Advanced Malware Detection Techniques based on Artificial Intelligence and Distributed Machine Learning

基于人工智能和分布式机器学习的先进恶意软件检测技术

• 批准号: 531722-2018
• 负责人: Niu, Di
• 金额: $ 2.91万
• 依托单位: University of Alberta
• 依托单位国家: 加拿大
• 项目类别: Collaborative Research and Development Grants
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=719701
• 关键词: Advanced; Malware; Detection; Techniques; based

Existing antivirus systems rely on signature-based, behavioural or sandbox-based solutions, which are insufficient in today's fast-changing Internet. Signature and heuristic based approaches are ineffective against targeted threats and new malware. Sandboxes can detect previously unknown threats, but are not effective at prevention, since the suspicious program must be executed in a sandbox, which often requires minutes or even hours. In this project, we aim to investigate the application of machine learning and automated big data processing to malware detection and analysis, focusing on four sub-projects: 1) Android Malware detection via extensive feature engineering and Factorization Machines; 2) Android Malware detection via Graph Convolutional Networks, a emerging deep learning technique executed on graphs; 3) PC Malware detection based on Deep Neural Networks and Genetic Algorithms; 4) the development of distributed algorithms and architectures for multiparty model training. The first subproject focuses on extracting Android app features into sparse arrays through the decompilation of APK files and then detecting malware via the use of a Factorization Machine. The the aim of the second subproject is to detect Android malware by generating an app's internal structure using call graphs. These graphs are then fed into Graph Convolutional Neural Networks. The third subproject will first aim to extract features from PC files into a common format and then both train and optimize Deep Neural Networks via the use of Genetic Algorithms. At its core, the final subproject is meant to allow different anti-virus clients to contribute to training machine learning models without sharing raw data or running into privacy leakage risks. The project will emphasize the development of actionable intelligence for malware detection and its large-scale implementation based on decentralized datasets in reality.

现有的防病毒系统依赖于基于签名的基于签名的基于签名的解决方案，这些解决方案在当今快速变化的互联网中不足。基于签名和启发式方法的方法对有针对性的威胁和新恶意软件无效。沙箱可以检测到以前未知的威胁，但在预防方面无效，因为可疑程序必须在沙箱中执行，这通常需要几分钟甚至数小时。在该项目中，我们旨在调查机器学习和自动数据处理在恶意软件检测和分析中的应用，重点关注四个子项目：1）通过广泛的功能工程和分解机Android恶意软件检测； 2）通过图形卷积网络检测Android恶意软件，这是一种在图表上执行的新兴深度学习技术； 3）基于深神网络和遗传算法的PC恶意软件检测； 4）开发用于多方模型培训的分布式算法和体系结构。第一个子项目的重点是通过APK文件的反编译将Android App功能提取到稀疏阵列中，然后通过使用分解计算机检测恶意软件。第二个子项目的目的是通过使用呼叫图生成应用程序的内部结构来检测Android恶意软件。然后将这些图馈入图形卷积神经网络。第三个子项目将首先旨在将PC文件中的功能提取到通用格式中，然后通过使用遗传算法来训练并优化深层神经网络。最终的副本旨在允许不同的反病毒客户为培训机器学习模型做出贡献，而无需共享原始数据或遇到隐私泄漏风险。该项目将强调基于现实中分散的数据集的恶意软件检测及其大规模实施的可行智能的发展。