Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
automatic analysis of malware behavior using machine

Automatic Analysis of Malware Behavior using Machine Learning - PowerPoint PPT Presentation

Oct 13, 2022 •200 likes •452 views

Automatic Analysis of Malware Behavior using Machine Learning Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz Peng Su CISC850 Cyber Analytics CISC850 Cyber Analytics Automatic Analysis of Malware Behavior Malware threaten

  1. Automatic Analysis of Malware Behavior using Machine Learning Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz Peng Su CISC850 Cyber Analytics

  2. CISC850 Cyber Analytics Automatic Analysis of Malware Behavior • Malware threaten the Internet • Dynamic VS Static • binary packers, encryption, or self-modifying code, to obstruct analysis. • behavior of malicious software during run-time.

  3. CISC850 Cyber Analytics Automatic Analysis of Malware Behavior

  4. CISC850 Cyber Analytics Monitoring of Malware Behavior • Malware Sandboxes --CWSandbox • Malware Instruction Set

  5. CISC850 Cyber Analytics Malware Instruction Set • MIST instruction keep the stable and discriminative patterns such as directory and mutex name at the beginning.

  6. CISC850 Cyber Analytics Embedding of Malware Behavior • Embedding using Instruction Q-grams • Comparing Embedding reports

  7. CISC850 Cyber Analytics Embedding using Instruction Q-grams • For example, if report x=‘1|A 2|A 1|A 2|A’, A={1|A, 2|A }, the q for q-grams is 2.

  8. CISC850 Cyber Analytics Embedding using Instruction Q-grams • Normalization • Redundancy of behavior, considered alphabet, length of reports

  9. CISC850 Cyber Analytics Comparing Embedding reports • Euclidean distance

  10. CISC850 Cyber Analytics Clustering and Classification • Prototypes->Clustering-> Classification

  11. CISC850 Cyber Analytics Prototype Extraction

  12. CISC850 Cyber Analytics Clustering using Prototypes

  13. CISC850 Cyber Analytics Classification using Prototypes

  14. CISC850 Cyber Analytics Incremental Analysis

  15. CISC850 Cyber Analytics Experiments & Application • Evaluation Data • Three parameters to decide • Evaluation of Components • How to select the best parameters d p , d c , d r

  16. CISC850 Cyber Analytics Evaluation Data • A reference data set • Evaluate and calibrate the framework • An application data set • See the performance on unknown malwares

  17. CISC850 Cyber Analytics Reference Data Set

  18. CISC850 Cyber Analytics Application Data Set

  19. CISC850 Cyber Analytics Evaluation of Components • Precision and recall

  20. Evaluation of Components • F-measure

  21. CISC850 Cyber Analytics Evaluation of Components--d p

  22. CISC850 Cyber Analytics Evaluation of Components--d c

  23. CISC850 Cyber Analytics Evaluation of Components--d r

  24. CISC850 Cyber Analytics Comparative Evaluation with State-of- the-Art

  25. CISC850 Cyber Analytics An Application Scenario

Recommend

Malware Obfuscation Techniques: Packing November 18, 2014 Malware and packing Not packed (20%)

Malware Obfuscation Techniques: Packing November 18, 2014 Malware and packing Not packed (20%)

Malware Obfuscation Techniques: Packing November 18, 2014 Malware and packing Not packed (20%) 80% of new malware are packed with various packers Malware Obfuscation Techniques: Packing 2 Malware and packing Not packed (20%) 80%

991 views • 51 slides
Linux malware presentation @r00tbsd Paul Rascagnres Malware.lu July 2013 @r00tbsd

Linux malware presentation @r00tbsd Paul Rascagnres Malware.lu July 2013 @r00tbsd

Linux malware presentation Linux malware presentation @r00tbsd Paul Rascagnres Malware.lu July 2013 @r00tbsd Paul Rascagnres from Malware.lu Linux malware presentation Plan - Presentation - Darkleech/Chapro - Cdorked - Wirenet

430 views • 31 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

401 views • 27 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

511 views • 27 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

826 views • 44 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

548 views • 42 slides
On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware Detection The number of new malware exceeds 75 million by the end of 2011, and is still increasing. The number of malware that produced

1.34k views • 91 slides
Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware

DeepSec IDSC Android Malware Adventures Mert Can Cokuner Krat Ouzhan Aknc Android Malware Adventures Agenda INTRODUCTION ANDROID MALWARE COMMAND & CONTROL QUESTIONS & ANSWERS 2 1 2 3 4 Android Malware

1.01k views • 64 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

574 views • 22 slides
FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for

FIGHTING MALWARE WITH MACHINE LEARNING Edward Raff Jared Sylvester Mark McLean Need ML for Malware Amount of malware is growing exponentially Anti-virus and signature based approaches are reactionary, dont work for novel malware

