TWC: Small: Intelligent Malware Detection Utilizing Novel File Relation-Based Features and Resilient Techniques for Adversarial Attacks

TWC：小型：利用新颖的基于文件关系的功能和弹性技术进行对抗性攻击的智能恶意软件检测

• 批准号: 1618629
• 负责人: Yanfang Ye
• 金额: $ 48.17万
• 依托单位: West Virginia University Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-08-15 至 2019-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618629&HistoricalAwards=false
• 关键词: TWC; Small; Intelligent; Malware; Detection

Malware (e.g., viruses, worms, and Trojans) is software that deliberately fulfills the harmful intent of an attacker. It has been used as a major weapon by the cyber-criminals to launch a wide range of attacks that cause serious damages and significant financial losses to many Internet users. To protect legitimate users from these attacks, the most significant line of defense against malware is anti-malware software products, which predominately use signature-based methods to recognize threats. However, driven by considerable economic benefits, malware attackers are using automated malware development toolkits to quickly write and modify malicious codes that can evade detection by anti-malware products. In order to remain effective, the anti-malware industry calls for much more powerful methods that are capable of protecting the users against new threats and are more difficult to evade. The broader impacts of this work include benefits to the society at large by making cyberspace more secure and resilient to cyber-attacks. The project integrates research with education through curriculum development activities and engages graduate and undergraduate students in research. It is also expected to increase the involvement of underrepresented groups, including minority and women. The goal of this project is to design and develop intelligent and resilient solutions against malware attacks. The project is focused on the following research aims: (1) design novel relation-based features (e.g., file co-occurrence, file co-location, and bundled installations) that are more robust and harder to evade in malware detection; (2) design and develop an effective semi-supervised learning framework utilizing both content-based and relation-based features for malware detection; and (3) design and develop resilient techniques against adversarial attacks on machine learning/data mining based models. The techniques developed by this project will create a resilient platform, at both feature and model levels, against adversarial malware attacks. Furthermore, the proposed techniques are designed to be arm race capable, and can be used in other cyber security domains, such as anti-spam, fraud detection, and counter-terrorism. Through this project, a joint computer security lab will be established which aims at creating innovations for intelligent and resilient defenses against malware attacks as well as other cybersecurity threats.

恶意软件（例如病毒，蠕虫和特洛伊木马）是故意满足攻击者有害意图的软件。网络犯罪分子已将其用作主要武器，以发动广泛的攻击，造成严重损失和对许多互联网用户的重大财务损失。为了保护合法用户免受这些攻击的侵害，针对恶意软件的最重要的防御方法是反恶意软件产品，主要使用基于签名的方法来识别威胁。但是，在相当大的经济利益的驱动下，恶意软件攻击者正在使用自动化的恶意软件开发工具包来快速编写和修改恶意代码，以通过反恶意软件逃避检测。为了保持有效性，反恶意软件行业要求采用更强大的方法，这些方法能够保护用户免受新的威胁，并且更难逃避。这项工作的更广泛的影响包括通过使网络空间更加安全和对网络攻击的弹性来对整个社会的好处。该项目通过课程开发活动将研究与教育融为一体，并吸引研究生和本科生从事研究。预计它将增加包括少数族裔和妇女在内的代表性不足的群体的参与。该项目的目的是设计和开发针对恶意软件攻击的智能和弹性解决方案。该项目的重点是以下研究目的：（1）设计基于关系的功能（例如，文件共发生，文件共同定位和捆绑的安装），这些功能在恶意软件检测中更强大，更难逃避； （2）使用基于内容和基于关系的功能进行恶意软件检测设计和开发有效的半监督学习框架； （3）设计和开发针对基于机器学习/基于数据挖掘的模型的对抗性攻击的弹性技术。该项目开发的技术将在功能和模型级别上为对抗性恶意软件攻击创建一个有弹性的平台。此外，所提出的技术旨在具有手臂种族的能力，可用于其他网络安全域，例如反垃圾邮件，欺诈检测和反恐。通过该项目，将建立一个联合计算机安全实验室，旨在为针对恶意软件攻击以及其他网络安全威胁创造创新。