Malware: Handbook of Prevention and DetectionКНИГИ » ПРОГРАММИНГ
Название: Malware: Handbook of Prevention and Detection Автор: Dimitris Gritzalis, Kim-Kwang Raymond Choo, Constantinos Patsakis Издательство: Springer Серия: Advances in Information Security Год: 2025 Страниц: 416 Язык: английский Формат: pdf (true) Размер: 26.3 MB
This book provides a holistic overview of current state of the art and practice in malware research as well as the challenges of malware research from multiple angles. It also provides step-by-step guides in various practical problems, such as unpacking real-world malware and dissecting it to collect and perform a forensic analysis. Similarly, it includes a guide on how to apply state-of-the-art Machine Learning methods to classify malware. Acknowledging that the latter is a serious trend in malware, one part of the book is devoted to providing the reader with the state-of-the-art in Machine Learning methods in malware classification, highlighting the different approaches that are used for, e.g., mobile malware samples and introducing the reader to the challenges that are faced when shifting from a lab to production environment.
The diversity of modern malware in terms of forms, viruses, worms, spyware, adware, trojans, backdoors, rootkits, and ransomware, to name a few, along with the numerous families and the exchange of methods and tooling among them have created a continuous evolving ecosystem. Although computer viruses were the most frequent form of malware a couple of decades ago, nowadays, it is ransomware that seems to be in the spotlight, mostly because of its impact on organizations and publicity. Nevertheless, not all malicious software is financially motivated, and the means of distribution, exploitation, exfiltration, as well as evasion and administration of the infected hosts may greatly vary.
Tensor decomposition is a powerful unsupervised machine learning technique capable of modeling multidimensional data, including that related to malware. This chapter discusses a method that employs tensor decomposition for malware analysis. We introduce an innovative ensemble semi-supervised classification algorithm named Random Forest of Tensors (RFoT). RFoT leverages tensor decomposition to extract intricate latent patterns from the data. Our hybrid model combines multidimensional analysis with clustering to capture sample groupings within latent components, aiding in distinguishing between malware and benign-ware. The patterns extracted from malware data using tensor decomposition heavily rely on the configuration of the tensor, including dimension, entry, and rank selection. To encompass diverse perspectives offered by different tensor configurations, we adopt the “wisdom of crowds” philosophy. This involves leveraging decisions made by the majority within a randomly generated ensemble of tensors, varying in dimensions, entries, and ranks. We illustrate RFoT’s effectiveness in classifying Windows Portable Executable (PE) malware and benign-ware. To promote the utility of tensor decomposition for malware analysis and ensure the reproducibility of our results, we have made our code publicly available.
Machine Learning-based approaches for detection of malware files or execution of malware have been experiencing growing attention both in academia and in the security industry. With an ever-increasing flood of new threats, the promise of these approaches is to establish a more proactive posture as compared to other methods such as signatures and heuristics. However, operating Machine Learning systems in a production environment is not a trivial task and often overlooked in academic works. In this work, we are giving an overview of the additional requirements, constraints, and complications stemming from running a Machine Learning model as part of such a larger system in an industry setting. This includes model-specific requirements, such as target false-positive rates, corpus size, and corpus diversity, and system-specific needs, such as false-positive/false-negative mitigation, robustness and cost of the model generation process, establishment of feedback mechanisms, deployment considerations, and implementation constraints. Lastly, we touch on common compliance and contractual considerations.
Part I. Theoretical Foundation and Modeling Part II. Machine Learning for Malware Classification 5. Machine Learning-Based Malware Detection in a Production Setting 6. Machine Learning for Windows Malware Detection and Classification: Methods, Challenges, and Ongoing Research 7. Conventional Machine Learning-Based Android Malware Detectors 8. Android Malware Detection Based on Novel Representations of Apps 9. Method to Automate the Classification of PE32 Malware Using Word2vec and LSTM Part III. Social and Legal Part IV. Malware Analysis in Practice and Evasions Part V. Malware Ecosystem
Скачать Malware: Handbook of Prevention and Detection
Practical Malware Analysis Название: Practical Malware Analysis Автор: Michael Sikorski and Andrew Honig Издательство: No Starch Press, Inc. Год: 2012 Формат: PDF Страниц: 802...
Навигация
Вход на сайт
Реклама
Malware: Handbook of Prevention and Detection 
