SLIDE 1
CISC850 Cyber Analytics
- Sigmal as a malware detection framework
- Results of testing Sigmal on samples
SigMal: A Static Signal Processing Based Malware Triage Dhilung - - PowerPoint PPT Presentation
SigMal: A Static Signal Processing Based Malware Triage Dhilung - - PowerPoint PPT Presentation
SigMal: A Static Signal Processing Based Malware Triage Dhilung Kirat Lakshmanan Nataraj Giovanni Vigna B.S Manjunath Ezeanaka Kingsley CISC850 Cyber Analytics CISC850 Cyber Analytics Abstract Sigmal as a malware detection framework -
SLIDE 2
SLIDE 3
- Static, dynamic and statistical analyses
- Malwares variants
- N-gram feature extraction
Introduction
CISC850 Cyber Analytics
SLIDE 4
CISC850 Cyber Analytics
SLIDE 5
CISC850 Cyber Analytics
Signal processing based features
- Feature extraction, Feature computation
Section aware feature extraction
SLIDE 6
CISC850 Cyber Analytics
SLIDE 7
Comparison
- N-gram based detection
- PE structure based detection
- Control flow graph-based detection
CISC850 Cyber Analytics
SLIDE 8
- Benign, Malicious and real world datasets collected
CISC850 Cyber Analytics
SLIDE 9
CISC850 Cyber Analytics
Fig 5: Feature robustness against noise.
Evaluation
SLIDE 10
CISC850 Cyber Analytics
- Fig. 6 : Nearest neighbor distribution for a 100 thousand samples
SLIDE 11
CISC850 Cyber Analytics
- Fig. 7 : Comparison of malware detection algorithms
SLIDE 12
CISC850 Cyber Analytics
- Fig. 8 : Query performance comparison.
SLIDE 13
Real world experiments
CISC850 Cyber Analytics
SLIDE 14
CISC850 Cyber Analytics
- Fig. 10: Precision and recall of the Sigmal detection on the real world samples.
Results:
SLIDE 15
CISC850 Cyber Analytics
SLIDE 16
CISC850 Cyber Analytics
Limitations and Related Work:
- Signal Processing
- Static malware similarity
SLIDE 17
CISC850 Cyber Analytics
Conclusion:
- Sigmal detection framework.
- Heuristics based features
- High precision capability.