Malware modeling and experimentation through parameterized behavior

Celik, Z. Berkay; McDaniel, Patrick; Bowen, Thomas F.

doi:10.1177/1548512917721755

Cited by 2 publications

(1 citation statement)

References 26 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Feature cultivation in these detection systems has been a key effort within the security communities. For example, researchers have previously used specific patterns to group malware samples into families [23], [30], have explored using DNS information to understand and predict botnet domains [20], [31], [32], and have analyzed system and network level features to identify malware traffic [33]- [35]. Other works have focused on user authentication using the facial images [36], [37].…”

Section: Related Workmentioning

confidence: 99%

Extending Detection with Privileged Information via Generalized Distillation

Celik

McDaniel²

2018

2018 IEEE Security and Privacy Workshops (SPW)

Self Cite

View full text Add to dashboard Cite

Detection systems based on machine learning models are essential tools for system and enterprise defense. These systems construct models of attacks (or non-attacks) from past observations (i.e., features) using a training algorithm. After that, the detection systems use that model for detection at run-time. In this way, the detection system recognizes when the environmental state becomes-at least probabilistically-dangerous. A limitation of this traditional model of detection is that model training is limited to features available at run-time. However, many features are either too expensive to collect in real-time or only available after the fact. In traditional detection, such features are ignored for the purpose of detection. In this paper, we consider an alternative detection model learning approach, generalized distillation, that trains models using privileged informationfeatures available at training time but not at run-time-to improve the accuracy of detection systems. We use a deep neural network to implement generalized distillation for the training of detection models and making predictions. Our empirical study shows that detection with privileged information via generalized distillation increases precision and recall in systems of user face authentication, fast-flux bot detection, and malware classification over systems with no privileged information.

show abstract