Chong-Kuan Chen, profile picture
Uploaded byChong-Kuan Chen
PDF, PPTX6,550 views

Malware Detection - A Machine Learning Perspective

This document discusses machine learning approaches for malware detection. It notes that millions of new malware are created each year, making it difficult for signature-based antivirus software to keep up. Machine learning is presented as a potential solution by automatically constructing models to detect malware based on training data. However, the quality of the training data and features is critical, as machine learning risks producing garbage outputs from garbage inputs. Different machine learning algorithms and evaluation benchmarks are also discussed.

Embed presentation

Download as PDF, PPTX
Malware Detection - A Machine Learning Perspective C.K.Chen 2014.06.05
Outline • A Large Wave of Malware Is Coming • Is Machine Learning the Savior • You Can't Make Something out of Nothing • A Garbage In, Garbage Out Game? • Model, Model, It’s All About The Model • Every Evaluation in Every Paper is ‘Perfect’ • Democracy World in Machine Learning • WYSIWYG • Known Where Your Enemy Is
A Large Wave of Malware Is Coming • There are million malware created every year McAfee Labs Threat Report in Fourth Quarter 2013
Your Anti-Virus Will Not Tell You • Although the overall detection looks well
Attack Windows in AntiVirus Anti-Virus Lifecycle • Attack Windows Malware Life Cycle
Is Machine Learning the Savior • Problem is that • Signature generation is mutual work and time comsuming • Most malware is not brand new one, but modify or rewrite from old one • Automatic malware creation tool chain • Mutation Technique • May leave some clue for us • Machine learning shed a light to aromatic construct model and detect malware
How Machine Learning Work? • Training • Feature Extraction -> Learning Algorithms -> Generate Classfier • Testing • Feature Extraction -> Classifier -> Classifier Result
Catalogs of Machine Learning Approaches • Catalog by Representation/Feature Selection/Classification Algorithms
You Can't Make Something out of Nothing • Data Set is the first step for ML • No data, ML can do nothing • Where to collect samples • Web, Honet Pot, User Upload • Balanced vs. Imbalanced data
A Garbage In, Garbage Out Game • There are so many features can be choose • The quality of feature decide the precision of machine learning • Feature • Static / Dynamic / PE Structure • N-gram • Feature Selection is needed • ReliefF • Chi-squared • F-Statistics
Model, Model, It’s All About The Model • Most important part • You need to choose the model which can interpreter your data more closefitting • How to choose model Numerical Data  Classical Classifier (SVM) Catalog Data  Dummy Variable  Decision Tree Sequence Data  N-gram Algorithms  Bayes, Markov Chain
Every Evaluation in Every Paper is ‘Perfect’ • Unlike other research area, malware detection has no standard benchmark • Malware created every day • Privacy wealthy • Also no guideline for evaluation • Therefore, some researchers observe this problem and do a great survey • Provide some rule to rvaluate
Is Machine Learning the Savior • Machine learning can help us to recognize similar and variant malware • It can not identify brand new malware • Machine learning based detector need carefully training and long time for tuning
Democracy World in Machine Learning • There are many type of classifier • SVM, Decision Tree, Neural Network, …. • Voting to increasing precision
WYSIWYG
Known Where Your Enemy Is • In security field, bad guy always try to break your system • Causative game • Attacker poisons data • Defender trains ML on poisoned data • Exploratory game • Defender trains on clean data • Attacker evades learned classifier/detector
Reference 1. McAfee Labs Threat Report in Fourth Quarter 2013 2. http://www.fireeye.com/blog/corporate/2014/05/ghost-hunting-with-anti-virus.html 3. AV alone is not enough to protect PC from zero-day malware 4. AV Isn't Dead, It Just Can't Keep Up 5. AV comparatives, File Detection Test of Malicious Software, 2014 6. G. Yan, N. Brown, and D. Kong, “Exploring Discriminatory Features for Automated Malware Classification,” DIMVA, 2013. 7. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer, “Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey,” Inf. Secur. Tech. Rep., 2009. 8. C. Rossow, C. J. Dietrich, C. Grier, C. Kreibich, V. Paxson, N. Pohlmann, H. Bos, and M. Van Steen, “Prudent Practices for Designing Malware Experiments: Status Quo and Outlook,” IEEE S&P, 2012. 9. D. Kong and G. Yan, “Discriminant malware distance learning on structural information for automated malware classification,” Proc. 19th ACM SIGKDD KDD ’13, 2013.

