SlideShare une entreprise Scribd logo

Malware Detection - A Machine Learning Perspective

Chong-Kuan Chen
Chong-Kuan Chen

Summary of some research papers about machine learning applied in malware detection

Ingénierie
1  sur  20
Télécharger pour lire hors ligne
Malware Detection - A Machine Learning Perspective C.K.Chen 2014.06.05
Outline • A Large Wave of Malware Is Coming • Is Machine Learning the Savior • You Can't Make Something out of Nothing • A Garbage In, Garbage Out Game? • Model, Model, It’s All About The Model • Every Evaluation in Every Paper is ‘Perfect’ • Democracy World in Machine Learning • WYSIWYG • Known Where Your Enemy Is
A Large Wave of Malware Is Coming • There are million malware created every year McAfee Labs Threat Report in Fourth Quarter 2013
Your Anti-Virus Will Not Tell You • Although the overall detection looks well
Attack Windows in AntiVirus Anti-Virus Lifecycle • Attack Windows Malware Life Cycle
Is Machine Learning the Savior • Problem is that • Signature generation is mutual work and time comsuming • Most malware is not brand new one, but modify or rewrite from old one • Automatic malware creation tool chain • Mutation Technique • May leave some clue for us • Machine learning shed a light to aromatic construct model and detect malware
How Machine Learning Work? • Training • Feature Extraction -> Learning Algorithms -> Generate Classfier • Testing • Feature Extraction -> Classifier -> Classifier Result
Catalogs of Machine Learning Approaches • Catalog by Representation/Feature Selection/Classification Algorithms
You Can't Make Something out of Nothing • Data Set is the first step for ML • No data, ML can do nothing • Where to collect samples • Web, Honet Pot, User Upload • Balanced vs. Imbalanced data
A Garbage In, Garbage Out Game • There are so many features can be choose • The quality of feature decide the precision of machine learning • Feature • Static / Dynamic / PE Structure • N-gram • Feature Selection is needed • ReliefF • Chi-squared • F-Statistics
Model, Model, It’s All About The Model • Most important part • You need to choose the model which can interpreter your data more closefitting • How to choose model Numerical Data  Classical Classifier (SVM) Catalog Data  Dummy Variable  Decision Tree Sequence Data  N-gram Algorithms  Bayes, Markov Chain
Every Evaluation in Every Paper is ‘Perfect’ • Unlike other research area, malware detection has no standard benchmark • Malware created every day • Privacy wealthy • Also no guideline for evaluation • Therefore, some researchers observe this problem and do a great survey • Provide some rule to rvaluate
Is Machine Learning the Savior • Machine learning can help us to recognize similar and variant malware • It can not identify brand new malware • Machine learning based detector need carefully training and long time for tuning
Democracy World in Machine Learning • There are many type of classifier • SVM, Decision Tree, Neural Network, …. • Voting to increasing precision
WYSIWYG
Known Where Your Enemy Is • In security field, bad guy always try to break your system • Causative game • Attacker poisons data • Defender trains ML on poisoned data • Exploratory game • Defender trains on clean data • Attacker evades learned classifier/detector
Reference 1. McAfee Labs Threat Report in Fourth Quarter 2013 2. http://www.fireeye.com/blog/corporate/2014/05/ghost-hunting-with-anti-virus.html 3. AV alone is not enough to protect PC from zero-day malware 4. AV Isn't Dead, It Just Can't Keep Up 5. AV comparatives, File Detection Test of Malicious Software, 2014 6. G. Yan, N. Brown, and D. Kong, “Exploring Discriminatory Features for Automated Malware Classification,” DIMVA, 2013. 7. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer, “Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey,” Inf. Secur. Tech. Rep., 2009. 8. C. Rossow, C. J. Dietrich, C. Grier, C. Kreibich, V. Paxson, N. Pohlmann, H. Bos, and M. Van Steen, “Prudent Practices for Designing Malware Experiments: Status Quo and Outlook,” IEEE S&P, 2012. 9. D. Kong and G. Yan, “Discriminant malware distance learning on structural information for automated malware classification,” Proc. 19th ACM SIGKDD KDD ’13, 2013.

