Malware task identification: A data driven approach

Eric Nunes, Casey Buto, Paulo Shakarian, Christian Lebiere, Stefano Bennati, Robert Thomson, Holger Jaenisch

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
PublisherAssociation for Computing Machinery, Inc
Pages978-985
Number of pages8
ISBN (Print)9781450338547
DOIs
StatePublished - Aug 25 2015
EventIEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 - Paris, France
Duration: Aug 25 2015Aug 28 2015

Other

OtherIEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
CountryFrance
CityParis
Period8/25/158/28/15

Fingerprint

Video recording
Learning systems
Identification (control systems)
Malware

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications

Cite this

Nunes, E., Buto, C., Shakarian, P., Lebiere, C., Bennati, S., Thomson, R., & Jaenisch, H. (2015). Malware task identification: A data driven approach. In Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 (pp. 978-985). Association for Computing Machinery, Inc. https://doi.org/10.1145/2808797.2808894

Malware task identification : A data driven approach. / Nunes, Eric; Buto, Casey; Shakarian, Paulo; Lebiere, Christian; Bennati, Stefano; Thomson, Robert; Jaenisch, Holger.

Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Association for Computing Machinery, Inc, 2015. p. 978-985.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Nunes, E, Buto, C, Shakarian, P, Lebiere, C, Bennati, S, Thomson, R & Jaenisch, H 2015, Malware task identification: A data driven approach. in Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Association for Computing Machinery, Inc, pp. 978-985, IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015, Paris, France, 8/25/15. https://doi.org/10.1145/2808797.2808894
Nunes E, Buto C, Shakarian P, Lebiere C, Bennati S, Thomson R et al. Malware task identification: A data driven approach. In Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Association for Computing Machinery, Inc. 2015. p. 978-985 https://doi.org/10.1145/2808797.2808894
Nunes, Eric ; Buto, Casey ; Shakarian, Paulo ; Lebiere, Christian ; Bennati, Stefano ; Thomson, Robert ; Jaenisch, Holger. / Malware task identification : A data driven approach. Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Association for Computing Machinery, Inc, 2015. pp. 978-985
@inproceedings{4c261ac3c4714f4ea53063652be27661,
title = "Malware task identification: A data driven approach",
abstract = "Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.",
author = "Eric Nunes and Casey Buto and Paulo Shakarian and Christian Lebiere and Stefano Bennati and Robert Thomson and Holger Jaenisch",
year = "2015",
month = "8",
day = "25",
doi = "10.1145/2808797.2808894",
language = "English (US)",
isbn = "9781450338547",
pages = "978--985",
booktitle = "Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Malware task identification

T2 - A data driven approach

AU - Nunes, Eric

AU - Buto, Casey

AU - Shakarian, Paulo

AU - Lebiere, Christian

AU - Bennati, Stefano

AU - Thomson, Robert

AU - Jaenisch, Holger

PY - 2015/8/25

Y1 - 2015/8/25

N2 - Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

AB - Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

UR - http://www.scopus.com/inward/record.url?scp=84962550108&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962550108&partnerID=8YFLogxK

U2 - 10.1145/2808797.2808894

DO - 10.1145/2808797.2808894

M3 - Conference contribution

AN - SCOPUS:84962550108

SN - 9781450338547

SP - 978

EP - 985

BT - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

PB - Association for Computing Machinery, Inc

ER -