More Related Content

PPTX
Malware Detection Using Machine Learning Techniques
byArshadRaja786
 
ODP
Malware Dectection Using Machine learning
byShubham Dubey
 
PPTX
Malware Classification and Analysis
byPrashant Chopra
 
PPT
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
PPTX
Introduction to Malware Analysis
byAndrew McNicol
 
PDF
Android malware presentation
bySandeep Joshi
 
PDF
Malware detection-using-machine-learning
bySecurity Bootcamp
 
PPTX
Malware- Types, Detection and Future
bykaranwayne
 
Malware Detection Using Machine Learning Techniques
byArshadRaja786
 
Malware Dectection Using Machine learning
byShubham Dubey
 
Malware Classification and Analysis
byPrashant Chopra
 
Malware Detection using Machine Learning
byCysinfo Cyber Security Community
 
Introduction to Malware Analysis
byAndrew McNicol
 
Android malware presentation
bySandeep Joshi
 
Malware detection-using-machine-learning
bySecurity Bootcamp
 
Malware- Types, Detection and Future
bykaranwayne
 

What's hot

PPTX
Malware classification using Machine Learning
byJapneet Singh
 
PDF
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
 
PPTX
Autopsy Digital forensics tool
bySreekanth Narendran
 
PDF
Threat Hunting Procedures and Measurement Matrice
byVishal Kumar
 
PPTX
Malware analysis
byPrakashchand Suthar
 
PPTX
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
bySam Bowne
 
PPTX
Network forensic
byManjushree Mashal
 
PDF
Machine Learning in Malware Detection
byKaspersky
 
PDF
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
PPT
Web security
byMuhammad Usman
 
PDF
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
PPTX
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
PDF
Ch 5: Port Scanning
bySam Bowne
 
PDF
Windows Threat Hunting
byGIBIN JOHN
 
PPTX
E mail forensics
bysaddamhusain hadimani
 
PPTX
Basic malware analysis
bysecurityxploded
 
PPTX
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
PDF
Cyber Threat hunting workshop
byArpan Raval
 
PDF
Malware classification and detection
byChong-Kuan Chen
 
PDF
IRJET- Android Malware Detection using Machine Learning
byIRJET Journal
 
Malware classification using Machine Learning
byJapneet Singh
 
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
 
Autopsy Digital forensics tool
bySreekanth Narendran
 
Threat Hunting Procedures and Measurement Matrice
byVishal Kumar
 
Malware analysis
byPrakashchand Suthar
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
bySam Bowne
 
Network forensic
byManjushree Mashal
 
Machine Learning in Malware Detection
byKaspersky
 
Privilege escalation from 1 to 0 Workshop
byHossam .M Hamed
 
Web security
byMuhammad Usman
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
byMITRE ATT&CK
 
Threat hunting foundations: People, process and technology.pptx
byInfosec
 
Ch 5: Port Scanning
bySam Bowne
 
Windows Threat Hunting
byGIBIN JOHN
 
E mail forensics
bysaddamhusain hadimani
 
Basic malware analysis
bysecurityxploded
 
Cyber Threat Hunting Workshop
byDigit Oktavianto
 
Cyber Threat hunting workshop
byArpan Raval
 
Malware classification and detection
byChong-Kuan Chen
 
IRJET- Android Malware Detection using Machine Learning
byIRJET Journal
 

Viewers also liked

PPTX
Machine Learning for Malware Classification and Clustering
byEndgameInc
 
PPT
Data mining techniques for malware detection.pptx
byAditya Deshmukh
 
PDF
Metamorphic Malware Analysis and Detection
byGrijesh Chauhan
 
PPTX
Malicious Client Detection Using Machine Learning
bysecurityxploded
 
PDF
Malware detection software using a support vector machine as a classifier
byNicole Bili?
 
PDF
Ensembled Based Categorization and Adaptive Learning Model for Malware Detection
byMuhammad Najmi Ahmad Zabidi
 
PPTX
Data Science Driven Malware Detection
byVMware Tanzu
 
PPTX
광명프로그래머 3주차-학습이란 무었인가
by광명 우
 
PPTX
Markov Model for TMR System with Repair
bySujith Jay Nair
 
PPTX
An Introduction to Malware Classification
byJohn Seymour
 
PPTX
Facial recognition
byKartik Raghuvanshi
 
PDF
Classification of Malware based on Data Mining Approach
byijsrd.com
 
PDF
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
byWojciech Podgórski
 
PPTX
Clustering on database systems rkm
byVahid Mirjalili
 
PDF
AI approach to malware similarity analysis: Maping the malware genome with a...
byPriyanka Aash
 
