Title :
Malware Target Recognition of Unknown Threats
Author :
Dube, Thomas E. ; Raines, R.A. ; Grimaila, Michael ; Bauer, Kenneth W. ; Rogers, Steven K.
Author_Institution :
Dept. of Electr. & Comput. Eng., U.S. Air Force Inst. of Technol., Wright-Patterson AFB, OH, USA
Abstract :
Organizations traditionally use signature-based commercial antivirus products as a frontline defense against malware, but advanced persistent threats craft custom malicious tools to achieve their objectives. Organizations safeguarding sensitive information have difficulty in identifying new malware threats among millions of benign executables using only signature-based antivirus systems. This paper extends a performance-based malware target recognition architecture that currently uses only static heuristic features. Experimental results show that this architectural component achieves an overall test accuracy of 98.5% against a malware set collected from operational environments, while three commercial antivirus products combine for a detection accuracy of only 60% with their most sensitive settings. Implementations of this architecture will enable organizations to self-discover new malware threats, providing enhanced situation awareness for cyberspace operators in hostile threat environments.
Keywords :
digital signatures; invasive software; architectural component; custom malicious tools; cyberspace operators; frontline defense; hostile threat environments; malware target recognition; malware threats; organizations; signature-based commercial antivirus products; unknown threats; Accuracy; Decision trees; Feature extraction; Malware; Organizations; Sensitivity; Training; Advanced persistent threat; antivirus; intrusion detection; malware detection; situation awareness;
Journal_Title :
Systems Journal, IEEE
DOI :
10.1109/JSYST.2012.2221913
