Extended Abstract: Mimicry Resilient Program Behavior Modeling with LSTM based Branch Models

03/24/2018
by   Hayoon Yi, et al.
0

In the software design, protecting a computer system from a plethora of software attacks or malware in the wild has been increasingly important. One branch of research to detect the existence of attacks or malware, there has been much work focused on modeling the runtime behavior of a program. Stemming from the seminal work of Forrest et al., one of the main tools to model program behavior is system call sequences. Unfortunately, however, since mimicry attacks were proposed, program behavior models based solely on system call sequences could no longer ensure the security of systems and require additional information that comes with its own drawbacks. In this paper, we report our preliminary findings in our research to build a mimicry resilient program behavior model that has lesser drawbacks. We employ branch sequences to harden our program behavior model against mimicry attacks while employing hardware features for efficient extraction of such branch information during program runtime. In order to handle the large scale of branch sequences, we also employ LSTM, the de facto standard in deep learning based sequence modeling and report our preliminary experiments on its interaction with program branch sequences.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
10/17/2019

Heterogeneous Graph Matching Networks

Information systems have widely been the target of malware attacks. Trad...
research
09/30/2018

anthem: Transforming gringo Programs into First-Order Theories (Preliminary Report)

In a recent paper by Harrison et al., the concept of program completion ...
research
01/21/2020

Towards Semantic Clone Detection via Probabilistic Software Modeling

Semantic clones are program components with similar behavior, but differ...
research
08/10/2022

Sequence Feature Extraction for Malware Family Analysis via Graph Neural Network

Malicious software (malware) causes much harm to our devices and life. W...
research
03/11/2021

Stochastic-HMDs: Adversarial Resilient Hardware Malware Detectors through Voltage Over-scaling

Machine learning-based hardware malware detectors (HMDs) offer a potenti...
research
06/15/2022

Robust Attack Graph Generation

We present a method to learn automaton models that are more robust to in...
research
12/10/2018

Deep Program Reidentification: A Graph Neural Network Solution

Program or process is an integral part of almost every IT/OT system. Can...

Please sign up or login with your details

Forgot password? Click here to reset