PPTX
Malicious Url Detection Using Machine Learning
bysecurityxploded
 
PDF
Codemotion 2012 - Da web a mobile... senza spargimento di sangue
byMario Cartia
 
PDF
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
byMarco Balduzzi
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PPTX
Malware Analysis and Defeating using Virtual Machines
byintertelinvestigations
 
Machine Learning for Malware Classification and Clustering
byEndgameInc
 
Data mining techniques for malware detection.pptx
byAditya Deshmukh
 
Metamorphic Malware Analysis and Detection
byGrijesh Chauhan
 
Malicious Client Detection Using Machine Learning
bysecurityxploded
 
Malware detection software using a support vector machine as a classifier
byNicole Bili?
 
Ensembled Based Categorization and Adaptive Learning Model for Malware Detection
byMuhammad Najmi Ahmad Zabidi
 
Data Science Driven Malware Detection
byVMware Tanzu
 
광명프로그래머 3주차-학습이란 무었인가
by광명 우
 
Markov Model for TMR System with Repair
bySujith Jay Nair
 
An Introduction to Malware Classification
byJohn Seymour
 
Facial recognition
byKartik Raghuvanshi
 
Classification of Malware based on Data Mining Approach
byijsrd.com
 
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
byWojciech Podgórski
 
Clustering on database systems rkm
byVahid Mirjalili
 
AI approach to malware similarity analysis: Maping the malware genome with a...
byPriyanka Aash
 
Malicious Url Detection Using Machine Learning
bysecurityxploded
 
Codemotion 2012 - Da web a mobile... senza spargimento di sangue
byMario Cartia
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
byMarco Balduzzi
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
Malware Analysis and Defeating using Virtual Machines
byintertelinvestigations
 

Similar to Malware Detection - A Machine Learning Perspective

PDF
Adversarial Attacks and Defenses in Malware Classification: A Survey
byCSCJournals
 
PPTX
savi technical ppt.pptx
by4GH20CS407POONAM
 
PPTX
Machine Learning for Malware Classification and Clustering
byAshwini Almad
 
PDF
IRJET - Survey on Malware Detection using Deep Learning Methods
byIRJET Journal
 
PDF
Adversarial machine learning for av software
byjunseok seo
 
PPTX
Malware Detection By Machine Learning Presentation.pptx
byalishapatidar2021
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PPTX
Advanced Malware Detection Model Presentation
byvindumaurya90
 
PDF
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
byPluribus One
 
PDF
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
byIJCI JOURNAL
 
PPTX
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
PPTX
Presentation.pptx..................................
byShivakrishnan18
 
PPTX
Presentation (1).pptx
byRanjithCherry1
 
DOCX
A malware detection method for health sensor data based on machine learning
byjaigera
 
PDF
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
PDF
Tuning the K value in K-nearest neighbors for malware detection
byIAESIJAI
 
PDF
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
byIJNSA Journal
 
PPTX
Presentation2 for the enthusiast who wants to download
byrsaumita01
 
PPTX
Malware Detection by Machine Learning.pptx
bysnehachowbanerjee
 
PPTX
Thinking Differently About Security Protection and Prevention
byDavid Perkins
 
Adversarial Attacks and Defenses in Malware Classification: A Survey
byCSCJournals
 
savi technical ppt.pptx
by4GH20CS407POONAM
 
Machine Learning for Malware Classification and Clustering
byAshwini Almad
 
IRJET - Survey on Malware Detection using Deep Learning Methods
byIRJET Journal
 
Adversarial machine learning for av software
byjunseok seo
 
Malware Detection By Machine Learning Presentation.pptx
byalishapatidar2021
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
Advanced Malware Detection Model Presentation
byvindumaurya90
 
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
byPluribus One
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
byIJCI JOURNAL
 
malware detection ppt for vtu project and other final year project
byNaveenAd4
 
Presentation.pptx..................................
byShivakrishnan18
 
Presentation (1).pptx
byRanjithCherry1
 
A malware detection method for health sensor data based on machine learning
byjaigera
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
byijaia
 
Tuning the K value in K-nearest neighbors for malware detection
byIAESIJAI
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
byIJNSA Journal
 
