CrowdSource:使用大众训练的机器学习模型从低级符号自动推断高级恶意软件功能

2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE) Pub Date : 2014-10-01 DOI:10.1109/MALWARE.2014.6999417

Joshua Saxe, R. Turner, K. Blokhin

{"title":"CrowdSource:使用大众训练的机器学习模型从低级符号自动推断高级恶意软件功能","authors":"Joshua Saxe, R. Turner, K. Blokhin","doi":"10.1109/MALWARE.2014.6999417","DOIUrl":null,"url":null,"abstract":"In this paper we introduce CrowdSource, a statistical natural language processing system designed to make rapid inferences about malware functionality based on printable character strings extracted from malware binaries. CrowdSource “learns” a mapping between low-level language and high-level software functionality by leveraging millions of web technical documents from StackExchange, a popular network of technical question and answer sites, using this mapping to infer malware capabilities. This paper describes our approach and provides an evaluation of its accuracy and performance, demonstrating that it can detect at least 14 high-level malware capabilities in unpacked malware binaries with an average per-capability f-score of 0.86 and at a rate of tens of thousands of binaries per day on commodity hardware.","PeriodicalId":151942,"journal":{"name":"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"CrowdSource: Automated inference of high level malware functionality from low-level symbols using a crowd trained machine learning model\",\"authors\":\"Joshua Saxe, R. Turner, K. Blokhin\",\"doi\":\"10.1109/MALWARE.2014.6999417\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we introduce CrowdSource, a statistical natural language processing system designed to make rapid inferences about malware functionality based on printable character strings extracted from malware binaries. CrowdSource “learns” a mapping between low-level language and high-level software functionality by leveraging millions of web technical documents from StackExchange, a popular network of technical question and answer sites, using this mapping to infer malware capabilities. This paper describes our approach and provides an evaluation of its accuracy and performance, demonstrating that it can detect at least 14 high-level malware capabilities in unpacked malware binaries with an average per-capability f-score of 0.86 and at a rate of tens of thousands of binaries per day on commodity hardware.\",\"PeriodicalId\":151942,\"journal\":{\"name\":\"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2014.6999417\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2014.6999417","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

在本文中，我们介绍了CrowdSource，一个统计自然语言处理系统，旨在根据从恶意软件二进制文件中提取的可打印字符串快速推断恶意软件的功能。CrowdSource通过利用来自StackExchange(一个流行的技术问答网站)的数百万网络技术文档，“学习”低级语言和高级软件功能之间的映射，并使用这种映射来推断恶意软件的能力。本文描述了我们的方法，并提供了对其准确性和性能的评估，证明它可以在未打包的恶意软件二进制文件中检测到至少14种高级恶意软件功能，平均每功能f分数为0.86，并且在商品硬件上以每天数万个二进制文件的速度检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CrowdSource: Automated inference of high level malware functionality from low-level symbols using a crowd trained machine learning model

In this paper we introduce CrowdSource, a statistical natural language processing system designed to make rapid inferences about malware functionality based on printable character strings extracted from malware binaries. CrowdSource “learns” a mapping between low-level language and high-level software functionality by leveraging millions of web technical documents from StackExchange, a popular network of technical question and answer sites, using this mapping to infer malware capabilities. This paper describes our approach and provides an evaluation of its accuracy and performance, demonstrating that it can detect at least 14 high-level malware capabilities in unpacked malware binaries with an average per-capability f-score of 0.86 and at a rate of tens of thousands of binaries per day on commodity hardware.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)

自引率

0.00%

发文量