sigmal a static signal processing based malware triage
play

SigMal: A Static Signal Processing Based Malware Triage Dhilung - PowerPoint PPT Presentation

Dec 06, 2022 •278 likes •454 views

SigMal: A Static Signal Processing Based Malware Triage Dhilung Kirat Lakshmanan Nataraj Giovanni Vigna B.S Manjunath Ezeanaka Kingsley CISC850 Cyber Analytics CISC850 Cyber Analytics Abstract Sigmal as a malware detection framework -

  1. SigMal: A Static Signal Processing Based Malware Triage Dhilung Kirat Lakshmanan Nataraj Giovanni Vigna B.S Manjunath Ezeanaka Kingsley CISC850 Cyber Analytics

  2. CISC850 Cyber Analytics Abstract Sigmal as a malware detection framework - Results of testing Sigmal on samples -

  3. CISC850 Cyber Analytics Introduction ● Static, dynamic and statistical analyses ● Malwares variants ● N-gram feature extraction

  4. CISC850 Cyber Analytics

  5. CISC850 Cyber Analytics Signal processing based features • Feature extraction, Feature computation Section aware feature extraction

  6. CISC850 Cyber Analytics

  7. CISC850 Cyber Analytics Comparison • N-gram based detection • PE structure based detection • Control flow graph-based detection

  8. CISC850 Cyber Analytics • Benign, Malicious and real world datasets collected

  9. CISC850 Cyber Analytics Evaluation Fig 5: Feature robustness against noise.

  10. CISC850 Cyber Analytics Fig. 6 : Nearest neighbor distribution for a 100 thousand samples

  11. CISC850 Cyber Analytics Fig. 7 : Comparison of malware detection algorithms

  12. CISC850 Cyber Analytics Fig. 8 : Query performance comparison.

  13. CISC850 Cyber Analytics Real world experiments

  14. CISC850 Cyber Analytics Results: Fig. 10: Precision and recall of the Sigmal detection on the real world samples.

  15. CISC850 Cyber Analytics

  16. CISC850 Cyber Analytics Limitations and Related Work: • Signal Processing • Static malware similarity

  17. CISC850 Cyber Analytics Conclusion: • Sigmal detection framework. • Heuristics based features • High precision capability.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin TAKAHIRO HARUYAMA

Fast and Generic Malware Triage Using openioc_scan Volatility Plugin TAKAHIRO HARUYAMA

Fast and Generic Malware Triage Using openioc_scan Volatility Plugin TAKAHIRO HARUYAMA (@CCI_FORENSICS) INTERNET INITIATIVE JAPAN INC. Digital Forensics Research Conference Europe 2015 Who am I? 2 Forensic Investigator & Malware

796 views • 27 slides
Signal Processing - Introduction Signal Processing Analogue/digital filters: extensively used

Signal Processing - Introduction Signal Processing Analogue/digital filters: extensively used

Instrumentation (and Signal Processing Process Control) Fall 1393 Bonab University Signal Processing - Introduction Signal Processing Analogue/digital filters: extensively used in sensor signal processing Pre-processing

894 views • 32 slides
When Malware is Packin Heat; Limits of Machine Learning Classifiers Based on Static Analysis

When Malware is Packin Heat; Limits of Machine Learning Classifiers Based on Static Analysis

When Malware is Packin Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features Hojjat Aghakhani , Fabio Gri*, Francesco Mecca, Mar0na Lindorfer, Stefano Ortolani, Davide Balzaro*, Giovanni Vigna, Christopher Kruegel

1.01k views • 53 slides
Waveform Generation Fundamental part of signal processing is the signal. Within the

Waveform Generation Fundamental part of signal processing is the signal. Within the

Waveform Generation Fundamental part of signal processing is the signal. Within the context of hardware implementations of signal processing this signal may arise from: A local waverform/signal generator. Continuous stream from a

492 views • 26 slides
On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware

On Static Malware Detection Tayssir Touili LIPN, CNRS & Univ. Paris 13 Motivation: Malware Detection The number of new malware exceeds 75 million by the end of 2011, and is still increasing. The number of malware that produced

1.34k views • 91 slides
Triage Training Describe role of triage and use of the triage tag Demonstrate how to fill

Triage Training Describe role of triage and use of the triage tag Demonstrate how to fill

Triage Training Describe role of triage and use of the triage tag Demonstrate how to fill out the tag Hand out three blank triage tags & 3 paint stick patients Assist and review student triage tags Question and answer time

622 views • 11 slides
CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7,

CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7,

CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7, 2017 Signature-based Anti-Virus Systems By far, the most popular weapon against cyber attacks is signature-based antivirus software. When

709 views • 12 slides
Triage in Trouble Hospital emergency rooms are busy Patients are impatient Triage

Triage in Trouble Hospital emergency rooms are busy Patients are impatient Triage

A Triage Information Agent (TIA) based on the IDA Technology Stan Franklin and Dan Jones, M.D. Computer Science Division & Institute for Intelligent Systems The University of Memphis 1 Triage in Trouble Hospital emergency rooms are

389 views • 6 slides
Speech Processing 11-492/18-492 Speech Synthesis Signal Processing Signal Manipulation

Speech Processing 11-492/18-492 Speech Synthesis Signal Processing Signal Manipulation

Speech Processing 11-492/18-492 Speech Synthesis Signal Processing Signal Manipulation Signal Parameterization Joining LPC PSOLA: pitch and duration modification Statistical Parameterization MELCEP/MLSA LSF, STRAIGHT,

728 views • 25 slides
MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me Malware RE @ Trusteer, IBM, Seculert binary analysis automation sandbox development Now in vEYE Security on software container