Presentation2 for the enthusiast who wants to download
byrsaumita01
 
Malware Detection by Machine Learning.pptx
bysnehachowbanerjee
 
Thinking Differently About Security Protection and Prevention
byDavid Perkins
 

More from Chong-Kuan Chen

PDF
Cgc2
byChong-Kuan Chen
 
PDF
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
byChong-Kuan Chen
 
PDF
Compilation and Execution
byChong-Kuan Chen
 
PDF
Oram And Secure Computation
byChong-Kuan Chen
 
PDF
Mem forensic
byChong-Kuan Chen
 
PDF
Addios!
byChong-Kuan Chen
 
PDF
Security events in 2014
byChong-Kuan Chen
 
PDF
Automatic tool for static analysis
byChong-Kuan Chen
 
PDF
Intro. to static analysis
byChong-Kuan Chen
 
PDF
Android Application Security
byChong-Kuan Chen
 
PDF
Android system security
byChong-Kuan Chen
 
PDF
HITCON CTF 2014 BambooFox 解題心得分享
byChong-Kuan Chen
 
PDF
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
byChong-Kuan Chen
 
PPTX
Become A Security Master
byChong-Kuan Chen
 
PDF
Malware collection and analysis
byChong-Kuan Chen
 
PDF
2012 S&P Paper Reading Session1
byChong-Kuan Chen
 
Cgc2
byChong-Kuan Chen
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
byChong-Kuan Chen
 
Compilation and Execution
byChong-Kuan Chen
 
Oram And Secure Computation
byChong-Kuan Chen
 
Mem forensic
byChong-Kuan Chen
 
Addios!
byChong-Kuan Chen
 
Security events in 2014
byChong-Kuan Chen
 
Automatic tool for static analysis
byChong-Kuan Chen
 
Intro. to static analysis
byChong-Kuan Chen
 
Android Application Security
byChong-Kuan Chen
 
Android system security
byChong-Kuan Chen
 
HITCON CTF 2014 BambooFox 解題心得分享
byChong-Kuan Chen
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
byChong-Kuan Chen
 
Become A Security Master
byChong-Kuan Chen
 
Malware collection and analysis
byChong-Kuan Chen
 
2012 S&P Paper Reading Session1
byChong-Kuan Chen
 

Recently uploaded

PPTX
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
PPTX
Optimizing the ELBO Objective: A Comparative Study of RNN, LSTM, and GRU Arch...
byKayalvizhi A
 
PPTX
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
PDF
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
PDF
Microeconomics Theory and Market Structure.pdf
byMahmoodKhalid11
 
PDF
Weak Incentives (WINK): The Agent Definition Layer
byAndrei Savu
 
PPTX
Why Most SAP PM Implementations Fail — And How High-Reliability Plants Fix It
byMaintWiz Technologies Private Limited
 
PDF
MoD_2.pptx solid rockets of the rocket.pdf
byrajaashish82988
 
PDF
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
PPTX
Every Plant Has a Weak Link: How AI CMMS Exposes Hidden Reliability Risks
byMaintWiz Technologies Private Limited
 
PDF
Highway Curves in Transportation Engineering.pdf
byMahmoodKhalid11
 
PDF
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
PPTX
The Hidden Cost of Bad Spare Parts Planning (And How AI CMMS Fixes It)
byMaintWiz Technologies Private Limited
 
PDF
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PPTX
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
PPTX
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
PDF
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 
A professional presentation on Cosmos Bank Heist
byssuser7f0075
 
Optimizing the ELBO Objective: A Comparative Study of RNN, LSTM, and GRU Arch...
byKayalvizhi A
 
INTEGRATED COMMUNICATION AND SENSING Presentation.pptx
byNanaAgyeman13
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
Role of Training and Development in Enhancing Safety Performance in Opencast ...
byRathin Biswas
 
Microeconomics Theory and Market Structure.pdf
byMahmoodKhalid11
 
Weak Incentives (WINK): The Agent Definition Layer
byAndrei Savu
 
Why Most SAP PM Implementations Fail — And How High-Reliability Plants Fix It
byMaintWiz Technologies Private Limited
 
MoD_2.pptx solid rockets of the rocket.pdf
byrajaashish82988
 
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
Every Plant Has a Weak Link: How AI CMMS Exposes Hidden Reliability Risks
byMaintWiz Technologies Private Limited
 
Highway Curves in Transportation Engineering.pdf
byMahmoodKhalid11
 
Microcontroller Notes Final 2016 April june.pdf
bypmuiruri768
 
The Hidden Cost of Bad Spare Parts Planning (And How AI CMMS Fixes It)
byMaintWiz Technologies Private Limited
 
AWS Re:Invent 2025 Recap by FivexL - Guilherme, Vladimir, Andrey
byAndrey Devyatkin
 
