject | instance-based learning | |
dc.subject | ACT-R | |
dc.subject | cognitive modeling | |
dc.title | Cognitively-Inspired Inference for Malware Task Identification | |
dc.type | book-chapter | |
local.USMAemail | robert.thomson@westpoint.edu | |
local.peerReviewed | Yes |