automatic analysis of malware behavior using machine
play

Automatic Analysis of Malware Behavior using Machine Learning - PowerPoint PPT Presentation

Oct 13, 2022 •200 likes •451 views

Automatic Analysis of Malware Behavior using Machine Learning Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz Peng Su CISC850 Cyber Analytics CISC850 Cyber Analytics Automatic Analysis of Malware Behavior Malware threaten

  1. Automatic Analysis of Malware Behavior using Machine Learning Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz Peng Su CISC850 Cyber Analytics

  2. CISC850 Cyber Analytics Automatic Analysis of Malware Behavior • Malware threaten the Internet • Dynamic VS Static • binary packers, encryption, or self-modifying code, to obstruct analysis. • behavior of malicious software during run-time.

  3. CISC850 Cyber Analytics Automatic Analysis of Malware Behavior

  4. CISC850 Cyber Analytics Monitoring of Malware Behavior • Malware Sandboxes --CWSandbox • Malware Instruction Set

  5. CISC850 Cyber Analytics Malware Instruction Set • MIST instruction keep the stable and discriminative patterns such as directory and mutex name at the beginning.

  6. CISC850 Cyber Analytics Embedding of Malware Behavior • Embedding using Instruction Q-grams • Comparing Embedding reports

  7. CISC850 Cyber Analytics Embedding using Instruction Q-grams • For example, if report x=‘1|A 2|A 1|A 2|A’, A={1|A, 2|A }, the q for q-grams is 2.

  8. CISC850 Cyber Analytics Embedding using Instruction Q-grams • Normalization • Redundancy of behavior, considered alphabet, length of reports

  9. CISC850 Cyber Analytics Comparing Embedding reports • Euclidean distance

  10. CISC850 Cyber Analytics Clustering and Classification • Prototypes->Clustering-> Classification

  11. CISC850 Cyber Analytics Prototype Extraction

  12. CISC850 Cyber Analytics Clustering using Prototypes

  13. CISC850 Cyber Analytics Classification using Prototypes

  14. CISC850 Cyber Analytics Incremental Analysis

  15. CISC850 Cyber Analytics Experiments & Application • Evaluation Data • Three parameters to decide • Evaluation of Components • How to select the best parameters d p , d c , d r

  16. CISC850 Cyber Analytics Evaluation Data • A reference data set • Evaluate and calibrate the framework • An application data set • See the performance on unknown malwares

  17. CISC850 Cyber Analytics Reference Data Set

  18. CISC850 Cyber Analytics Application Data Set

  19. CISC850 Cyber Analytics Evaluation of Components • Precision and recall

  20. Evaluation of Components • F-measure

  21. CISC850 Cyber Analytics Evaluation of Components--d p

  22. CISC850 Cyber Analytics Evaluation of Components--d c

  23. CISC850 Cyber Analytics Evaluation of Components--d r

  24. CISC850 Cyber Analytics Comparative Evaluation with State-of- the-Art

  25. CISC850 Cyber Analytics An Application Scenario

Recommend

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is Malware? - Software intended to cause harm or inflict damage on computer systems - Many different kinds: - Adware/Spyware - Backdoors - Viruses

383 views • 26 slides
Machine Learning for Malware Analysis Andrew Davis Data Scientist Introduction - What is

Machine Learning for Malware Analysis Andrew Davis Data Scientist Introduction - What is

Machine Learning for Malware Analysis Andrew Davis Data Scientist Introduction - What is Malware? - Software intended to cause harm or inflict damage on computer systems - Many different kinds: - Viruses - Adware/Spyware - Backdoors -

904 views • 30 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
Machine Detectable Network Behavioural Commonalities for Exploits & Malware University of

Machine Detectable Network Behavioural Commonalities for Exploits & Malware University of

Machine Detectable Network Behavioural Commonalities for Exploits & Malware University of Amsterdam Alexandros Stavroulakis MSc System & Network Engineering Research Project II What is this about? Automatic generation of malicious

