Machine Learning for Malware Evolution Detection
Lolitha Sresta Tupadha, Mark Stamp
TL;DR
This paper explores machine learning methods, including HMM and word embedding techniques, to automatically detect points of evolution in malware families, aiding timely cybersecurity responses.
Contribution
It introduces automated machine learning techniques for malware evolution detection using HMM and word embedding methods, eliminating manual analysis.
Findings
HMM and word embedding methods effectively identify malware evolution points.
Automated techniques outperform manual analysis in detection speed.
The approach is applicable across various malware families.
Abstract
Malware evolves over time and antivirus must adapt to such evolution. Hence, it is critical to detect those points in time where malware has evolved so that appropriate countermeasures can be undertaken. In this research, we perform a variety of experiments on a significant number of malware families to determine when malware evolution is likely to have occurred. All of the evolution detection techniques that we consider are based on machine learning and can be fully automated -- in particular, no reverse engineering or other labor-intensive manual analysis is required. Specifically, we consider analysis based on hidden Markov models (HMM) and the word embedding techniques HMM2Vec and Word2Vec.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Evolutionary Game Theory and Cooperation · Advanced Malware Detection Techniques