Recommandé

Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
Shubham Dubey
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
Japneet Singh
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Fast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approachFast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approach
Yury Leonychev
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
Kaspersky
 

Recommandé

Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
Shubham Dubey
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
Japneet Singh
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Fast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approachFast detection of Android malware: machine learning approach
Fast detection of Android malware: machine learning approach
Yury Leonychev
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
Kaspersky
 
Malware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxMalware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptx
Alamgir Hossain
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
intertelinvestigations
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber Security
Rishi Kant
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
Akash Karwande
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
karanwayne
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptx
nishanth kurush
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
Touhami Kasbaoui
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
قصي نسور
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
malware analysis
malware analysismalware analysis
malware analysis
20CS201AkashR
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti
 
CYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdf
CYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdfCYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdf
CYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdf
KumbidiGaming
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
balakumaran779
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
EndgameInc
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptx
Aditya Deshmukh
 

Contenu connexe

Tendances

Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
Chong-Kuan Chen
 

Tendances (20)

Malware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptxMalware Detection Approaches using Data Mining Techniques.pptx
Malware Detection Approaches using Data Mining Techniques.pptx
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber Security
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Metasploit
MetasploitMetasploit
Metasploit
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptx
 
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence MoroccoMalware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
 
Port scanning
Port scanningPort scanning
Port scanning
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Buffer overflow
Buffer overflowBuffer overflow
Buffer overflow
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
malware analysis
malware analysismalware analysis
malware analysis
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
 
CYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdf
CYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdfCYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdf
CYBERBULLYING DETECTION USING MACHINE LEARNING-1 (1).pdf
 
Open source intelligence
Open source intelligenceOpen source intelligence
Open source intelligence
 

En vedette

Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and Detection
Grijesh Chauhan
 
Malware detection software using a support vector machine as a classifier
Malware detection software using a support vector machine as a classifierMalware detection software using a support vector machine as a classifier
Malware detection software using a support vector machine as a classifier
Nicole Bili?
 
Classification of Malware based on Data Mining Approach
Classification of Malware based on Data Mining ApproachClassification of Malware based on Data Mining Approach
Classification of Malware based on Data Mining Approach
ijsrd.com
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...
Priyanka Aash
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Marco Balduzzi
 

En vedette (20)

Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptx
 
Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and Detection
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
 
Malware detection software using a support vector machine as a classifier
Malware detection software using a support vector machine as a classifierMalware detection software using a support vector machine as a classifier
Malware detection software using a support vector machine as a classifier
 
Ensembled Based Categorization and Adaptive Learning Model for Malware Detection
Ensembled Based Categorization and Adaptive Learning Model for Malware DetectionEnsembled Based Categorization and Adaptive Learning Model for Malware Detection
Ensembled Based Categorization and Adaptive Learning Model for Malware Detection
 
Data Science Driven Malware Detection
Data Science Driven Malware DetectionData Science Driven Malware Detection
Data Science Driven Malware Detection
 
광명프로그래머 3주차-학습이란 무었인가
광명프로그래머 3주차-학습이란 무었인가광명프로그래머 3주차-학습이란 무었인가
광명프로그래머 3주차-학습이란 무었인가
 
Markov Model for TMR System with Repair
Markov Model for TMR System with RepairMarkov Model for TMR System with Repair
Markov Model for TMR System with Repair
 
An Introduction to Malware Classification
An Introduction to Malware ClassificationAn Introduction to Malware Classification
An Introduction to Malware Classification
 
Facial recognition
Facial recognitionFacial recognition
Facial recognition
 
Classification of Malware based on Data Mining Approach
Classification of Malware based on Data Mining ApproachClassification of Malware based on Data Mining Approach
Classification of Malware based on Data Mining Approach
 
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
 
Clustering on database systems rkm
Clustering on database systems rkmClustering on database systems rkm
Clustering on database systems rkm
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...
 
Malicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine LearningMalicious Url Detection Using Machine Learning
Malicious Url Detection Using Machine Learning
 
Codemotion 2012 - Da web a mobile... senza spargimento di sangue
Codemotion 2012 - Da web a mobile... senza spargimento di sangueCodemotion 2012 - Da web a mobile... senza spargimento di sangue
Codemotion 2012 - Da web a mobile... senza spargimento di sangue
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
 
Malware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual MachinesMalware Analysis and Defeating using Virtual Machines
Malware Analysis and Defeating using Virtual Machines
 

Similaire à Malware Detection - A Machine Learning Perspective

Design and Development of an Efficient Malware Detection Using ML
Design and Development of an Efficient Malware Detection Using MLDesign and Development of an Efficient Malware Detection Using ML
Design and Development of an Efficient Malware Detection Using ML
Siva krishnam raju Patsamatla
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stack
Minhaz A V
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
Security Innovation
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
Evade and bypass AV with MSF
Evade and bypass AV with MSFEvade and bypass AV with MSF
Evade and bypass AV with MSF
Abdul Adil
 
Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.
nooralmousa
 

Similaire à Malware Detection - A Machine Learning Perspective (20)

Design and Development of an Efficient Malware Detection Using ML
Design and Development of an Efficient Malware Detection Using MLDesign and Development of an Efficient Malware Detection Using ML
Design and Development of an Efficient Malware Detection Using ML
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stack
 
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a BudgetCISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
CISSA Lightning Talk - Building a Malware Analysis Lab on a Budget
 
How to Get the Most Out of Security Tools
How to Get the Most Out of Security ToolsHow to Get the Most Out of Security Tools
How to Get the Most Out of Security Tools
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av software
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
savi technical ppt.pptx
savi technical ppt.pptxsavi technical ppt.pptx
savi technical ppt.pptx
 
Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016Is av dead or just missing in action - avar2016
Is av dead or just missing in action - avar2016
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
 
Machine_Learning
Machine_LearningMachine_Learning
Machine_Learning
 
Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action Is Antivirus (AV) Dead or Just Missing in Action
Is Antivirus (AV) Dead or Just Missing in Action
 
Evade and bypass AV with MSF
Evade and bypass AV with MSFEvade and bypass AV with MSF
Evade and bypass AV with MSF
 
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya JancaDevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
DevSecCon Singapore 2018 - Pushing left like a boss by Tanya Janca
 
Machine Learning ppt.pptx
Machine Learning ppt.pptxMachine Learning ppt.pptx
Machine Learning ppt.pptx
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
PyTriage: A malware analysis framework
PyTriage: A malware analysis frameworkPyTriage: A malware analysis framework
PyTriage: A malware analysis framework
 
Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.
 

Plus de Chong-Kuan Chen

Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
Chong-Kuan Chen
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 

Plus de Chong-Kuan Chen (16)

Cgc2
Cgc2Cgc2
Cgc2
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
Oram And Secure Computation
Oram And Secure ComputationOram And Secure Computation
Oram And Secure Computation
 
Mem forensic
Mem forensicMem forensic
Mem forensic
 
Addios!
Addios!Addios!
Addios!
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
Automatic tool for static analysis
Automatic tool for static analysisAutomatic tool for static analysis
Automatic tool for static analysis
 
Intro. to static analysis
Intro. to static analysisIntro. to static analysis
Intro. to static analysis
 
Android Application Security
Android Application SecurityAndroid Application Security
Android Application Security
 
Android system security
Android system securityAndroid system security
Android system security
 
HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享HITCON CTF 2014 BambooFox 解題心得分享
HITCON CTF 2014 BambooFox 解題心得分享
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
Become A Security Master
Become A Security MasterBecome A Security Master
Become A Security Master
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
2012 S&P Paper Reading Session1
2012 S&P Paper Reading Session12012 S&P Paper Reading Session1
2012 S&P Paper Reading Session1
 

Dernier

Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
Health
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 

Dernier (20)

Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdf
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Air Compressor reciprocating single stage
Air Compressor reciprocating single stageAir Compressor reciprocating single stage
Air Compressor reciprocating single stage
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
+97470301568>> buy weed in qatar,buy thc oil qatar,buy weed and vape oil in d...
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 