248 views • 22 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
Malware Analysis Machine Learning Approach Chiheb Chebbi TEK-UP University DeepSec 14-17 Nov

Malware Analysis Machine Learning Approach Chiheb Chebbi TEK-UP University DeepSec 14-17 Nov

Malware Analysis Machine Learning Approach Chiheb Chebbi TEK-UP University DeepSec 14-17 Nov 2017 Vienna, Austria <whoami/> Computer science engineering student @TEK-UP Cyber security leadership program fellow @Kaspersky_Lab

626 views • 58 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
When Malware is Packin Heat; Limits of Machine Learning Classifiers Based on Static Analysis

When Malware is Packin Heat; Limits of Machine Learning Classifiers Based on Static Analysis

When Malware is Packin Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features Hojjat Aghakhani , Fabio Gri*, Francesco Mecca, Mar0na Lindorfer, Stefano Ortolani, Davide Balzaro*, Giovanni Vigna, Christopher Kruegel

1.01k views • 53 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

127 views • 11 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Obfuscated Financial Fraud Android Malware : Detection and Behavior Tracking In Seung, Yang

Obfuscated Financial Fraud Android Malware : Detection and Behavior Tracking In Seung, Yang

Obfuscated Financial Fraud Android Malware : Detection and Behavior Tracking In Seung, Yang (KrCERT/CC, KISA) DeepSEC IDSC 2016 Friday, 11 November 2016 Analysis Team at KrCERT/CC, KISA Mobile malware analyst In Seung, Yang Who am I

1.59k views • 72 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

119 views • 10 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
A Hands-On Introduction to Automatic Machine Learning Lars Kotthofg University of Wyoming

A Hands-On Introduction to Automatic Machine Learning Lars Kotthofg University of Wyoming

A Hands-On Introduction to Automatic Machine Learning Lars Kotthofg University of Wyoming larsko@uwyo.edu AutoML Workshop, 28 August 2018, Nanjing 1 Machine Learning Data Machine Learning Predictions 2 Automatic Machine Learning

744 views • 33 slides
StormDroid: A streaminglized Machine Learning-Based System for Detecting Android Malware Sen

StormDroid: A streaminglized Machine Learning-Based System for Detecting Android Malware Sen

StormDroid: A streaminglized Machine Learning-Based System for Detecting Android Malware Sen Chen, Minhui Xue, Zhushou Tang, Lihua Xu, Haojin Zhu Malware Detection in Android 1.6 million apps in Google Play Store in July 2015

441 views • 22 slides
MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me Malware RE @ Trusteer, IBM, Seculert binary analysis automation sandbox development Now in vEYE Security on software container

591 views • 48 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
APPLIED BEHAVIOR ANALYSIS Specialization Overview Agenda What is Applied Behavior Analysis

APPLIED BEHAVIOR ANALYSIS Specialization Overview Agenda What is Applied Behavior Analysis

APPLIED BEHAVIOR ANALYSIS Specialization Overview Agenda What is Applied Behavior Analysis (ABA)? What is the Behavior Analysis Certification Board (BACB)? Vanderbilt ABA specialization requirements What is Behavior Analysis?

220 views • 8 slides
Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev Stuxnet (2009) Organization Core a large .dll file 2 encrypted configuration files Dropper component Core in a stub section

703 views • 43 slides
T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide Balzarotti ACSAC, Orlando, Florida, 3-7 December 2012 Malware Analysis Scenario Analysis based on Sandboxes (API Hooking, Emulation)

798 views • 23 slides
Malware Analysis at AIRBUS Practical Considerations and Issues July, 12th 2017 Xavier

Malware Analysis at AIRBUS Practical Considerations and Issues July, 12th 2017 Xavier

Malware Analysis at AIRBUS Practical Considerations and Issues July, 12th 2017 Xavier Mehrenberger, Raphal Rigo, Sarah Zennou Plan Introduction Automated analysis Machine learning experiments 2 M. Mehrenberger, R. Rigo, S. Zennou ::

637 views • 12 slides

More recommend