Malware task identification: A data driven approach

Eric Nunes, Casey Buto, Paulo Shakarian, Christian Lebiere, Stefano Bennati, Robert Thomson, Holger Jaenisch

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
EditorsJian Pei, Jie Tang, Fabrizio Silvestri
PublisherAssociation for Computing Machinery, Inc
Pages978-985
Number of pages8
ISBN (Electronic)9781450338547
DOIs
StatePublished - Aug 25 2015
EventIEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 - Paris, France
Duration: Aug 25 2015Aug 28 2015

Publication series

NameProceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

Other

OtherIEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
Country/TerritoryFrance
CityParis
Period8/25/158/28/15

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Malware task identification: A data driven approach'. Together they form a unique fingerprint.

Cite this