Abstract

We propose a method to automatically group unknown binaries executed in sandbox according to their interaction with system resources (files on the filesystem, mutexes, registry keys, network communication with remote servers and error messages generated by operating system) such that each group corresponds to a malware family. The method utilizes probabilistic generative model (Bernoulli mixture model), which allows human-friendly prioritization of identified clusters and extraction of readable behavioral indicators to maximize interpretability. We compare it to relevant prior art on a large set of malware binaries where a quality of cluster prioritization and automatic extraction of indicators of compromise is demonstrated. The proposed approach therefore implements complete pipeline which has the potential to significantly speed-up analysis of unknown samples.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Machine learning using Bernoulli mixture models: Clustering, rule extraction and dimensionality reduction
Mehreen Saeed ... Haroon Atique Babri
Neurocomputing | VOL. 119
Mehreen Saeed, et. al.Mehreen Saeed ... Haroon Atique Babri
22 May 2013
Model Description of Similarity-Based Recommendation Systems.
Takafumi Kanamori ... Naoya Osugi
Entropy (Basel, Switzerland) | VOL. 21
Takafumi Kanamori, et. al.Takafumi Kanamori ... Naoya Osugi
17 Jul 2019
Dependent Credit Default Risk Modelling Using Bernoulli Mixture Models
...
American Journal of Theoretical and Applied Statistics | VOL. 10
, et. al. ...
01 Jan 2020
Multiple instance learning for malware classification
Jan Stiborek ... Martin Rehák
Expert Systems With Applications | VOL. 93
Jan Stiborek, et. al.Jan Stiborek ... Martin Rehák
16 Oct 2017
View more papers

More From: Computers & Security

Paper Title
Journal
Date
Author
Navigating Challenging Terrain Surrounding DoD Response to Homeland Attacks on Critical Infrastructure: Case Studies of Prior Incidents Utilizing an Extended Taxonomy of Cyber Harms
Louis Nolan ... Deanna House
Computers & Security | VOL. -
Louis Nolan, et. al.Louis Nolan ... Deanna House
01 Nov 2024
Covert timing channel detection based on isolated binary trees
Yuwei Lin ... Xiaolong Zhuang
Computers & Security | VOL. -
Yuwei Lin, et. al.Yuwei Lin ... Xiaolong Zhuang
01 Nov 2024
RanSMAP: Open dataset of Ransomware Storage and Memory Access Patterns for creating deep learning based ransomware detectors
Manabu Hirano ... Ryotaro Kobayashi
Computers & Security | VOL. -
Manabu Hirano, et. al.Manabu Hirano ... Ryotaro Kobayashi
01 Nov 2024
Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks
Shifa Shoukat ... Muhammad Adil
Computers & Security | VOL. -
Shifa Shoukat, et. al.Shifa Shoukat ... Muhammad Adil
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.