591 views • 48 slides
Baseband Signal Processing Framework Baseband Signal Processing Framework for the OsmocomBB GSM

Baseband Signal Processing Framework Baseband Signal Processing Framework for the OsmocomBB GSM

Baseband Signal Processing Framework Baseband Signal Processing Framework for the OsmocomBB GSM Protocol Stack Harald Krll, Christian Benkeser, Stefan Zwicky, Benjamin Weber, Qiuting Huang Integrated Systems Laboratory, ETH Zurich d S b i h

306 views • 26 slides
Fast L0-based Sparse Signal Recovery Nick Kingsbury and Yingsong Zhang Signal Processing Group

Fast L0-based Sparse Signal Recovery Nick Kingsbury and Yingsong Zhang Signal Processing Group

Fast L0-based Sparse Signal Recovery Nick Kingsbury and Yingsong Zhang Signal Processing Group Department of Engineering ACVT seminar, Adelaide May 2011 Outline Introduction 1 L0 reweighted-L2 Minimization 2 IRLS Basic Model Basic

642 views • 34 slides
Signal Processing General Introduction Based Intrusion Detection Using Several drawbacks to

Signal Processing General Introduction Based Intrusion Detection Using Several drawbacks to

Signal Processing General Introduction Based Intrusion Detection Using Several drawbacks to signature-based PCA detection Human intervention By Jeff Terrell Not adaptive; can't learn For COMP 290 - IDS - Spring 2005 Can be

360 views • 7 slides
CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu February 1, 2017 Static Analysis Static Analysis is the process of documenting your observations about what identifying characteristics a

575 views • 8 slides
Mining malware specifications through static reachability analysis Hugo Daniel Macedo 1 Tayssir

Mining malware specifications through static reachability analysis Hugo Daniel Macedo 1 Tayssir

Introduction Mining specifications Detecting malware Results References Mining malware specifications through static reachability analysis Hugo Daniel Macedo 1 Tayssir Touili 2 1 INRIA Rocqencourt 2 LIAFA Univ. Paris 7 November 4, 2013

870 views • 45 slides
DSU Modifications Gareth McLoughlin 12 November 2014 SONI Grid Code Review Panel Meeting 5

DSU Modifications Gareth McLoughlin 12 November 2014 SONI Grid Code Review Panel Meeting 5

DSU Modifications Gareth McLoughlin 12 November 2014 SONI Grid Code Review Panel Meeting 5 Modifications 1. Background 2. Frequency Requirements for Generation operated as part of a DSU 3. Application Form Data Requirements 4. Notice Time

269 views • 12 slides
Instruments in Department of Meteorology and Hydrology MYANMAR Htay Lwin Myanmar Participant

Instruments in Department of Meteorology and Hydrology MYANMAR Htay Lwin Myanmar Participant

Instruments in Department of Meteorology and Hydrology MYANMAR Htay Lwin Myanmar Participant 1. Rainfall 1. Meteorological Stations 2. Maximum Temperature 2. Hydrological Stations 3. Minimum Temperature 3. Meteorological and

575 views • 19 slides
Sideband during MD2485 Amplitude Detuning Joschua Dilly Sideband during MD2485 Amplitude

Sideband during MD2485 Amplitude Detuning Joschua Dilly Sideband during MD2485 Amplitude

Sideband during MD2485 Amplitude Detuning Joschua Dilly Sideband during MD2485 Amplitude Detuning 2 Sideband Results Sideband during MD2485 Amplitude Detuning 3 Sideband Sideband during MD2485 Amplitude Detuning 4 Tune Sideband

548 views • 19 slides
First Nation Strategic Partnerships Dan Rochon, CA Controller Agenda Background

First Nation Strategic Partnerships Dan Rochon, CA Controller Agenda Background

First Nation Strategic Partnerships Dan Rochon, CA Controller Agenda Background Industry Needs First Nation Participation Joint Venture Process Practical Examples Factors for Success 2 RESPECT. BUILDING. PROGRESS.

315 views • 29 slides
Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL

Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL

Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL Processes Rennes, November 04, 2005 Hamoudi Kalla and Jean-Pierre Talpin Espresso Team Outline Introduction Preliminaries Translating C/C++

526 views • 25 slides
Project C/CAG TAC Meeting February 15, 2018 Project Scope Implement Traffic Signal Priority

Project C/CAG TAC Meeting February 15, 2018 Project Scope Implement Traffic Signal Priority

Samtrans Traffic Signal Priority Project C/CAG TAC Meeting February 15, 2018 Project Scope Implement Traffic Signal Priority (TSP) for Samtrans buses along El Camino Real in San Mateo County 26 miles corridor between Daly City BART and

193 views • 7 slides
Performance Bounds for Computational Imaging Oliver Cossairt Assistant Professor Northwestern

Performance Bounds for Computational Imaging Oliver Cossairt Assistant Professor Northwestern

Performance Bounds for Computational Imaging Oliver Cossairt Assistant Professor Northwestern University Collaborators: Mohit Gupta 1 , Changyin Zhou 1 , Daniel Miau 1 , Shree Nayar 1 , Kaushik Mitra 2 , Ashok Veeraraghavan 2 1 Columbia

724 views • 45 slides
A Global Perspective of 5G Network Performance Michael Thelander, President October 2019 Key

A Global Perspective of 5G Network Performance Michael Thelander, President October 2019 Key

A Global Perspective of 5G Network Performance Michael Thelander, President October 2019 Key Highlights 5G is providing meaningful capacity gains to LTE networks on a global basis with LTE extending the coverage, reliability and speeds

498 views • 29 slides

More recommend