Data Driven Malware Task Identification

Malicious software, or malware, is a type of coded program designed to damage/hack computer systems. Often, malware disables a users computer control, consequently leaving a users sensitive information vulnerable. Even though various types of firewall, anti-virus, and network security software all serve as layers of defense, they only define a malwares binary features (attributes) such as, referencing/not referencing a set of data, starting/stopping a process, etc. However, identifying the higher-level purpose (tasks) malware may perform (e.g. logging key strokes, taking a screenshot, establishing remote access, etc.) requires trained analysts. With malware programmers making more complex and resistive codes, computer scientists look to improve malware task identification by shifting toward a more automated method. Researchers at ASU have developed an automated way of identifying malware tasks by combining dynamic malware analysis with cognitive modeling. Scientists dubbed this method, Adaptive Control of ThoughtRational (ACT-R), due to the human-based, cognitive modeling method. The system compares a given malwares traits to existing malware families in a database. For any families the malware could belong to, the system assigns a probability and returns a set of predicted tasks the malware will perform. Any new malware traits remain in the system for future comparison. The systems human-based functionality can apply various traits from different malware families to characterize new, unknown malware. The cognitive, dynamic analysis approach effectively models an analysts decision-making ability, easily adapts to unknown malware, and ultimately prevents computer system hacking and damage. Potential Applications Network and computer security Computer software Data mining and storage Benefits and Advantages Lower Cost utilizes an iterative, computerized approach that reduces both the cost of computational algorithm and the need for human interaction Faster the system stores data in a knowledge base for future comparison, leading to an increased processing speed Effective ACT-R identified malware more accurately compared to a leading malware-detection program Proactive and Preventive the methods growing reference database allows it to characterize unknown malware types and prevent computer system damage/hacking Download Original PDF For more information about the inventor(s) and their research, please see: Dr. Paulo Shakarian's directory webpage