Malware Fingerprinting under Uncertainty

Krishnendu Ghosh, William Casey, Jose Andre Morales, Bud Mishra

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Malware detection and classification is critical for the security of IT infrastructure. Legacy detection of malware has been highly reliant on static signatures, so malware authors have evolved code polymorphic techniques to counteract these tools, thus rendering static malware detectors ineffective. While malware writers may easily use code rewriting techniques to scramble binary images; malware processes at runtime still must conduct a sequence of operational steps to achieve its design goal, indicating an approach based on behavioral analysis where the captured invariants form a new type of forensic fingerprint. Moreover these operational steps are constrained to occur within the computers' or mobile devices' abstract system interface- A finite basis of activities that submit to effective monitoring with a variety of tools. In this work, we propose a formalism for expressing these behaviors, learning them and analyzing them to form automated malware analysis tools. Thus motivated by a need to detect and classify malware, we root its foundation in formal verification, as well as methodology from statistical and machine learning. Specifically using trace data from malware we leverage formal verification methods (such as probabilistic model checking) to construct classifiers and evaluate their efficacy in supervised learning and cross-fold validation experiments. The results inform how a fully automated reasoning mechanism may be applied to unknown software by posing its system trace as a query to various classifiers as hypothesis testing, the outputs informing belief of membership. Finally, we demonstrate the method and results on real malware data.

Original languageEnglish (US)
Title of host publicationProceedings - 4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017
EditorsMeikang Qiu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages276-286
Number of pages11
ISBN (Electronic)9781509066438
DOIs
StatePublished - Jul 20 2017
Event4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017 - New York, United States
Duration: Jun 26 2017Jun 28 2017

Publication series

NameProceedings - 4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017

Other

Other4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017
CountryUnited States
CityNew York
Period6/26/176/28/17

Keywords

  • Classification. Machine Learning
  • Malware
  • Model Checking

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Malware Fingerprinting under Uncertainty'. Together they form a unique fingerprint.

Cite this