Visible to the public Biblio

Filters: Keyword is zero-day vulnerabilities  [Clear All Filters]
2020-10-26
Walker, Aaron, Sengupta, Shamik.  2019.  Insights into Malware Detection via Behavioral Frequency Analysis Using Machine Learning. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
The most common defenses against malware threats involves the use of signatures derived from instances of known malware. However, the constant evolution of the malware threat landscape necessitates defense against unknown malware, making a signature catalog of known threats insufficient to prevent zero-day vulnerabilities from being exploited. Recent research has applied machine learning approaches to identify malware through artifacts of malicious activity as observed through dynamic behavioral analysis. We have seen that these approaches mimic common malware defenses by simply offering a method of detecting known malware. We contribute a new method of identifying software as malicious or benign through analysis of the frequency of Windows API system function calls. We show that this is a powerful technique for malware detection because it generates learning models which understand the difference between malicious and benign software, rather than producing a malware signature classifier. We contribute a method of systematically comparing machine learning models against different datasets to determine their efficacy in accurately distinguishing the difference between malicious and benign software.
2018-04-02
Hong, J. B., Kim, D. S..  2017.  Discovering and Mitigating New Attack Paths Using Graphical Security Models. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :45–52.

To provide a comprehensive security analysis of modern networked systems, we need to take into account the combined effects of existing vulnerabilities and zero-day vulnerabilities. In addition to them, it is important to incorporate new vulnerabilities emerging from threats such as BYOD, USB file sharing. Consequently, there may be new dependencies between system components that could also create new attack paths, but previous work did not take into account those new attack paths in their security analysis (i.e., not all attack paths are taken into account). Thus, countermeasures may not be effective, especially against attacks exploiting the new attack paths. In this paper, we propose a Unified Vulnerability Risk Analysis Module (UV-RAM) to address the aforementioned problems by taking into account the combined effects of those vulnerabilities and capturing the new attack paths. The three main functionalities of UV-RAM are: (i) to discover new dependencies and new attack paths, (ii) to incorporate new vulnerabilities introduced and zero-day vulnerabilities into security analysis, and (iii) to formulate mitigation strategies for hardening the networked system. Our experimental results demonstrate and validate the effectiveness of UV-RAM.