-
Artificial Intelligence Based Malware Analysis
Authors:
Avi Pfeffer,
Brian Ruttenberg,
Lee Kellogg,
Michael Howard,
Catherine Call,
Alison O'Connor,
Glenn Takata,
Scott Neal Reilly,
Terry Patten,
Jason Taylor,
Robert Hall,
Arun Lakhotia,
Craig Miles,
Dan Scofield,
Jared Frank
Abstract:
Artificial intelligence methods have often been applied to perform specific functions or tasks in the cyber-defense realm. However, as adversary methods become more complex and difficult to divine, piecemeal efforts to understand cyber-attacks, and malware-based attacks in particular, are not providing sufficient means for malware analysts to understand the past, present and future characteristics…
▽ More
Artificial intelligence methods have often been applied to perform specific functions or tasks in the cyber-defense realm. However, as adversary methods become more complex and difficult to divine, piecemeal efforts to understand cyber-attacks, and malware-based attacks in particular, are not providing sufficient means for malware analysts to understand the past, present and future characteristics of malware.
In this paper, we present the Malware Analysis and Attributed using Genetic Information (MAAGI) system. The underlying idea behind the MAAGI system is that there are strong similarities between malware behavior and biological organism behavior, and applying biologically inspired methods to corpora of malware can help analysts better understand the ecosystem of malware attacks. Due to the sophistication of the malware and the analysis, the MAAGI system relies heavily on artificial intelligence techniques to provide this capability. It has already yielded promising results over its development life, and will hopefully inspire more integration between the artificial intelligence and cyber--defense communities.
△ Less
Submitted 27 April, 2017;
originally announced April 2017.
-
Probabilistic Programming for Malware Analysis
Authors:
Brian Ruttenberg,
Lee Kellogg,
Avi Pfeffer
Abstract:
Constructing lineages of malware is an important cyber-defense task. Performing this task is difficult, however, due to the amount of malware data and obfuscation techniques by the authors. In this work, we formulate the lineage task as a probabilistic model, and use a novel probabilistic programming solution to jointly infer the lineage and creation times of families of malware.
Constructing lineages of malware is an important cyber-defense task. Performing this task is difficult, however, due to the amount of malware data and obfuscation techniques by the authors. In this work, we formulate the lineage task as a probabilistic model, and use a novel probabilistic programming solution to jointly infer the lineage and creation times of families of malware.
△ Less
Submitted 28 March, 2016;
originally announced March 2016.
-
Experiences with Automated Build and Test for Geodynamics Simulation Codes
Authors:
Eric M. Heien,
Todd L. Miller,
Becky Gietzel,
Louise H. Kellogg
Abstract:
The Computational Infrastructure for Geodynamics (CIG) is an NSF funded project that develops, supports, and disseminates community-accessible software for the geodynamics research community. CIG software supports a variety of computational geodynamic research from mantle and core dynamics, to crustal and earthquake dynamics, to magma migration and seismology. To support this type of project a bac…
▽ More
The Computational Infrastructure for Geodynamics (CIG) is an NSF funded project that develops, supports, and disseminates community-accessible software for the geodynamics research community. CIG software supports a variety of computational geodynamic research from mantle and core dynamics, to crustal and earthquake dynamics, to magma migration and seismology. To support this type of project a backend computational infrastructure is necessary.
Part of this backend infrastructure is an automated build and testing system to ensure codes and changes to them are compatible with multiple platforms and that the changes do not significantly affect the scientific results. In this paper we describe the build and test infrastructure for CIG based on the BaTLab system, how it is organized, and how it assists in operations. We demonstrate the use of this type of testing for a suite of geophysics codes, show why codes may compile on one platform but not on another, and demonstrate how minor changes may alter the computed results in unexpected ways that can influence the scientific interpretation. Finally, we examine result comparison between platforms and show how the compiler or operating system may affect results.
△ Less
Submitted 4 September, 2013;
originally announced September 2013.