-
Beyond the Hype: A Real-World Evaluation of the Impact and Cost of Machine Learning-Based Malware Detection
Authors:
Robert A. Bridges,
Sean Oesch,
Miki E. Verma,
Michael D. Iannacone,
Kelly M. T. Huffer,
Brian Jewell,
Jeff A. Nichols,
Brian Weber,
Justin M. Beaver,
Jared M. Smith,
Daniel Scofield,
Craig Miles,
Thomas Plummer,
Mark Daniell,
Anne M. Tall
Abstract:
In this paper, we present a scientific evaluation of four prominent malware detection tools to assist an organization with two primary questions: To what extent do ML-based tools accurately classify previously- and never-before-seen files? Is it worth purchasing a network-level malware detector? To identify weaknesses, we tested each tool against 3,536 total files (2,554 or 72\% malicious, 982 or…
▽ More
In this paper, we present a scientific evaluation of four prominent malware detection tools to assist an organization with two primary questions: To what extent do ML-based tools accurately classify previously- and never-before-seen files? Is it worth purchasing a network-level malware detector? To identify weaknesses, we tested each tool against 3,536 total files (2,554 or 72\% malicious, 982 or 28\% benign) of a variety of file types, including hundreds of malicious zero-days, polyglots, and APT-style files, delivered on multiple protocols. We present statistical results on detection time and accuracy, consider complementary analysis (using multiple tools together), and provide two novel applications of the recent cost-benefit evaluation procedure of Iannacone \& Bridges. While the ML-based tools are more effective at detecting zero-day files and executables, the signature-based tool may still be an overall better option. Both network-based tools provide substantial (simulated) savings when paired with either host tool, yet both show poor detection rates on protocols other than HTTP or SMTP. Our results show that all four tools have near-perfect precision but alarmingly low recall, especially on file types other than executables and office files -- 37% of malware tested, including all polyglot files, were undetected. Priorities for researchers and takeaways for end users are given.
△ Less
Submitted 17 August, 2022; v1 submitted 16 December, 2020;
originally announced December 2020.
-
Experimental Four-photon Entanglement and High-fidelity Teleportation
Authors:
Jian-Wei Pan,
Matthew Daniell,
Sara Gasparoni,
Gregor Weihs,
Anton Zeilinger
Abstract:
We experimentally demonstrate observation of highly pure four-photon GHZ entanglement produced by parametric down-conversion and a projective measurement. At the same time this also demonstrates teleportation of entanglement with very high purity. Not only does the achieved high visibility enable various novel tests of quantum nonlocality, it also opens the possibility to experimentally investig…
▽ More
We experimentally demonstrate observation of highly pure four-photon GHZ entanglement produced by parametric down-conversion and a projective measurement. At the same time this also demonstrates teleportation of entanglement with very high purity. Not only does the achieved high visibility enable various novel tests of quantum nonlocality, it also opens the possibility to experimentally investigate various quantum computation and communication schemes with linear optics. Our technique can in principle be used to produce entanglement of arbitrarily high order or, equivalently, teleportation and entanglement swap** over multiple stages.
△ Less
Submitted 9 April, 2001;
originally announced April 2001.
-
Observation of three-photon Greenberger-Horne-Zeilinger entanglement
Authors:
Dik Bouwmeester,
Jian-Wei Pan,
Matthew Daniell,
Harald Weinfurter,
Anton Zeilinger
Abstract:
We present the experimental observation of polarization entanglement for three spatially separated photons. Such states of more than two entangled particles, known as GHZ states, play a crucial role in fundamental tests of quantum mechanics versus local realism and in many quantum information and quantum computation schemes. Our experimental arrangement is such that we start with two pairs of en…
▽ More
We present the experimental observation of polarization entanglement for three spatially separated photons. Such states of more than two entangled particles, known as GHZ states, play a crucial role in fundamental tests of quantum mechanics versus local realism and in many quantum information and quantum computation schemes. Our experimental arrangement is such that we start with two pairs of entangled photons and register one photon in a way that any information as to which pair it belongs to is erased. The registered events at the detectors for the remaining three photons then exhibit the desired GHZ correlations.
△ Less
Submitted 13 October, 1998;
originally announced October 1998.
-
A posteriori teleportation ?
Authors:
Dik Bouwmeester,
Jian-Wei Pan,
Matthew Daniell,
Harald Weinfurter,
Marek Zukowski,
Anton Zeilinger
Abstract:
Braunstein and Kimble observe correctly that, in the Innsbruck experiment, Nature 390, 575 (1997), one does not always observe a teleported photon conditioned on a coincidence recording at the Bell-state analyser. However, when a teleported photon appears, it has all the properties required by the teleportation protocol.
Braunstein and Kimble observe correctly that, in the Innsbruck experiment, Nature 390, 575 (1997), one does not always observe a teleported photon conditioned on a coincidence recording at the Bell-state analyser. However, when a teleported photon appears, it has all the properties required by the teleportation protocol.
△ Less
Submitted 3 October, 1998;
originally announced October 1998.