[Defense] Dynamic Analysis and Representation Learning For Malware Family Classification
Tuesday, December 14, 2021
12:00 pm - 1:00 pm
Ayman El Aassal
will defend his proposal
Dynamic Analysis and Representation Learning For Malware Family Classification
The current research on malware detection focuses on the binary classification of benign vs. malicious samples. However, cyber security researchers rarely focus on the multiclass classification problem of malware families and their variants. Many static detection tools use a signature-based approach, which leads to the proliferation of malware variants. Solving this problem will have a considerable impact since correctly classifying the malware category implies knowing the malware’s behavior on the target system, which leads to an efficient response of the security team. To fill this gap in the malware detection and classification research, we first address the dataset availability and quality issues found in the literature by suggesting using a new dataset and proper ground truth labeling methods. Then we propose a new way of analyzing malware execution trace with NLP and behavior graphs and compare these two methods using machine learning models on the new dataset. After achieving good accuracy with graph features, we apply Representation Learning methods on malware behavior graphs, significantly improving our model’s performance. The performance encouraged us to explore the field of Machine Learning with Graphs and apply Graph Neural Networks on malware behavior graphs not only for classification but also to extend their application to detecting new malware variants.
12:00 PM - 1:00 PM CT
Online via Zoom
Dr. Stephen Huang, dissertation advisor
Faculty, students and the general public are invited.