상세정보
Export to Refworks부가기능
Automatic Feature Engineering for Discovering and Explaining Malicious Behaviors
상세 프로파일
| 자료유형 | 학위논문 |
|---|---|
| 서명/저자사항 | Automatic Feature Engineering for Discovering and Explaining Malicious Behaviors. |
| 개인저자 | Zhu, Ziyun. |
| 단체저자명 | University of Maryland, College Park. Electrical Engineering. |
| 발행사항 | [S.l.]: University of Maryland, College Park., 2019. |
| 발행사항 | Ann Arbor: ProQuest Dissertations & Theses, 2019. |
| 형태사항 | 152 p. |
| 기본자료 저록 | Dissertations Abstracts International 81-03B. Dissertation Abstract International |
| ISBN | 9781085624725 |
| 학위논문주기 | Thesis (Ph.D.)--University of Maryland, College Park, 2019. |
| 일반주기 |
Source: Dissertations Abstracts International, Volume: 81-03, Section: B.
Advisor: Dumitras, Tudor. |
| 이용제한사항 | This item must not be sold to any third party vendors. |
| 요약 | A key task of cybersecurity is to discover and explain malicious behaviors of malware. The understanding of malicious behaviors helps us further develop good features and apply machine learning techniques to detect various attacks. The effectiveness of machine learning techniques primarily depends on the manual feature engineering process, based on human knowledge and intuition. However, given the adversaries' efforts to evade detection and the growing volume of publications on malicious behaviors, the feature engineering process likely draws from a fraction of the relevant knowledge. Therefore, it is necessary and important to design an automated system to engineer features for discovering malicious behaviors and detecting attacks.First, we describe a knowledge-based feature engineering technique for malware detection. It mines documents written in natural language (e.g. scientific literature), and represents and queries the knowledge about malware in a way that mirrors the human feature engineering process. We implement the idea in a system called FeatureSmith, which generates a feature set for detecting Android malware. We train a classifier using these features on a large data set of benign and malicious apps. This classifier achieves comparable performance to a state-of-the-art Android malware detector that relies on manually engineered features. In addition, FeatureSmith is able to suggest informative features that are absent from the manually engineered set and to link the features generated to abstract concepts that describe malware behaviors.Second, we propose a data-driven feature engineering technique called ReasonSmith, which explains machine learning models by ranking features based on their global importance. Instead of interpreting how neural networks make decisions for one specific sample, ReasonSmith captures general importance in terms of the whole data set. In addition, ReasonSmith allows us to efficiently identify data biases and artifacts, by comparing feature rankings over time. We further summarize the common data biases and artifacts for malware detection problems at the level of API calls.Third, we study malware detection from a global view, and explore automatic feature engineering problem in analyzing campaigns that include a series of actions. We implement a system ChainSmith to bridge large-scale field measurement and manual campaign report by extracting and categorizing IOCs (indicators of compromise) from security blogs. The semantic roles of IOCs allow us to link qualitative data (e.g. security blogs) to quantitative measurements, which brings new insights to malware campaigns. In particular, we study the effectiveness of different persuasion techniques used on enticing user to download the payloads. We find thatthe campaign usually starts from social engineering and "missing codec" ruse is a common persuasion technique that generates the most suspicious downloads each day. |
| 일반주제명 | Electrical engineering. Computer engineering. Computer science. Artificial intelligence. |
| 언어 | 영어 |
| 바로가기 | 
: 이 자료의 원문은 한국교육학술정보원에서 제공합니다. |
