ASPIRE: Automated Security Policy Implementation Using Reinforcement Learning

05/25/2019
by   Yoni Birman, et al.
0

Malware detection is an ever-present challenge for all organizational gatekeepers. Organizations often deploy numerous different malware detection tools, and then combine their output to produce a final classification for an inspected file. This approach has two significant drawbacks. First, it requires large amounts of computing resources and time since every incoming file needs to be analyzed by all detectors. Secondly, it is difficult to accurately and dynamically enforce a predefined security policy that comports with the needs of each organization (e.g., how tolerant is the organization to false negatives and false positives). In this study we propose ASPIRE, a reinforcement learning (RL)-based method for malware detection. Our approach receives the organizational policy -- defined solely by the perceived costs of correct/incorrect classifications and of computing resources -- and then dynamically assigns detection tools and sets the detection threshold for each inspected file. We demonstrate the effectiveness and robustness of our approach by conducting an extensive evaluation on multiple organizational policies. ASPIRE performed well in all scenarios, even achieving near-optimal accuracy of 96.21 time of this baseline.

READ FULL TEXT

page 2

page 4

page 5

page 6

page 8

page 9

page 10

page 11

research
11/27/2021

Assessing the Effectiveness of YARA Rules for Signature-Based Malware Detection and Classification

Malware often uses obfuscation techniques or is modified slightly to eva...
research
10/22/2020

Getting Passive Aggressive About False Positives: Patching Deployed Malware Detectors

False positives (FPs) have been an issue of extreme importance for anti-...
research
06/20/2019

Finding Needles in a Moving Haystack: Prioritizing Alerts with Adversarial Reinforcement Learning

Detection of malicious behavior is a fundamental problem in security. On...
research
08/28/2023

AI ATAC 1: An Evaluation of Prominent Commercial Malware Detectors

This work presents an evaluation of six prominent commercial endpoint ma...
research
09/22/2022

Reinforcement Learning in Computing and Network Convergence Orchestration

As computing power is becoming the core productivity of the digital econ...
research
08/14/2021

A Policy-based Versioning SSD with Intel SGX

Privileged malware neutralizes software-based versioning systems and des...
research
03/24/2022

MERLIN – Malware Evasion with Reinforcement LearnINg

In addition to signature-based and heuristics-based detection techniques...

Please sign up or login with your details

Forgot password? Click here to reset