128 views • 11 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.29k views • 28 slides
Research: Threat Intelligence & Malware Infrastructures Andrea Lanzi: andrea.lanzi@unimi.it

Research: Threat Intelligence & Malware Infrastructures Andrea Lanzi: andrea.lanzi@unimi.it

Malware Analysis Research: Threat Intelligence & Malware Infrastructures Andrea Lanzi: andrea.lanzi@unimi.it May, 3 2017 Andrea Lanzi: andrea.lanzi@unimi.it Malware Analysis Malware Analysis Malicious Infrastruture Who am I? My

384 views • 18 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

124 views • 10 slides
Automatic Verification of Automatic Verification of Automatic Verification of Automatic

Automatic Verification of Automatic Verification of Automatic Verification of Automatic

Automatic Verification of Automatic Verification of Automatic Verification of Automatic Verification of Competitive Stochastic Systems Competitive Stochastic Systems Competitive Stochastic Systems Competitive Stochastic Systems Marta

506 views • 29 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

498 views • 48 slides
Behavior Disorders are Learned Assumptions: People learn to engage in problem behaviors

Behavior Disorders are Learned Assumptions: People learn to engage in problem behaviors

Raymond G. Miltenberger USF ABA Master s Program Trial-based Functional Analysis Sarah E. Bloom, PhD, BCBA-D Behavior Disorders are Learned Assumptions: People learn to engage in problem behaviors when they experience the

359 views • 16 slides
ABCs of Challenging Behavior Management Cathy Judkins, M.Ed., BCBA, LBA Mission & Values

ABCs of Challenging Behavior Management Cathy Judkins, M.Ed., BCBA, LBA Mission & Values

ABCs of Challenging Behavior Management Cathy Judkins, M.Ed., BCBA, LBA Mission & Values Changing Lives. One Child at a time. One professional at a time. Presenter Info, Background, Experience Began working in the field of autism and

549 views • 35 slides
Functional Behavior Assessment: The beginning of a Function-Based Behavioral Approach to

Functional Behavior Assessment: The beginning of a Function-Based Behavioral Approach to

Functional Behavior Assessment: The beginning of a Function-Based Behavioral Approach to Eliminating Restraint and Seclusion Objectives 1. Understand what FUNCTION means 2. Understand the purpose of an FBA and What it is 3. Understand General

467 views • 45 slides
Reinforcement in Shaping Speech David C. Palmer Smith College National Autism Conference Penn

Reinforcement in Shaping Speech David C. Palmer Smith College National Autism Conference Penn

The Role of Automatic Reinforcement in Shaping Speech David C. Palmer Smith College National Autism Conference Penn State 2018 1 Overview Language acquisition; nature of the problem: Neither genes nor environment seems to be adequate

1.12k views • 82 slides
TESTING FRAMEWORKS Gayatri Ghanakota OUTLINE Introduction to Software Test Automation.

TESTING FRAMEWORKS Gayatri Ghanakota OUTLINE Introduction to Software Test Automation.

TESTING FRAMEWORKS Gayatri Ghanakota OUTLINE Introduction to Software Test Automation. What is Test Automation. Where does Test Automation fit in the software life cycle. Why do we need test automation. Test Automation using

688 views • 37 slides
Automatic Scenario Generation for Testing and Training Self-driving Cars Adrien Treuille Zoox /

Automatic Scenario Generation for Testing and Training Self-driving Cars Adrien Treuille Zoox /

Automatic Scenario Generation for Testing and Training Self-driving Cars Adrien Treuille Zoox / Carnegie Mellon Take 1: Scenario Description Format Design Constraints Drive all simulation modules. Confidential 17 Design Constraints

537 views • 39 slides
Partnering with Joint and Operations Analysis Division 1 UNCLASSIFIED Joint and Operations

Partnering with Joint and Operations Analysis Division 1 UNCLASSIFIED Joint and Operations

UNCLASSIFIED Partnering with Joint and Operations Analysis Division 1 UNCLASSIFIED Joint and Operations Analysis Division undertakes rigorous scientifically-based analysis of Defence operations and capability 2 UNCLASSIFIED Major

463 views • 29 slides
Physician involvement in support of ECI Requested Perspective from the Pediatrician Member of the

Physician involvement in support of ECI Requested Perspective from the Pediatrician Member of the

Physician involvement in support of ECI Requested Perspective from the Pediatrician Member of the Advisory Committee The Texas Part C ICC ECI Advisory Committee April, 4, 2018 Commonality of Core Components IDEA Part C AAP Medical Home

334 views • 29 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.