Attributes and machine learning for fragment identification and malware analysis
MetadataShow full item record
This study applies machine learning techniques and novel statistical features for two important classification problems in secure computing: malware detection and file fragment type identification. We observe combinations of information-theoretic and Natural Language Processing features extracted from byte level file content. To the extent possible, we replicate recent studies to validate the use of these features and expand on recent work by combining features from malware to detection to fragment identification tasks and vice versa. By avoiding the use of extracted file signatures and strings, this study contributes techniques that may be more resistant to obfuscation attacks, lead to enhanced prediction rates for zero-day malware files, and improved forensics on broken fragments where file metadata information is not available. We evaluate our results against recent works and report the highest performing algorithms and combinations of features for each task.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Zarate, Carolina; Garfinkel, Simson L.; Heffernan, Aubin; Gorak, Kyle; Horras, Scott (Monterey, California. Naval Postgraduate School, 2014-01-17); NPS-CS-13-005To determine the usage of XOR and the need to adapt additional tools, we analyzed 2,411 drive images from devices acquired around the world for the use of bytewise XOR as an obfuscation technique. Using a modified version ...
Mobile Konami codes: analysis of Android malware services utilizing sensor and resource-based state changes Boomgaarden, Jacob L.; Corney, Joshua D. (Monterey, California: Naval Postgraduate School, 2015-03);Society’s pervasive use of mobile technologies has provided an incentive for the amount and kinds of mobile malware to steadily increase since 2004. Challenges in static analysis of mobile malware have stimulated the need ...
Melton, Jacob D. (Monterey, CA; Naval Postgraduate School, 2018-06);Cyber criminals are increasingly using malicious programs to take control of and exploit individuals’, businesses’, and governments’ data. A large portion of malware is a type called ransomware, which finds a way to restrict ...