CISC 879 - Machine Learning for Solving Systems Problems Presented by: Sandeep Dept of Computer & Information Sciences University of Delaware Detection.

Slides:



Advertisements
Similar presentations
CISC Machine Learning for Solving Systems Problems John Cavazos Dept of Computer & Information Sciences University of Delaware
Advertisements

Smita Thaker 1 Polymorphic & Metamorphic Viruses Presented By : Smita Thaker Dated : Nov 18, 2003.
My name is Dustin Boswell and I will be presenting: Ensemble Methods in Machine Learning by Thomas G. Dietterich Oregon State University, Corvallis, Oregon.
Data Mining Classification: Alternative Techniques
Network Intrusion Detection Systems Presented by Keith Elliott.
Metamorphic Malware Research
Three kinds of learning
Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra.
Data Mining: Discovering Information From Bio-Data Present by: Hongli Li & Nianya Liu University of Massachusetts Lowell.
CONTENT-BASED BOOK RECOMMENDING USING LEARNING FOR TEXT CATEGORIZATION TRIVIKRAM BHAT UNIVERSITY OF TEXAS AT ARLINGTON DATA MINING CSE6362 BASED ON PAPER.
Face Recognition Using Neural Networks Presented By: Hadis Mohseni Leila Taghavi Atefeh Mirsafian.
Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”
Automated malware classification based on network behavior
1 © Goharian & Grossman 2003 Introduction to Data Mining (CS 422) Fall 2010.
A Hybrid Model to Detect Malicious Executables Mohammad M. Masud Latifur Khan Bhavani Thuraisingham Department of Computer Science The University of Texas.
CISC Machine Learning for Solving Systems Problems Presented by: Akanksha Kaul Dept of Computer & Information Sciences University of Delaware SBMDS:
Software Analysis & Deobfuscation Engine. Page  2  Project Name: SADE  Project Members: Faiza Khalid, Komal Babar and Abdul Wahab  Project Supervisor.
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Hacker Zombie Computer Reflectors Target.
Speaker : Hong-Ren Jiang A Novel Testbed for Detection of Malicious Software Functionality 1.
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
 a crime committed on a computer network, esp. the Internet.
Printing: This poster is 48” wide by 36” high. It’s designed to be printed on a large-format printer. Customizing the Content: The placeholders in this.
AUTHORS: ASAF SHABTAI, URI KANONOV, YUVAL ELOVICI, CHANAN GLEZER, AND YAEL WEISS "ANDROMALY": A BEHAVIORAL MALWARE DETECTION FRAMEWORK FOR ANDROID.
Structure Classifications &
Detecting Semantic Cloaking on the Web Baoning Wu and Brian D. Davison Lehigh University, USA WWW 2006.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 A Feature Selection and Evaluation Scheme for Computer Virus Detection Olivier Henchiri and Nathalie Japkowicz School of Information Technology and Engineering.
Hunting for Metamorphic Engines Wing Wong Mark Stamp Hunting for Metamorphic Engines 1.
Comparison of Bayesian Neural Networks with TMVA classifiers Richa Sharma, Vipin Bhatnagar Panjab University, Chandigarh India-CMS March, 2009 Meeting,
KAIST Internet Security Lab. CS710 Behavioral Detection of Malware on Mobile Handsets MobiSys 2008, Abhijit Bose et al 이 승 민.
CISC Machine Learning for Solving Systems Problems Presented by: Alparslan SARI Dept of Computer & Information Sciences University of Delaware