PROBLEM SLOVING AND PYTHON PROGRAMMING UNIT 3.pdf
byA R SIVANESH M.E., QIP-PG (Cyber Security)., (Ph.D)
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
traffic safety section seven (Traffic Control and Management) of Act
byazeRakeshSunariMagar
 
Applications of AI in Civil Engineering - Dr. Rohan Dasgupta
byRohan Dasgupta
 

Malware Detection - A Machine Learning Perspective

  • 1.
    Malware Detection - AMachine Learning Perspective C.K.Chen 2014.06.05
  • 2.
    Outline • A LargeWave of Malware Is Coming • Is Machine Learning the Savior • You Can't Make Something out of Nothing • A Garbage In, Garbage Out Game? • Model, Model, It’s All About The Model • Every Evaluation in Every Paper is ‘Perfect’ • Democracy World in Machine Learning • WYSIWYG • Known Where Your Enemy Is
  • 3.
    A Large Waveof Malware Is Coming • There are million malware created every year McAfee Labs Threat Report in Fourth Quarter 2013
  • 4.
    Your Anti-Virus WillNot Tell You • Although the overall detection looks well
  • 5.
    Attack Windows inAntiVirus Anti-Virus Lifecycle • Attack Windows Malware Life Cycle
  • 6.
    Is Machine Learningthe Savior • Problem is that • Signature generation is mutual work and time comsuming • Most malware is not brand new one, but modify or rewrite from old one • Automatic malware creation tool chain • Mutation Technique • May leave some clue for us • Machine learning shed a light to aromatic construct model and detect malware
  • 7.
    How Machine LearningWork? • Training • Feature Extraction -> Learning Algorithms -> Generate Classfier • Testing • Feature Extraction -> Classifier -> Classifier Result
  • 8.
    Catalogs of MachineLearning Approaches • Catalog by Representation/Feature Selection/Classification Algorithms
  • 9.
    You Can't MakeSomething out of Nothing • Data Set is the first step for ML • No data, ML can do nothing • Where to collect samples • Web, Honet Pot, User Upload • Balanced vs. Imbalanced data
  • 10.
    A Garbage In,Garbage Out Game • There are so many features can be choose • The quality of feature decide the precision of machine learning • Feature • Static / Dynamic / PE Structure • N-gram • Feature Selection is needed • ReliefF • Chi-squared • F-Statistics
  • 12.
    Model, Model, It’sAll About The Model • Most important part • You need to choose the model which can interpreter your data more closefitting • How to choose model Numerical Data  Classical Classifier (SVM) Catalog Data  Dummy Variable  Decision Tree Sequence Data  N-gram Algorithms  Bayes, Markov Chain
  • 13.
    Every Evaluation inEvery Paper is ‘Perfect’ • Unlike other research area, malware detection has no standard benchmark • Malware created every day • Privacy wealthy • Also no guideline for evaluation • Therefore, some researchers observe this problem and do a great survey • Provide some rule to rvaluate
  • 16.
    Is Machine Learningthe Savior • Machine learning can help us to recognize similar and variant malware • It can not identify brand new malware • Machine learning based detector need carefully training and long time for tuning
  • 17.
    Democracy World inMachine Learning • There are many type of classifier • SVM, Decision Tree, Neural Network, …. • Voting to increasing precision
  • 18.
  • 19.
    Known Where YourEnemy Is • In security field, bad guy always try to break your system • Causative game • Attacker poisons data • Defender trains ML on poisoned data • Exploratory game • Defender trains on clean data • Attacker evades learned classifier/detector
  • 20.
    Reference 1. McAfee LabsThreat Report in Fourth Quarter 2013 2. http://www.fireeye.com/blog/corporate/2014/05/ghost-hunting-with-anti-virus.html 3. AV alone is not enough to protect PC from zero-day malware 4. AV Isn't Dead, It Just Can't Keep Up 5. AV comparatives, File Detection Test of Malicious Software, 2014 6. G. Yan, N. Brown, and D. Kong, “Exploring Discriminatory Features for Automated Malware Classification,” DIMVA, 2013. 7. A. Shabtai, R. Moskovitch, Y. Elovici, and C. Glezer, “Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey,” Inf. Secur. Tech. Rep., 2009. 8. C. Rossow, C. J. Dietrich, C. Grier, C. Kreibich, V. Paxson, N. Pohlmann, H. Bos, and M. Van Steen, “Prudent Practices for Designing Malware Experiments: Status Quo and Outlook,” IEEE S&P, 2012. 9. D. Kong and G. Yan, “Discriminant malware distance learning on structural information for automated malware classification,” Proc. 19th ACM SIGKDD KDD ’13, 2013.