发布求助
文献互助 智能选刊 最新文献

2014 Second Workshop on Anti-malware Testing Research (WATeR)最新文献

筛选
英文 中文
Building a machine learning classifier for malware detection 构建用于恶意软件检测的机器学习分类器
2014 Second Workshop on Anti-malware Testing Research (WATeR) Pub Date : 2014-10-01 DOI: 10.1109/WATER.2014.7015757
Zane Markel, Michael Bilzor
{"title":"Building a machine learning classifier for malware detection","authors":"Zane Markel, Michael Bilzor","doi":"10.1109/WATER.2014.7015757","DOIUrl":"https://doi.org/10.1109/WATER.2014.7015757","url":null,"abstract":"Current signature-based antivirus software is ineffective against many modern malicious software threats. Machine learning methods can be used to create more effective antimalware software, capable of detecting even zero-day attacks. Some studies have investigated the plausibility of applying machine learning to malware detection, primarily using features from n-grams of an executables file's byte code. We propose an approach that primarily learns from metadata, mostly contained in the headers of executable files, specifically the Windows Portable Executable 32-bit (PE32) file format. Our experiments indicate that executable file metadata is highly discriminative between malware and benign software. We also employ various machine learning methods, finding that Decision Tree classifiers outperform Logistic Regression and Naive Bayes in this setting. We analyze various features of the PE32 header and identify those most suitable for machine learning classifiers. Finally, we evaluate changes in classifier performance when the malware prevalence (fraction of malware versus benign software) is varied.","PeriodicalId":430865,"journal":{"name":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114800128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
The malware author testing challenge 恶意软件作者测试挑战
2014 Second Workshop on Anti-malware Testing Research (WATeR) Pub Date : 2014-10-01 DOI: 10.1109/WATER.2014.7015755
Tarun Moni, Sameer Salahudeen, Anil Somayaji
{"title":"The malware author testing challenge","authors":"Tarun Moni, Sameer Salahudeen, Anil Somayaji","doi":"10.1109/WATER.2014.7015755","DOIUrl":"https://doi.org/10.1109/WATER.2014.7015755","url":null,"abstract":"Attackers regularly evaluate anti-malware software to see whether or not their malware will be detected. This attacker-driven anti-malware testing is something defenders would ideally want to limit. Given that anti-malware products must be widely distributed to be commercially viable, it is not feasible to prevent attackers from running them. Here we examine whether it may be possible to instead limit the effectiveness of attacker tests. Specifically, we present a game-theoretic model of anti-malware testing where detection timeliness and coverage are parameters that can be adjusted by anti-malware providers. The less coverage and the slower the response, the harder it is for attackers to determine whether their malware will be detected-and the less protection the software provides to hosts running the anti-malware software. While our results are preliminary, they suggest that it is clearly non-optimal for anti-malware vendors to simply maximize coverage and detection time. As we explain, this result has significant implications for product design and (non-malicious) anti-malware testing methodologies.","PeriodicalId":430865,"journal":{"name":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127669378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Performance testing framework: Evaluating the impact on the system speed 性能测试框架:评估对系统速度的影响
2014 Second Workshop on Anti-malware Testing Research (WATeR) Pub Date : 2014-10-01 DOI: 10.1109/WATER.2014.7015753
Paul Bot, Cristina Vatamanu, Dragos Gavrilut, Razvan Benchea
{"title":"Performance testing framework: Evaluating the impact on the system speed","authors":"Paul Bot, Cristina Vatamanu, Dragos Gavrilut, Razvan Benchea","doi":"10.1109/WATER.2014.7015753","DOIUrl":"https://doi.org/10.1109/WATER.2014.7015753","url":null,"abstract":"The world we live in now is defined by the word “speed” and any device, technology, or system that doesn't keep up is rejected or replaced immediately. Because of this, one of the biggest concerns today is “optimization”. Its purpose is to reduce the impact on the user's device. The Anti-Virus industry is also confronting with this challenge. Although the first concern is to keep the user safe, providing a flawless protection, it is crucial to reduce the impact brought on the user's system, preventing him to disable or uninstall the AV solution and thus remaining unprotected. The increased number of malware types/families as well as their complexity generated the need for complicated detection methods, which means a constant evaluation is needed. Because of these reasons, our antimalware laboratory has developed a generic framework for measuring the impact that the AV solutions have on the system they are installed on. This system was designed to be easily configurable, managing the big number of changes that occur every day and fast so that every update released to the users can be tested. Also, this framework is used to test and develop new technologies that improve the performance of our AV product.","PeriodicalId":430865,"journal":{"name":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127015844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A significant improvement for anti-malware tests 反恶意软件测试的重大改进
2014 Second Workshop on Anti-malware Testing Research (WATeR) Pub Date : 2014-10-01 DOI: 10.1109/WATER.2014.7015754
R. Ford, M. Carvalho
{"title":"A significant improvement for anti-malware tests","authors":"R. Ford, M. Carvalho","doi":"10.1109/WATER.2014.7015754","DOIUrl":"https://doi.org/10.1109/WATER.2014.7015754","url":null,"abstract":"Despite ongoing improvements in the quality of antimalware tests, the way in which test results are handled often shows a low level of sophistication. In this paper, we introduce the simple concept of confidence intervals and statistical significance to these tests, and show that many of the “best practice” approaches common in other fields are lacking in the security-software testing industry. Further, we argue that the lack of these techniques harms the industry as a whole, and provide a road map for broader adoption of well-known statistical techniques for estimating the confidence interval on measurements.","PeriodicalId":430865,"journal":{"name":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","volume":"131 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122763831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Breach detection system testing methodology 漏洞检测系统测试方法
2014 Second Workshop on Anti-malware Testing Research (WATeR) Pub Date : 2014-10-01 DOI: 10.1109/WATER.2014.7015756
Z. Balázs, Sveta Miladinov, Chris Pickard
{"title":"Breach detection system testing methodology","authors":"Z. Balázs, Sveta Miladinov, Chris Pickard","doi":"10.1109/WATER.2014.7015756","DOIUrl":"https://doi.org/10.1109/WATER.2014.7015756","url":null,"abstract":"Traditional antivirus systems, firewalls, intrusion detection or prevention systems, mail and web proxies have been bypassed by determined attackers for a long time. In order to fight these new threats, vendors started to develop new systems, called breach detection systems. Because the end-goal of these systems is detection, those can be considered as next generation intrusion detection systems. In order to measure the effectiveness of these breach detection systems, we propose a new type of test methodology. Our approach is based on that advanced attackers who can bypass the existing layers of security have the time, skill and resources to create unknown malware, with advanced bypass capabilities. We will evaluate a hybrid approach, where the IP / domain of the attacker C&C server is simulated in one case, and real in another case. Our approach uses only RAT (Remote Admin Tools / Remote Access Trojans) functionality, using both in-the-wild and custom developed RAT.","PeriodicalId":430865,"journal":{"name":"2014 Second Workshop on Anti-malware Testing Research (WATeR)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123310583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信