Attributes and machine learning for fragment identification and malware analysis
MetadataShow full item record
This study applies machine learning techniques and novel statistical features for two important classification problems in secure computing: malware detection and file fragment type identification. We observe combinations of information-theoretic and Natural Language Processing features extracted from byte level file content. To the extent possible, we replicate recent studies to validate the use of these features and expand on recent work by combining features from malware to detection to fragment identification tasks and vice versa. By avoiding the use of extracted file signatures and strings, this study contributes techniques that may be more resistant to obfuscation attacks, lead to enhanced prediction rates for zero-day malware files, and improved forensics on broken fragments where file metadata information is not available. We evaluate our results against recent works and report the highest performing algorithms and combinations of features for each task.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Kalinowski, Pawel (Monterey, CA; Naval Postgraduate School, 2019-03);Malware is software that enables adversaries to execute their goals by affecting their target devices’ confidentiality, integrity, or availability. Malware is constantly evolving and detection methods must find ways to ...
Zarate, Carolina; Garfinkel, Simson L.; Heffernan, Aubin; Gorak, Kyle; Horras, Scott (Monterey, California. Naval Postgraduate School, 2014-01-17); NPS-CS-13-005To determine the usage of XOR and the need to adapt additional tools, we analyzed 2,411 drive images from devices acquired around the world for the use of bytewise XOR as an obfuscation technique. Using a modified version ...
Zarate, Carolina; Garfinkel, Simson; Heffernan, Aubin; Horras, Scott; Gorak, Kyle (2014);The only digital forensic tools known to provide an automated approach for evaluating XOR obfuscated data are DCCI Carver and DC3 Carver, two general-purpose carving tools developed by the Defense Cyber Crime Center ...