Malware Detection - A Machine Learning Perspective

  • 1. Malware Detection - A Machine Learning Perspective C.K.Chen 2014.06.05
  • 2. Outline • A Large Wave of Malware Is Coming • Is Machine Learning the Savior • You Can't Make Something out of Nothing • A Garbage In, Garbage Out Game? • Model, Model, It’s All About The Model • Every Evaluation in Every Paper is ‘Perfect’ • Democracy World in Machine Learning • WYSIWYG • Known Where Your Enemy Is
  • 3. A Large Wave of Malware Is Coming • There are million malware created every year McAfee Labs Threat Report in Fourth Quarter 2013
  • 4. Your Anti-Virus Will Not Tell You • Although the overall detection looks well
  • 5. Attack Windows in AntiVirus Anti-Virus Lifecycle • Attack Windows Malware Life Cycle
  • 6. Is Machine Learning the Savior • Problem is that • Signature generation is mutual work and time comsuming • Most malware is not brand new one, but modify or rewrite from old one • Automatic malware creation tool chain • Mutation Technique • May leave some clue for us • Machine learning shed a light to aromatic construct model and detect malware
  • 7. How Machine Learning Work? • Training • Feature Extraction -> Learning Algorithms -> Generate Classfier • Testing • Feature Extraction -> Classifier -> Classifier Result
  • 8. Catalogs of Machine Learning Approaches • Catalog by Representation/Feature Selection/Classification Algorithms
  • 9. You Can't Make Something out of Nothing • Data Set is the first step for ML • No data, ML can do nothing • Where to collect samples • Web, Honet Pot, User Upload • Balanced vs. Imbalanced data
  • 10. A Garbage In, Garbage Out Game • There are so many features can be choose • The quality of feature decide the precision of machine learning • Feature • Static / Dynamic / PE Structure • N-gram • Feature Selection is needed • ReliefF • Chi-squared • F-Statistics
  • 11.
  • 12. Model, Model, It’s All About The Model • Most important part • You need to choose the model which can interpreter your data more closefitting • How to choose model Numerical Data  Classical Classifier (SVM) Catalog Data  Dummy Variable  Decision Tree Sequence Data  N-gram Algorithms  Bayes, Markov Chain
  • 13. Every Evaluation in Every Paper is ‘Perfect’ • Unlike other research area, malware detection has no standard benchmark • Malware created every day • Privacy wealthy • Also no guideline for evaluation • Therefore, some researchers observe this problem and do a great survey • Provide some rule to rvaluate
  • 14.
  • 15.
  • 16. Is Machine Learning the Savior • Machine learning can help us to recognize similar and variant malware • It can not identify brand new malware • Machine learning based detector need carefully training and long time for tuning
  • 17. Democracy World in Machine Learning • There are many type of classifier • SVM, Decision Tree, Neural Network, …. • Voting to increasing precision
  • 19. Known Where Your Enemy Is • In security field, bad guy always try to break your system • Causative game • Attacker poisons data • Defender trains ML on poisoned data • Exploratory game • Defender trains on clean data • Attacker evades learned classifier/detector
  • 20. Reference 1. McAfee Labs Threat Report in Fourth Quarter 2013 2. http://www.fireeye.com/blog/corporate/2014/05/ghost-hunting-with-anti-virus.html 3. AV alone is not enough to protect PC from zero-day malware 4. AV Isn't Dead, It Just Can't Keep Up 5. AV comparatives, File Detection Test of Malicious Software, 2014 6. G. Yan, N. Brown, and D. Kong, “Exploring Discriminatory Features for Automated Malware Classification,” DIMVA, 2013. 7. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer, “Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey,” Inf. Secur. Tech. Rep., 2009. 8. C. Rossow, C. J. Dietrich, C. Grier, C. Kreibich, V. Paxson, N. Pohlmann, H. Bos, and M. Van Steen, “Prudent Practices for Designing Malware Experiments: Status Quo and Outlook,” IEEE S&P, 2012. 9. D. Kong and G. Yan, “Discriminant malware distance learning on structural information for automated malware classification,” Proc. 19th ACM SIGKDD KDD ’13, 2013.