TY - GEN
T1 - Malware task identification
T2 - IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
AU - Nunes, Eric
AU - Buto, Casey
AU - Shakarian, Paulo
AU - Lebiere, Christian
AU - Bennati, Stefano
AU - Thomson, Robert
AU - Jaenisch, Holger
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/8/25
Y1 - 2015/8/25
N2 - Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.
AB - Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.
UR - http://www.scopus.com/inward/record.url?scp=84962550108&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84962550108&partnerID=8YFLogxK
U2 - 10.1145/2808797.2808894
DO - 10.1145/2808797.2808894
M3 - Conference contribution
AN - SCOPUS:84962550108
T3 - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
SP - 978
EP - 985
BT - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
A2 - Pei, Jian
A2 - Tang, Jie
A2 - Silvestri, Fabrizio
PB - Association for Computing Machinery, Inc
Y2 - 25 August 2015 through 28 August 2015
ER -