TWC: Small: Intelligent Malware Detection Utilizing Novel File Relation-Based Features and Resilient Techniques for Adversarial Attacks

TWC：小型：利用新颖的基于文件关系的功能和弹性技术进行对抗性攻击的智能恶意软件检测

• 批准号: 1618629
• 负责人: Yanfang Ye
• 金额: $ 48.17万
• 依托单位: West Virginia University Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-08-15 至 2019-11-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618629&HistoricalAwards=false
• 关键词: TWC; Small; Intelligent; Malware; Detection

Malware (e.g., viruses, worms, and Trojans) is software that deliberately fulfills the harmful intent of an attacker. It has been used as a major weapon by the cyber-criminals to launch a wide range of attacks that cause serious damages and significant financial losses to many Internet users. To protect legitimate users from these attacks, the most significant line of defense against malware is anti-malware software products, which predominately use signature-based methods to recognize threats. However, driven by considerable economic benefits, malware attackers are using automated malware development toolkits to quickly write and modify malicious codes that can evade detection by anti-malware products. In order to remain effective, the anti-malware industry calls for much more powerful methods that are capable of protecting the users against new threats and are more difficult to evade. The broader impacts of this work include benefits to the society at large by making cyberspace more secure and resilient to cyber-attacks. The project integrates research with education through curriculum development activities and engages graduate and undergraduate students in research. It is also expected to increase the involvement of underrepresented groups, including minority and women. The goal of this project is to design and develop intelligent and resilient solutions against malware attacks. The project is focused on the following research aims: (1) design novel relation-based features (e.g., file co-occurrence, file co-location, and bundled installations) that are more robust and harder to evade in malware detection; (2) design and develop an effective semi-supervised learning framework utilizing both content-based and relation-based features for malware detection; and (3) design and develop resilient techniques against adversarial attacks on machine learning/data mining based models. The techniques developed by this project will create a resilient platform, at both feature and model levels, against adversarial malware attacks. Furthermore, the proposed techniques are designed to be arm race capable, and can be used in other cyber security domains, such as anti-spam, fraud detection, and counter-terrorism. Through this project, a joint computer security lab will be established which aims at creating innovations for intelligent and resilient defenses against malware attacks as well as other cybersecurity threats.

恶意软件（例如病毒、蠕虫和特洛伊木马）是故意实现攻击者有害意图的软件。它已被网络犯罪分子用作发动大范围攻击的主要武器，给许多互联网用户造成严重损害和重大经济损失。为了保护合法用户免受这些攻击，抵御恶意软件的最重要防线是反恶意软件软件产品，它们主要使用基于签名的方法来识别威胁。然而，在可观经济利益的驱动下，恶意软件攻击者正在使用自动化恶意软件开发工具包来快速编写和修改可以逃避反恶意软件产品检测的恶意代码。为了保持有效性，反恶意软件行业需要更强大的方法，能够保护用户免受新威胁并且更难以规避。这项工作的更广泛影响包括通过使网络空间更加安全、更能抵御网络攻击，为整个社会带来好处。该项目通过课程开发活动将研究与教育结合起来，并吸引研究生和本科生参与研究。预计还将增加少数群体和妇女等代表性不足群体的参与。该项目的目标是设计和开发针对恶意软件攻击的智能且有弹性的解决方案。该项目重点关注以下研究目标：（1）设计新颖的基于关系的特征（例如文件共现、文件共置和捆绑安装），这些特征在恶意软件检测中更强大且更难以逃避； (2) 设计和开发一个有效的半监督学习框架，利用基于内容和基于关系的特征进行恶意软件检测； (3) 设计和开发针对基于机器学习/数据挖掘的模型的对抗性攻击的弹性技术。该项目开发的技术将在功能和模型级别创建一个弹性平台，以抵御对抗性恶意软件攻击。此外，所提出的技术被设计为具有军备竞赛能力，并且可以用于其他网络安全领域，例如反垃圾邮件、欺诈检测和反恐。通过该项目，将建立一个联合计算机安全实验室，旨在为智能和弹性防御恶意软件攻击以及其他网络安全威胁创造创新。