• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >A novel malware target recognition architecture for enhanced cyberspace situation awareness.
【24h】

A novel malware target recognition architecture for enhanced cyberspace situation awareness.

机译:一种新颖的恶意软件目标识别架构,可增强网络空间状况的意识。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool to steal company secrets or manipulate information is malware. Malware circumvents legitimate authentication mechanisms and is an epidemic problem for organizations of all types, including governments, militaries, sectors of critical infrastructure and businesses.;This research proposes, designs, implements and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features with standard machine learning algorithms. Recent published research in static heuristics focuses on detection using n-grams as features, which are computationally determined, short n-byte sequences that are resource intensive to compute and directly unintelligible to human operators. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively.;In comparison, MaTR outperforms leading n-gram methods with a statistically significant 1% improvement in detection accuracy against known malware and 85% and 94% reductions in false positive and false negative rates respectively. Against a set of publicly unknown malware, MaTR detection accuracy is 98.56%, a 3.8% engineering advantage over n-gram methods and a 65% performance improvement over the combined effectiveness of three commercial antivirus products (both statistically significant). MaTR identification of propagation methods and payloads are greater than 86% and 83% respectively, which is comparable to existing research, but relies on simpler features to collect allowing for efficient retraining and redeployment. Collectively, MaTR classifiers provide a significant improvement over existing technologies and enable operators to achieve higher levels of situation awareness in cyberspace.
机译:关键业务流程向计算机网络的快速过渡可能使组织面临高级竞争对手的数字盗窃或破坏。恶意软件是窃取公司机密或操纵信息的一种工具。恶意软件规避了合法的身份验证机制,这对包括政府,军方,关键基础设施部门和企业在内的所有类型的组织都是一个流行问题。该研究提出,设计,实施和评估了一种新颖的恶意软件目标识别(MaTR)架构,用于恶意软件检测使用非基于指令的静态启发式功能和标准的机器学习算法,确定传播方法和有效载荷,以增强战术场景中的态势感知。静态启发式技术的最新研究成果集中于使用n-gram作为特征的检测,这些特征是通过计算确定的短n字节序列,这些序列占用大量资源进行计算,并且操作人员无法直接理解。 MaTR对已知恶意软件的检出准确率达到99.92%,假阳性率和假阴性率分别为8.73e-4和8.03e-4。相比之下,MaTR的性能优于领先的n-gram方法,统计上的检测精度提高了1%对抗已知恶意软件,误报率和误报率分别降低了85%和94%。对于一组公开未知的恶意软件,MaTR的检测准确性为98.56%,与n-gram方法相比,具有3.8%的工程优势,与三种商业防病毒产品的综合效果相比,其性能提高了65%(均具有统计学意义)。与现有研究相比,传播方法和有效载荷的MaTR识别率分别大于86%和83%,但依靠更简单的收集功能可以有效地进行再训练和重新部署。总体而言,MaTR分类器对现有技术进行了重大改进,使运营商可以在网络空间中实现更高水平的态势感知。

著录项

  • 作者

    Dube, Thomas E.;

  • 作者单位

    Air Force Institute of Technology.;

  • 授予单位 Air Force Institute of Technology.;
  • 学科 Engineering Computer.;Artificial Intelligence.
  • 学位 Ph.D.
  • 年度 2011
  • 页码 180 p.
  • 总页数 180
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号