stealthML: Data-driven Malware for Stealthy Data Exfiltration

Abstract

The use of machine learning methods have been actively studied to detect and mitigate the consequences of malicious attacks. However, this sophisticated technology can become a threat when it falls into the wrong hands. This paper describes a new class of malware that employs machine learning to autonomously infer when and how to trigger an attack payload to maximize impact while minimizing attack traces. We designed, implemented, and demonstrated a smart malware that monitors the realtime network traffic flow of the victim system, analyzes the collected traffic data to forecast traffic and identify the most opportune time to trigger data extraction, and optimizes its strategy in planning the data exfiltration to minimize traces that might reveal the malware's presence.