TY - GEN
T1 - Machine learning for attack vector identification in malicious source code
AU - Benjamin, Victor A.
AU - Chen, Hsinchun
PY - 2013
Y1 - 2013
N2 - As computers and information technologies become ubiquitous throughout society, the security of our networks and information technologies is a growing concern. As a result, many researchers have become interested in the security domain. Among them, there is growing interest in observing hacker communities for early detection of developing security threats and trends. Research in this area has often reported hackers openly sharing cybercriminal assets and knowledge with one another. In particular, the sharing of raw malware source code files has been documented in past work. Unfortunately, malware code documentation appears often times to be missing, incomplete, or written in a language foreign to researchers. Thus, analysis of such source files embedded within hacker communities has been limited. Here we utilize a subset of popular machine learning methodologies for the automated analysis of malware source code files. Specifically, we explore genetic algorithms to resolve questions related to feature selection within the context of malware analysis. Next, we utilize two common classification algorithms to test selected features for identification of malware attack vectors. Results suggest promising direction in utilizing such techniques to help with the automated analysis of malware source code.
AB - As computers and information technologies become ubiquitous throughout society, the security of our networks and information technologies is a growing concern. As a result, many researchers have become interested in the security domain. Among them, there is growing interest in observing hacker communities for early detection of developing security threats and trends. Research in this area has often reported hackers openly sharing cybercriminal assets and knowledge with one another. In particular, the sharing of raw malware source code files has been documented in past work. Unfortunately, malware code documentation appears often times to be missing, incomplete, or written in a language foreign to researchers. Thus, analysis of such source files embedded within hacker communities has been limited. Here we utilize a subset of popular machine learning methodologies for the automated analysis of malware source code files. Specifically, we explore genetic algorithms to resolve questions related to feature selection within the context of malware analysis. Next, we utilize two common classification algorithms to test selected features for identification of malware attack vectors. Results suggest promising direction in utilizing such techniques to help with the automated analysis of malware source code.
KW - Cyber security
KW - Malware analysis
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=84883413892&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883413892&partnerID=8YFLogxK
U2 - 10.1109/ISI.2013.6578779
DO - 10.1109/ISI.2013.6578779
M3 - Conference contribution
AN - SCOPUS:84883413892
SN - 9781467362115
T3 - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics: Big Data, Emergent Threats, and Decision-Making in Security Informatics
SP - 21
EP - 23
BT - IEEE ISI 2013 - 2013 IEEE International Conference on Intelligence and Security Informatics
T2 - 11th IEEE International Conference on Intelligence and Security Informatics, IEEE ISI 2013
Y2 - 4 June 2013 through 7 June 2013
ER -