| Title | Countering Malware Via Decoy Processes with Improved Resource Utilization Consistency |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Sutton, Sara, Bond, Benjamin, Tahiri, Sementa, Rrushi, Julian |
| Conference Name | 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA) |
| Date Published | dec |
| Keywords | BIOS Security, control flow graphs, decoy process, decoy processes, defensive deception, flow graphs, Heating systems, heatmap training mechanism, human factors, invasive software, learning (artificial intelligence), machine learning, Malware, Metrics, neural nets, Neural Network, Neural networks, Probes, pubcrawl, resilience, Resiliency, resource allocation, Resource management, resource utilization consistency, Scalability, Training |
| Abstract | The concept of a decoy process is a new development of defensive deception beyond traditional honeypots. Decoy processes can be exceptionally effective in detecting malware, directly upon contact or by redirecting malware to decoy I/O. A key requirement is that they resemble their real counterparts very closely to withstand adversarial probes by threat actors. To be usable, decoy processes need to consume only a small fraction of the resources consumed by their real counterparts. Our contribution in this paper is twofold. We attack the resource utilization consistency of decoy processes provided by a neural network with a heatmap training mechanism, which we find to be insufficiently trained. We then devise machine learning over control flow graphs that improves the heatmap training mechanism. A neural network retrained by our work shows higher accuracy and defeats our attacks without a significant increase in its own resource utilization. |
| DOI | 10.1109/TPS-ISA48467.2019.00022 |
| Citation Key | sutton_countering_2019 |
Countering Malware Via Decoy Processes with Improved Resource Utilization Consistency