Attributes and machine learning for fragment identification and malware analysis
Download
Author
Beneduce, Kristen
Date
2014-09Advisor
Young, Joel
Second Reader
Eagle, Chris
Metadata
Show full item recordAbstract
This study applies machine learning techniques and novel statistical features for two important classification problems in secure computing: malware detection and file fragment type identification. We observe combinations of information-theoretic and Natural Language Processing features extracted from byte level file content. To the extent possible, we replicate recent studies to validate the use of these features and expand on recent work by combining features from malware to detection to fragment identification tasks and vice versa. By avoiding the use of extracted file signatures and strings, this study contributes techniques that may be more resistant to obfuscation attacks, lead to enhanced prediction rates for zero-day malware files, and improved forensics on broken fragments where file metadata information is not available. We evaluate our results against recent works and report the highest performing algorithms and combinations of features for each task.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
NEURAL NETWORKS FOR MALWARE DETECTION USING STATIC ANALYSIS
Kalinowski, Pawel (Monterey, CA; Naval Postgraduate School, 2019-03);Malware is software that enables adversaries to execute their goals by affecting their target devices’ confidentiality, integrity, or availability. Malware is constantly evolving and detection methods must find ways to ... -
A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data
Zarate, Carolina; Garfinkel, Simson L.; Heffernan, Aubin; Gorak, Kyle; Horras, Scott (Monterey, California. Naval Postgraduate School, 2014-01-17); NPS-CS-13-005To determine the usage of XOR and the need to adapt additional tools, we analyzed 2,411 drive images from devices acquired around the world for the use of bytewise XOR as an obfuscation technique. Using a modified version ... -
Analysis of the Use of XOR as an Obfuscation Technique in a Real Data Corpus
Zarate, Carolina; Garfinkel, Simson; Heffernan, Aubin; Horras, Scott; Gorak, Kyle (2014);The only digital forensic tools known to provide an automated approach for evaluating XOR obfuscated data are DCCI Carver and DC3 Carver, two general-purpose carving tools developed by the Defense Cyber Crime Center ...