sigmal a static signal processing based malware triage
play

SigMal: A Static Signal Processing Based Malware Triage Dhilung - PowerPoint PPT Presentation

SigMal: A Static Signal Processing Based Malware Triage Dhilung Kirat Lakshmanan Nataraj Giovanni Vigna B.S Manjunath Ezeanaka Kingsley CISC850 Cyber Analytics CISC850 Cyber Analytics Abstract Sigmal as a malware detection framework -


  1. SigMal: A Static Signal Processing Based Malware Triage Dhilung Kirat Lakshmanan Nataraj Giovanni Vigna B.S Manjunath Ezeanaka Kingsley CISC850 Cyber Analytics

  2. CISC850 Cyber Analytics Abstract Sigmal as a malware detection framework - Results of testing Sigmal on samples -

  3. CISC850 Cyber Analytics Introduction ● Static, dynamic and statistical analyses ● Malwares variants ● N-gram feature extraction

  4. CISC850 Cyber Analytics

  5. CISC850 Cyber Analytics Signal processing based features • Feature extraction, Feature computation Section aware feature extraction

  6. CISC850 Cyber Analytics

  7. CISC850 Cyber Analytics Comparison • N-gram based detection • PE structure based detection • Control flow graph-based detection

  8. CISC850 Cyber Analytics • Benign, Malicious and real world datasets collected

  9. CISC850 Cyber Analytics Evaluation Fig 5: Feature robustness against noise.

  10. CISC850 Cyber Analytics Fig. 6 : Nearest neighbor distribution for a 100 thousand samples

  11. CISC850 Cyber Analytics Fig. 7 : Comparison of malware detection algorithms

  12. CISC850 Cyber Analytics Fig. 8 : Query performance comparison.

  13. CISC850 Cyber Analytics Real world experiments

  14. CISC850 Cyber Analytics Results: Fig. 10: Precision and recall of the Sigmal detection on the real world samples.

  15. CISC850 Cyber Analytics

  16. CISC850 Cyber Analytics Limitations and Related Work: • Signal Processing • Static malware similarity

  17. CISC850 Cyber Analytics Conclusion: • Sigmal detection framework. • Heuristics based features • High precision capability.

Recommend


More recommend