Malware task identification: A data driven approach

Eric Nunes; Casey Buto; Paulo Shakarian; Christian Lebiere; Stefano Bennati; Robert Thomson; Holger Jaenisch

doi:10.1145/2808797.2808894

Malware task identification: A data driven approach

Eric Nunes, Casey Buto, Paulo Shakarian, Christian Lebiere, Stefano Bennati, Robert Thomson, Holger Jaenisch

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

Original language	English (US)
Title of host publication	Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
Editors	Jian Pei, Jie Tang, Fabrizio Silvestri
Publisher	Association for Computing Machinery, Inc
Pages	978-985
Number of pages	8
ISBN (Electronic)	9781450338547
DOIs	https://doi.org/10.1145/2808797.2808894
State	Published - Aug 25 2015
Event	IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 - Paris, France Duration: Aug 25 2015 → Aug 28 2015

Publication series

Name	Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

Other

Other	IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015
Country/Territory	France
City	Paris
Period	8/25/15 → 8/28/15

ASJC Scopus subject areas

Computer Science Applications
Computer Networks and Communications

Access to Document

10.1145/2808797.2808894

Cite this

Nunes, E., Buto, C., Shakarian, P., Lebiere, C., Bennati, S., Thomson, R., & Jaenisch, H. (2015). Malware task identification: A data driven approach. In J. Pei, J. Tang, & F. Silvestri (Eds.), Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 (pp. 978-985). (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015). Association for Computing Machinery, Inc. https://doi.org/10.1145/2808797.2808894

Malware task identification: A data driven approach. / Nunes, Eric; Buto, Casey; Shakarian, Paulo et al.
Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. ed. / Jian Pei; Jie Tang; Fabrizio Silvestri. Association for Computing Machinery, Inc, 2015. p. 978-985 (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nunes, E, Buto, C, Shakarian, P, Lebiere, C, Bennati, S, Thomson, R & Jaenisch, H 2015, Malware task identification: A data driven approach. in J Pei, J Tang & F Silvestri (eds), Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015, Association for Computing Machinery, Inc, pp. 978-985, IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015, Paris, France, 8/25/15. https://doi.org/10.1145/2808797.2808894

Nunes E, Buto C, Shakarian P, Lebiere C, Bennati S, Thomson R et al. Malware task identification: A data driven approach. In Pei J, Tang J, Silvestri F, editors, Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. Association for Computing Machinery, Inc. 2015. p. 978-985. (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015). doi: 10.1145/2808797.2808894

Nunes, Eric ; Buto, Casey ; Shakarian, Paulo et al. / Malware task identification : A data driven approach. Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015. editor / Jian Pei ; Jie Tang ; Fabrizio Silvestri. Association for Computing Machinery, Inc, 2015. pp. 978-985 (Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015).

@inproceedings{4c261ac3c4714f4ea53063652be27661,

title = "Malware task identification: A data driven approach",

abstract = "Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.",

author = "Eric Nunes and Casey Buto and Paulo Shakarian and Christian Lebiere and Stefano Bennati and Robert Thomson and Holger Jaenisch",

note = "Publisher Copyright: {\textcopyright} 2015 ACM.; IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015 ; Conference date: 25-08-2015 Through 28-08-2015",

year = "2015",

month = aug,

day = "25",

doi = "10.1145/2808797.2808894",

language = "English (US)",

series = "Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015",

publisher = "Association for Computing Machinery, Inc",

pages = "978--985",

editor = "Jian Pei and Jie Tang and Fabrizio Silvestri",

booktitle = "Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015",

}

TY - GEN

T1 - Malware task identification

T2 - IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

AU - Nunes, Eric

AU - Buto, Casey

AU - Shakarian, Paulo

AU - Lebiere, Christian

AU - Bennati, Stefano

AU - Thomson, Robert

AU - Jaenisch, Holger

PY - 2015/8/25

Y1 - 2015/8/25

N2 - Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

AB - Identifying the tasks a given piece of malware was designed to perform (e.g. logging keystrokes, recording video, establishing remote access, etc.) is a difficult and time-consuming operation that is largely human-driven in practice. In this paper, we present an automated method to identify malware tasks. Using two different malware collections, we explore various circumstances for each - including cases where the training data differs significantly from test; where the malware being evaluated employs packing to thwart analytical techniques; and conditions with sparse training data. We find that this approach consistently out-performs the current state-of-the art software for malware task identification as well as standard machine learning approaches - often achieving an unbiased F1 score of over 0.9. In the near future, we look to deploy our approach for use by analysts in an operational cyber-security environment.

UR - http://www.scopus.com/inward/record.url?scp=84962550108&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84962550108&partnerID=8YFLogxK

U2 - 10.1145/2808797.2808894

DO - 10.1145/2808797.2808894

M3 - Conference contribution

AN - SCOPUS:84962550108

T3 - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

SP - 978

EP - 985

BT - Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2015

A2 - Pei, Jian

A2 - Tang, Jie

A2 - Silvestri, Fabrizio

PB - Association for Computing Machinery, Inc

Y2 - 25 August 2015 through 28 August 2015

ER -

Malware task identification: A data driven approach

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this