4 Hits in 0.79 sec

To believe or not to believe: Validating explanation fidelity for dynamic malware analysis [article]

Li Chen, Carter Yagemann, Evan Downing
2019 arXiv   pre-print
Converting malware into images followed by vision-based deep learning algorithms has shown superior threat detection efficacy compared with classical machine learning algorithms. When malware are visualized as images, visual-based interpretation schemes can also be applied to extract insights of why individual samples are classified as malicious. In this work, via two case studies of dynamic malware classification, we extend the local interpretable model-agnostic explanation algorithm to
more » ... image-based dynamic malware classification and examine its interpretation fidelity. For both case studies, we first train deep learning models via transfer learning on malware images, demonstrate high classification effectiveness, apply an explanation method on the images, and correlate the results back to the samples to validate whether the algorithmic insights are consistent with security domain expertise. In our first case study, the interpretation framework identifies indirect calls that uniquely characterize the underlying exploit behavior of a malware family. In our second case study, the interpretation framework extracts insightful information such as cryptography-related APIs when applied on images created from API existence, but generate ambiguous interpretation on images created from API sequences and frequencies. Our findings indicate that current image-based interpretation techniques are promising for explaining vision-based malware classification. We continue to develop image-based interpretation schemes specifically for security applications.
arXiv:1905.00122v1 fatcat:pxnv4gvxdnfjpjeod2paodnrtm

Intentio Ex Machina: Android Intent Access Control via an Extensible Application Hook [chapter]

Carter Yagemann, Wenliang Du
2016 Lecture Notes in Computer Science  
Android's intent framework serves as the primary method for interprocess communication (IPC) among apps. The increased volume of intent IPC present in Android devices, coupled with intent's ability to implicitly nd valid receivers for IPC, bring about new security challenges. We propose Intentio Ex Machina (IEM), an access control solution for Android intent security. IEM separates the logic for performing access control from the point of interception by placing an interface in the Android
more » ... work. This allows the access control logic to be placed inside a normal application and reached via the interface. The app, called a user rewall, can then receive intents as they enter the system and inspect them. Not only can the user rewall allow or block intents, but it can even modify them to a controlled extent. Since it runs as a user application, developers are able to create user rewalls that manufacturers can then integrate into their devices. In this way, IEM allows for a new genre of security application for Android systems oering a creative and interactive approach to active IPC defense.
doi:10.1007/978-3-319-45744-4_19 fatcat:wqcjc2ym7vadngb6dwh6353avq

ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems

Carter Yagemann, Matthew Pruett, Simon P. Chung, Kennon Bittick, Brendan Saltaformaggio, Wenke Lee
2021 USENIX Security Symposium  
runtime monitor. 2 Available in Intel ® , AMD ® , and ARM ® processors. 3 Analyzing Root Cause Using Symbex. 4 We reported new vulnerabilities to MITRE for responsible disclosure. 5  ... 
dblp:conf/uss/YagemannPCBSL21 fatcat:cfwe7o4gdfetnmgxvakd4pw754

ACSAC 2020: Furthering the Quest to Tackle Hard Problems and Find Practical Solutions

Danfeng Daphne Yao, Terry Benzel
2021 IEEE Security and Privacy  
In "Modeling Large-Scale Manipulation in Open Stock Markets," Carter Yagemann, Pak Ho Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee studied U.S.  ...  The work that models the open stock markets security by Yagemann et al. also received an ACM Functional Artifact Badge. We appreciate all authors' contributions to this special issue.  ... 
doi:10.1109/msec.2021.3106595 fatcat:55emlvymc5cotlet46eisa5rpq