Cargando…
End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware
Malware allegedly developed by nation-states, also known as advanced persistent threats (APT), are becoming more common. The task of attributing an APT to a specific nation-state or classifying it to the correct APT family is challenging for several reasons. First, each nation-state has more than a...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2018
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7512909/ https://www.ncbi.nlm.nih.gov/pubmed/33265480 http://dx.doi.org/10.3390/e20050390 |
| _version_ | 1783586266052296704 |
|---|---|
| author | Rosenberg, Ishai Sicard, Guillaume David, Eli (Omid) |
| author_facet | Rosenberg, Ishai Sicard, Guillaume David, Eli (Omid) |
| author_sort | Rosenberg, Ishai |
| collection | PubMed |
| description | Malware allegedly developed by nation-states, also known as advanced persistent threats (APT), are becoming more common. The task of attributing an APT to a specific nation-state or classifying it to the correct APT family is challenging for several reasons. First, each nation-state has more than a single cyber unit that develops such malware, rendering traditional authorship attribution algorithms useless. Furthermore, the dataset of such available APTs is still extremely small. Finally, those APTs use state-of-the-art evasion techniques, making feature extraction challenging. In this paper, we use a deep neural network (DNN) as a classifier for nation-state APT attribution. We record the dynamic behavior of the APT when run in a sandbox and use it as raw input for the neural network, allowing the DNN to learn high level feature abstractions of the APTs itself. We also use the same raw features for APT family classification. Finally, we use the feature abstractions learned by the APT family classifier to solve the attribution problem. Using a test set of 1000 Chinese and Russian developed APTs, we achieved an accuracy rate of 98.6% |
| format | Online Article Text |
| id | pubmed-7512909 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2018 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-75129092020-11-09 End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware Rosenberg, Ishai Sicard, Guillaume David, Eli (Omid) Entropy (Basel) Article Malware allegedly developed by nation-states, also known as advanced persistent threats (APT), are becoming more common. The task of attributing an APT to a specific nation-state or classifying it to the correct APT family is challenging for several reasons. First, each nation-state has more than a single cyber unit that develops such malware, rendering traditional authorship attribution algorithms useless. Furthermore, the dataset of such available APTs is still extremely small. Finally, those APTs use state-of-the-art evasion techniques, making feature extraction challenging. In this paper, we use a deep neural network (DNN) as a classifier for nation-state APT attribution. We record the dynamic behavior of the APT when run in a sandbox and use it as raw input for the neural network, allowing the DNN to learn high level feature abstractions of the APTs itself. We also use the same raw features for APT family classification. Finally, we use the feature abstractions learned by the APT family classifier to solve the attribution problem. Using a test set of 1000 Chinese and Russian developed APTs, we achieved an accuracy rate of 98.6% MDPI 2018-05-22 /pmc/articles/PMC7512909/ /pubmed/33265480 http://dx.doi.org/10.3390/e20050390 Text en © 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Rosenberg, Ishai Sicard, Guillaume David, Eli (Omid) End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware |
| title | End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware |
| title_full | End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware |
| title_fullStr | End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware |
| title_full_unstemmed | End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware |
| title_short | End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware |
| title_sort | end-to-end deep neural networks and transfer learning for automatic analysis of nation-state malware |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7512909/ https://www.ncbi.nlm.nih.gov/pubmed/33265480 http://dx.doi.org/10.3390/e20050390 |
| work_keys_str_mv | AT rosenbergishai endtoenddeepneuralnetworksandtransferlearningforautomaticanalysisofnationstatemalware AT sicardguillaume endtoenddeepneuralnetworksandtransferlearningforautomaticanalysisofnationstatemalware AT davideliomid endtoenddeepneuralnetworksandtransferlearningforautomaticanalysisofnationstatemalware |