Classification Techniques: Bayesian Classification
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
Normalizing Metamorphic Malware Using Term Rewriting A. Walenstein, R. Mathur, M. R. Chouchane, and A. Lakhotia Software Research Laboratory The University.
CISC Machine Learning for Solving Systems Problems Presented by: Ashwani Rao Dept of Computer & Information Sciences University of Delaware Learning.
PHMMs for Metamorphic Detection Mark Stamp 1PHMMs for Metamorphic Detection.
Using Engine Signature to Detect Metamorphic Malware Mohamed R. Chouchane and Arun Lakhotia Software Research Laboratory The University of Louisiana at.
CISC Machine Learning for Solving Systems Problems John Cavazos Dept of Computer & Information Sciences University of Delaware
CISC Machine Learning for Solving Systems Problems Presented by: Satyajeet Dept of Computer & Information Sciences University of Delaware Automatic.
Forensic Analysis of Toolkit-Generated Malicious Programs Yasmine Kandissounon TSYS School of Computer Science Columbus State University 2009 ACM Mid-Southeast.
Classification (slides adapted from Rob Schapire) Eran Segal Weizmann Institute.
Computational Approaches for Biomarker Discovery SubbaLakshmiswetha Patchamatla.
Reservoir Uncertainty Assessment Using Machine Learning Techniques Authors: Jincong He Department of Energy Resources Engineering AbstractIntroduction.
METAMORPHIC VIRUS NGUYEN LE VAN.
Where’s the FEEB?: Effectiveness of Instruction Set Randomization Nora Sovarel, David Evans, Nate Paul University of Virginia Computer Science USENIX Security.
CISC Machine Learning for Solving Systems Problems Presented by: Suparna Manjunath Dept of Computer & Information Sciences University of Delaware.
Classification Ensemble Methods 1
Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:
Simple Substitution Distance and Metamorphic Detection Simple Substitution Distance 1 Gayathri Shanmugam Richard M. Low Mark Stamp.
A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.
Don’t Follow me : Spam Detection in Twitter January 12, 2011 In-seok An SNU Internet Database Lab. Alex Hai Wang The Pensylvania State University International.
PEER TO PEER BOTNET DETECTION FOR CYBER- SECURITY (DEFENSIVE OPERATION): A DATA MINING APPROACH Masud, M. M. 1, Gao, J. 2, Khan, L. 1, Han, J. 2, Thuraisingham,
Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA
October 20-23rd, 2015 FEEBO: A Framework for Empirical Evaluation of Malware Detection Resilience Against Behavior Obfuscation Sebastian Banescu Tobias.
Chapter 40 Internet Security.
Combining Models Foundations of Algorithms and Machine Learning (CS60020), IIT KGP, 2017: Indrajit Bhattacharya.
Learning to Detect and Classify Malicious Executables in the Wild by J
Debesh Jha and Kwon Goo-Rak
Techniques, Tools, and Research Issues
Semantics-Aware Malware Detection
Chap 10 Malicious Software.
iSRD Spam Review Detection with Imbalanced Data Distributions
RHMD: Evasion-Resilient Hardware Malware Detectors
CSCI N317 Computation for Scientific Applications Unit Weka
Chap 10 Malicious Software.
Using Bayesian Network in the Construction of a Bi-level Multi-classifier. A Case Study Using Intensive Care Unit Patients Data B. Sierra, N. Serrano,
Computer Architecture and System Programming Laboratory
Presentation transcript:

CISC Machine Learning for Solving Systems Problems Presented by: Sandeep Dept of Computer & Information Sciences University of Delaware Detection of unknown computer worms based on behavioral classification of the host Robert Moskovitch,Yuval Elovici,Lior Rokach

CISC Machine Learning for Solving Systems Problems Worms Worms are considered malicious in nature Worms propagate actively over a network, while other types of malicious codes, such as viruses, commonly require human activity to propagate Viruses infect a file (its host), a worm does not require a host file.

CISC Machine Learning for Solving Systems Problems What do Antivirus Packages do ? Antivirus software packages inspect each file that enters the system, looking for known signatures which uniquely identify an instance of known malcode Polymorphism and metamorphism are two common obfuscation techniques used by malware writers Polymorphic virus obfuscates its decryption loop using several transformations, such as nop- insertion, code transposition

CISC Machine Learning for Solving Systems Problems Obfuscation Techniques Metamorphic viruses attempt to evade detection by obfuscating the entire virus. When they replicate, these viruses change their code in a variety of ways, such as code transposition, substitution of equivalent instruction sequences, change of conditional jumps, and register reassignment

CISC Machine Learning for Solving Systems Problems Example Virus Code : Morphed Virus Code(From Chernobyl CIH1.4) Loop : Loop : pop ecxLoop: pop ecx pop ecx nop nop jecxz SFModMarkjecxz SFModMarkjmp L1 mov esi, ecx xor ebx, ebx L3: call edi mov eax, 0d601hbeqz N1xor ebx, ebx Pop edx N1:mov esi, ecxbeqz N2 Pop ecx nopN2:jmp Loop Call edi mov eax,0d601hjmp l4 pop edx L2:nop pop ecxmov eax, 0d601h noppop edx Xor ebx, ebx call edi pop ecx beqz N1 Xor ebx, ebxnop N1: mov esi, ecx beqz N2jmp L3jmp L2 N2: JMP loopL1: jecxz SFModMarkL4:

CISC Machine Learning for Solving Systems Problems Current Methods Existing methods rely on the analysis of the binary for the detection of unknown malcode. Some less typical worms are left undetectable. Therefore an additional detection layer at runtime is required

CISC Machine Learning for Solving Systems Problems Proposed Approach Malicious actions are reflected in the general behavior of the host. By monitoring the host, one can inexplicitly identify malcodes. A classifier is trained with computer measurements from infected and not infected computers.

CISC Machine Learning for Solving Systems Problems Contributions of the Paper Machine learning techniques are capable of detecting and classifying worms Using feature selection techniques to show that a relatively small set of features are sufficient for solving the problem without sacrifice accuracy. Empirical results from an extensive study of various machine configurations suggesting that the proposed methods achieve high detection rates on previously unseen worms.

CISC Machine Learning for Solving Systems Problems Train and Test Phase

CISC Machine Learning for Solving Systems Problems Dataset creation Lab network consisted of seven computers, which contained heterogenic hardware, and a server computer simulating the internet. Used the windows performance counters and Vtrace which enable monitoring system features A vector of 323 features for every second. Choose worms that differ in their behavior, from among the available worms

CISC Machine Learning for Solving Systems Problems Dataset Description

CISC Machine Learning for Solving Systems Problems Feature selection methods Chi-Square Gain Ratio Relief Features’ ensemble : fi is a feature, filter is one of the k filtering (feature selection) methods.

CISC Machine Learning for Solving Systems Problems Consolidating features from different environments:Averaged and Unified

CISC Machine Learning for Solving Systems Problems Feature Sets

CISC Machine Learning for Solving Systems Problems Classification algorithms Decision Trees, Naıve Bayes, Bayesian Networks Artificial Neural Networks

CISC Machine Learning for Solving Systems Problems Evaluation measures

CISC Machine Learning for Solving Systems Problems Experiment I Each classifier is trained on a single dataset i and tested on each one ( j ) of the eight datasets. Eight corresponding evaluations were done on each one of the datasets, resulting in 64 evaluation runs. When i = j, 10 fold cross validation, in which the dataset is randomly partitioned into ten partitions and repeatedly the classifier is trained on nine partitions and tested on the tenth.

CISC Machine Learning for Solving Systems Problems Experiment I (Contd) Each evaluation run (out of the 64) was repeated for each one of the combinations of feature selection method, classification algorithm, and number of top features. Each evaluation run was repeated for the 33 feature set described earlier 132 (four classification algorithms applied to 33 feature sets) evaluations (each comprises 64 runs), summing up to 8448 evaluation runs.

CISC Machine Learning for Solving Systems Problems Results

CISC Machine Learning for Solving Systems Problems Results(Contd)

CISC Machine Learning for Solving Systems Problems Results(Contd)

CISC Machine Learning for Solving Systems Problems Experiment II Classifiers based on part of the (five) worms and the none activity, and tested on the excluded worms (from the training set) and the none activity Training set consisted of 5 − k worms and the testing set contained the k excluded worms, while the none activity appeared in both datasets. This process repeated for all the possible combinations of the k worms (k = 1–4). The Top20 features, which outperformed in e1 were used

CISC Machine Learning for Solving Systems Problems Results

CISC Machine Learning for Solving Systems Problems Conclusion Q1: In the detection of known malicious code, based on a computer’s measurements, using machine learning techniques, what is the achievable level of accuracy? Q2: Is it possible to reduce the number of features to below 30, while maintaining a high level of accuracy

CISC Machine Learning for Solving Systems Problems Conclusions(Contd) Q3: Will the computer configuration and the computer background activity, from which the training sets were taken, have a significant influence on the detection accuracy? Q4: Is the detection of unknown worms possible, based on a training set of known worms?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.