Functional cognitive models of malware identification

Christian Lebiere, Stefano Bennati, Robert Thomson, Paulo Shakarian, Eric Nunes

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations


An important source of constraints on unified theories of cognition is their ability to perform complex tasks that are challenging for humans. Malware reverse-engineering is an important type of analysis in the domain of cyber-security. Rapidly identifying the tasks that a piece of malware is designed to perform is an important part of reverse engineering that is manually performed in practice as it relies heavily on human intuition. We present an automated approach to malware task identification using two different approaches using ACT-R cognitive models. Against a real-world malware dataset, these cognitive models significantly out-perform baseline approaches while demonstrating key cognitive characteristics such as the ability to generalize to new categories and to quickly adapt to a change of environment. Finally, we discuss the implications of our approach for applying cognitive models to complex tasks.

Original languageEnglish (US)
Title of host publicationProceedings of ICCM 2015 - 13th International Conference on Cognitive Modeling
EditorsNiels A. Taatgen, Marieke K. van Vugt, Jelmer P. Borst, Katja Mehlhorn
PublisherUniversity of Groningen
Number of pages6
ISBN (Electronic)9789036777636
StatePublished - 2015
Event13th International Conference on Cognitive Modeling, ICCM 2015 - Groningen, Netherlands
Duration: Apr 9 2015Apr 11 2015

Publication series

NameProceedings of ICCM 2015 - 13th International Conference on Cognitive Modeling


Conference13th International Conference on Cognitive Modeling, ICCM 2015


  • ACT-R
  • Bayesian models
  • Decision trees
  • Functional cognitive models
  • Malware detection

ASJC Scopus subject areas

  • Artificial Intelligence
  • Modeling and Simulation


Dive into the research topics of 'Functional cognitive models of malware identification'. Together they form a unique fingerprint.

Cite this