Cognitively-Inspired Inference for Malware Task Identification

dc.contributor.authorNunes, Eric
dc.contributor.authorButo, Casey
dc.contributor.authorShakarian, Paulo
dc.contributor.authorLebiere, Christian
dc.contributor.authorBennati, Stefano
dc.contributor.authorThomson, Robert
dc.date.accessioned2024-09-30T14:20:29Z
dc.date.available2024-09-30T14:20:29Z
dc.date.issued2020-08-01
dc.description.abstractMalware reverse-engineering, specifically, identifying the tasks a given piece of malware was designed to perform (e.g., logging keystrokes, recording video, establishing remote access) is a largely human-driven process that is a difficult and time-consuming operation. In this chapter, we present an automated method to identify malware tasks using two different approaches based on the ACT-R cognitive architecture, a popular implementation of a unified theory of cognition. Using three different malware collections, we explore various evaluations for each of an instance-based and rule-based model—including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that our approach based on cognitive inference consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches—often achieving an unbiased F1 score of over 0.9.
dc.description.sponsorshipBS&L EECS Army Cyber Institute IARPA
dc.identifier.citationNunes, E., Buto, C., Shakarian, P., Lebiere, C., Bennati, S., Thomson, R. (2020). Cognitively-Inspired Inference for Malware Task Identification. In: Tayebi, M.A., Glässer, U., Skillicorn, D.B. (eds) Open Source Intelligence and Cyber Crime. Lecture Notes in Social Networks. Springer, Cham. https://doi.org/10.1007/978-3-030-41251-7_7
dc.identifier.doi10.1007/978-3-030-41251-7_7
dc.identifier.isbn9783030412500
dc.identifier.isbn9783030412517
dc.identifier.issn2190-5428
dc.identifier.issn2190-5436
dc.identifier.urihttps://link.springer.com/chapter/10.1007/978-3-030-41251-7_7
dc.identifier.urihttps://hdl.handle.net/20.500.14216/1545
dc.publisherSpringer International Publishing
dc.relation.ispartofLecture Notes in Social Networks
dc.relation.ispartofOpen Source Intelligence and Cyber Crime
dc.subjectmalware identification
dc.subjectinstance-based learning
dc.subjectACT-R
dc.subjectcognitive modeling
dc.titleCognitively-Inspired Inference for Malware Task Identification
dc.typebook-chapter
local.USMAemailrobert.thomson@westpoint.edu
local.peerReviewedYes

Files