A novel malware target recognition architecture for enhanced cyberspace situation awareness

Posted on:2012-06-23

Degree:Ph.D

Type:Dissertation

University:Air Force Institute of Technology

Candidate:Dube, Thomas E

Full Text:PDF

GTID:1458390008494422

Subject:Engineering

Abstract/Summary:

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool to steal company secrets or manipulate information is malware. Malware circumvents legitimate authentication mechanisms and is an epidemic problem for organizations of all types, including governments, militaries, sectors of critical infrastructure and businesses.;This research proposes, designs, implements and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features with standard machine learning algorithms. Recent published research in static heuristics focuses on detection using n-grams as features, which are computationally determined, short n-byte sequences that are resource intensive to compute and directly unintelligible to human operators. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively.;In comparison, MaTR outperforms leading n-gram methods with a statistically significant 1% improvement in detection accuracy against known malware and 85% and 94% reductions in false positive and false negative rates respectively. Against a set of publicly unknown malware, MaTR detection accuracy is 98.56%, a 3.8% engineering advantage over n-gram methods and a 65% performance improvement over the combined effectiveness of three commercial antivirus products (both statistically significant). MaTR identification of propagation methods and payloads are greater than 86% and 83% respectively, which is comparable to existing research, but relies on simpler features to collect allowing for efficient retraining and redeployment. Collectively, MaTR classifiers provide a significant improvement over existing technologies and enable operators to achieve higher levels of situation awareness in cyberspace.

Keywords/Search Tags:

Malware, Situation

Related items

1	Research On Key Technology Of Malware Detection
2	Research On Intelligent Network Security Situation Awareness Technology For Power Monitoring And Control System
3	Definition Of File Malware And Research And Implementation Of Defense Method
4	Algorithm Design Of Situation Assessment Oriented To Network Security Situation Assessment System
5	The Web Hung Horse Detection System Design And Implementation,
6	Construction And Implementation Of Information Extraction And Knowledge Graph Display System Of Malware
7	Android Malware Detection Based On Semantic Attributes
8	Malware Detection Based On Ontology
9	Android Malware Detection And Analysis Of Malware Behavior
10	The Security Situation Assessment Study Based On Atom Situation