Loading…

Malware Target Recognition of Unknown Threats

Organizations traditionally use signature-based commercial antivirus products as a frontline defense against malware, but advanced persistent threats craft custom malicious tools to achieve their objectives. Organizations safeguarding sensitive information have difficulty in identifying new malware...

Full description

Saved in:
Bibliographic Details
Published in:IEEE systems journal 2013-09, Vol.7 (3), p.467-477
Main Authors: Dube, Thomas E., Raines, Richard A., Grimaila, Michael R., Bauer, Kenneth W., Rogers, Steven K.
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Organizations traditionally use signature-based commercial antivirus products as a frontline defense against malware, but advanced persistent threats craft custom malicious tools to achieve their objectives. Organizations safeguarding sensitive information have difficulty in identifying new malware threats among millions of benign executables using only signature-based antivirus systems. This paper extends a performance-based malware target recognition architecture that currently uses only static heuristic features. Experimental results show that this architectural component achieves an overall test accuracy of 98.5% against a malware set collected from operational environments, while three commercial antivirus products combine for a detection accuracy of only 60% with their most sensitive settings. Implementations of this architecture will enable organizations to self-discover new malware threats, providing enhanced situation awareness for cyberspace operators in hostile threat environments.
ISSN:1932-8184
1937-9234
DOI:10.1109/JSYST.2012.2221913