Visible to the public Predicting Signatures of Future Malware Variants

TitlePredicting Signatures of Future Malware Variants
Publication TypeConference Paper
Year of Publication2017
AuthorsHoward, M., Pfeffer, A., Dalai, M., Reposa, M.
Conference Name2017 12th International Conference on Malicious and Unwanted Software (MALWARE)
Date Publishedoct
KeywordsClustering algorithms, defensive system, feature extraction, future family developments, future malware signatures, future malware variants, History, invasive software, learning (artificial intelligence), Malware, malware defense, malware detection systems, malware evolution, Predictive models, pubcrawl, resilience, Resiliency, Scalability, security of data, signature based defense, significant scientific development, Training, Vaccines
AbstractOne of the challenges of malware defense is that the attacker has the advantage over the defender. In many cases, an attack is successful and causes damage before the defender can even begin to prepare a defense. The ability to anticipate attacks and prepare defenses before they occur would be a significant scientific and technological development with practical applications in cybersecurity. In this paper, we present a method to augment machine learning-based malware detection systems by predicting signatures of future malware variants and injecting these variants into the defensive system as a vaccine. Our method uses deep learning to learn patterns of malware evolution from family histories. These evolution patterns are then used to predict future family developments. Our experiments show that a detection system augmented with these future malware signatures is able to detect future malware variants that could not be detected by the detection system alone. In particular, it detected 11 new malware variants without increasing false positives, while providing up to 5 months of lead time between prediction and attack.
DOI10.1109/MALWARE.2017.8323965
Citation Keyhoward_predicting_2017