EsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threats
作者: Jorge Maestre Vidal , Marco Antonio Sotelo Monge , Sergio Mauricio Martínez Monterrubio
DOI: 10.1016/J.FUTURE.2019.10.022
关键词:
摘要: Abstract The emergent communication technologies landscape has consolidated the anomaly-based intrusion detection paradigm as one of most prominent solutions able to discover unprecedented malicious traits. It relied on building models normal/legitimate activities registered at protected systems, from them analyzing incoming observations looking for significant discordances that may reveal misbehaviors. But in last years, adversarial machine learning introduced never-seen-before evasion procedures jeopardize traditional methods, thus entailing major emerging challenges cybersecurity landscape. With aim contributing their adaptation against threats, this paper presents EsPADA (Enhanced Payload Analyzer malware Detection robust Adversarial threats), a novel approach built grounds PAYL sensor family. At SPARTA Training stage, both normal and are constructed according features extracted by N-gram, which stored within Counting Bloom Filters (CBF). In way it is possible take advantage binary-based spectral-based traffic modeling detection. payloads be analyzed collected environment compared with usage previously Training. This leads calculate different scores allow discriminate nature (normal or suspicious) assess labeling coherency, latest studied estimating likelihood payload disguising mimicry attacks. effectiveness was demonstrated public datasets DARPA’99 UCM 2011 achieving promising preliminarily results.
sci-hub.se 参考文章(50)
J. Shana, T. Venkatachalam, An Improved Method for Counting Frequent Itemsets Using Bloom Filter Procedia Computer Science. ,vol. 47, pp. 84- 91 ,(2015) , 10.1016/J.PROCS.2015.03.186
Tomáš Pevný, Loda: Lightweight on-line detector of anomalies Machine Learning. ,vol. 102, pp. 275- 304 ,(2016) , 10.1007/S10994-015-5521-0
P. Garcia-Teodoro, J.E. Diaz-Verdejo, J.E. Tapiador, R. Salazar-Hernandez, Automatic generation of HTTP intrusion signatures by selective identification of anomalies Computers & Security. ,vol. 55, pp. 159- 174 ,(2015) , 10.1016/J.COSE.2015.09.007
Gregory Ditzler, Manuel Roveri, Cesare Alippi, Robi Polikar, Learning in Nonstationary Environments: A Survey IEEE Computational Intelligence Magazine. ,vol. 10, pp. 12- 25 ,(2015) , 10.1109/MCI.2015.2471196
Grigori Sidorov, Francisco Velasquez, Efstathios Stamatatos, Alexander Gelbukh, Liliana Chanona-Hernández, Syntactic N-grams as machine learning features for natural language processing Expert Systems With Applications. ,vol. 41, pp. 853- 860 ,(2014) , 10.1016/J.ESWA.2013.08.015
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Richard Lippmann, Joshua W Haines, David J Fried, Jonathan Korba, Kumar Das, The 1999 DARPA off-line intrusion detection evaluation recent advances in intrusion detection. ,vol. 34, pp. 579- 595 ,(2000) , 10.1016/S1389-1286(00)00139-0
F.Y. Edgeworth, XLI. On discordant observations Philosophical Magazine Series 1. ,vol. 23, pp. 364- 375 ,(1887) , 10.1080/14786448708628471
Nicholas Dahm, Horst Bunke, Terry Caelli, Yongsheng Gao, Efficient subgraph matching using topological node feature constraints Pattern Recognition. ,vol. 48, pp. 317- 330 ,(2015) , 10.1016/J.PATCOG.2014.05.018
Ori Rottenstreich, Isaac Keslassy, The Bloom paradox: when not to use a Bloom filter IEEE ACM Transactions on Networking. ,vol. 23, pp. 703- 716 ,(2015) , 10.1109/TNET.2014.2306060