A Los Alamos National Laboratory research team is using artificial intelligence to address several critical gaps in large-scale malware analysis, making significant progress in classifying Microsoft Windows malware and paving the way for strengthened cybersecurity measures. With their approach, the team set a new world record in classifying malware families.
“Artificial intelligence methods developed for cyber defense systems, including large-scale defense systems malware “Our method addresses several of them.”
The team’s paper was recently published published In ACM Transactions on Privacy and Security.
This research presents an innovative method using AI that represents a significant advancement in the field of Windows malware classification. The approach achieves realistic classification of malware families by leveraging semi-supervised tensor decomposition methods and selective classification, especially the discard option.
“The reject option is the model’s ability to say ‘I don’t know,’ instead of making a bad decision, thus giving the model the ability to discover knowledge,” Eren said.
Cyber defense teams must quickly identify infected machines and malware. These malware can be designed specifically for their victims, making it difficult to collect large numbers of samples for traditional machine learning methods.
This new method can work accurately with samples containing larger and smaller datasets simultaneously (called class imbalance), allowing it to detect both rare and large malware families. He may also reject predictions if he is unsure of his answer. This could give security analysts the confidence to apply these techniques to practical, high-stakes situations, such as cyber defense, to detect new threats. Distinguishing between new threats and known types of malware specimens is a critical capability for developing mitigation strategies. Additionally, this method can maintain its performance even when limited data is used in its training.
Altogether, using discard and tensor decomposition methods to extract multi-faceted hidden patterns in the data provides superior ability to characterize malware. This achievement highlights the revolutionary nature of the team’s approach.
“To the best of our knowledge, our paper sets a new world record by simultaneously classifying an unprecedented number of malware families, surpassing previous work by a factor of 29, in addition to operating under extremely challenging real-world data conditions. limited, extreme. class imbalance and with the presence of new malware families,” Eren said.
The team’s tensor decomposition methods, with high performance computing and the capabilities of the graphics processing unit, are now available as a user-friendly Python library in GitHub.
More information:
Maksim E. Eren et al, Semi-supervised classification of malware families subject to extreme class imbalance via non-negative hierarchical matrix factorization with automatic model selection, ACM Transactions on Privacy and Security (2023). DOI: 10.1145/3624567
Provided by
Los Alamos National Laboratory
Quote: Using AI to develop enhanced cybersecurity measures (February 15, 2024) retrieved February 20, 2024 from https://techxplore.com/news/2024-02-ai-cybersecurity.html
This document is subject to copyright. Except for fair use for private study or research purposes, no part may be reproduced without written permission. The content is provided for information only.