Kullback S., Leibler R.A.: On information and sufficiency. In: ACSAC’06: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (2006) Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: automating the hidden-code extraction of unpack-executing malware. In: ACSAC’07: Proceedings of the 23rd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (2007) Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: fast, generic, and safe unpacking of malware. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. ![]() Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of USENIX Security Symposium (2004) Krugel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. Springer, US (2007)Īshcraft, K., Engler, D.: Using programmer-written compiler extensions to catch security holes. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. Stolfo, S.J., Wang, K., Li, W.-J.: Towards stealthy malware detection. Kolter, J., Maloof, M.: Learning to detect malicious executables in the wild. Distributed System and Automation Groups, Technical University of Vienna (2005) In: Proceedings of the 2000 International Virus Bulletin Conference (2000)īayer, U.: TTAnalyze: A Tool for Analyzing Malware. 14(6), 541–566 (1995)Īrnold, W., Tesauro, G.: Automatically generated Win32 heuristic virus detection. Lo R.W., Levitt K.N., Olsson R.A.: MCF: a malicious code filter. In: Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, pp. Kephart, J.O., Sorkin, G.B., Arnold, W.C., Chess, D.M., Tesauro, G.J., White, S.R.: Biologically inspired defenses against computer viruses. In: 4th Virus Bulletin International Conference, pp. Kephart, J.O., Arnold, W.C.: Automatic extraction of computer virus signatures. Department of Computer Science, Purdue University (1988) Spafford, E.H.: The Internet Worm Program: An Analysis. Our results, using over 4,000 malicious file samples, indicate that the proposed detector provides reasonably high detection accuracy, while having significantly lower complexity than existing detectors. We use the benign models of divergent attributes in cross-correlation and log-likelihood frameworks to classify malicious executables. This quantification reveals distinguishing attributes that are considerably divergent between benign and malware executables and therefore can be used for detection. Deviations among the attribute models of benign and malware executables are then quantified using information-theoretic (Kullback-Leibler-based) divergence measures. We first develop simple statistical models of static file attributes derived from the empirical data of thousands of benign executables. In this paper we propose a low-complexity host-based technique that uses deviations in static file attributes to detect malicious executables. Such detection is based on a robust model of benign behavior and deviations from that model are used to detect malicious behavior. Our experiments show that we are better than all existing state-of-the-art detection methods.Detection of rapidly evolving malware requires classification techniques that can effectively and efficiently detect zero-day attacks. Our mutated group of classifiers enhances the power of prediction inconsistency using multiple models and eliminate the effect of transferability (a technique to make the same adversarial example work for multiple models) because of the mutation. Based on a Prediction Inversion Rate (PIR), we can effectively identify adversarial example from benign documents. In this paper, based on an interesting observation that most of these adversarial examples were designed on specific models, we propose a novel approach to generate a group of mutated cross-model classifiers such that adversarial examples cannot pass all classifiers easily. A major reason is that most of the detection methods are tailor-made for existing adversarial examples only. The challenge from adversarial attacks is still not yet completely resolved. Various analysis or detection techniques have been available for specific attacks. ![]() This poses a major threat to many detectors based on machine learning techniques. Crafted adversarial example based on precision manipulation may be easily misclassified. However, adversarial attacks against malicious document classifiers have emerged. Machine learning has become a mainstream technology for malicious PDF document detection either to help analysts in a forensic investigation or to prevent a system being attacked. To distinguish malicious PDFs from massive PDF files poses a challenge to forensic investigation. PDF malware remains as a major hacking technique.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |