A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Filters
To believe or not to believe: Validating explanation fidelity for dynamic malware analysis
[article]
2019
arXiv
pre-print
Preserved Fulltext
Converting malware into images followed by vision-based deep learning algorithms has shown superior threat detection efficacy compared with classical machine learning algorithms. When malware are visualized as images, visual-based interpretation schemes can also be applied to extract insights of why individual samples are classified as malicious. In this work, via two case studies of dynamic malware classification, we extend the local interpretable model-agnostic explanation algorithm to
arXiv:1905.00122v1
fatcat:pxnv4gvxdnfjpjeod2paodnrtm
more »
... image-based dynamic malware classification and examine its interpretation fidelity. For both case studies, we first train deep learning models via transfer learning on malware images, demonstrate high classification effectiveness, apply an explanation method on the images, and correlate the results back to the samples to validate whether the algorithmic insights are consistent with security domain expertise. In our first case study, the interpretation framework identifies indirect calls that uniquely characterize the underlying exploit behavior of a malware family. In our second case study, the interpretation framework extracts insightful information such as cryptography-related APIs when applied on images created from API existence, but generate ambiguous interpretation on images created from API sequences and frequencies. Our findings indicate that current image-based interpretation techniques are promising for explaining vision-based malware classification. We continue to develop image-based interpretation schemes specifically for security applications.
Intentio Ex Machina: Android Intent Access Control via an Extensible Application Hook
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Android's intent framework serves as the primary method for interprocess communication (IPC) among apps. The increased volume of intent IPC present in Android devices, coupled with intent's ability to implicitly nd valid receivers for IPC, bring about new security challenges. We propose Intentio Ex Machina (IEM), an access control solution for Android intent security. IEM separates the logic for performing access control from the point of interception by placing an interface in the Android
doi:10.1007/978-3-319-45744-4_19
fatcat:wqcjc2ym7vadngb6dwh6353avq
more »
... work. This allows the access control logic to be placed inside a normal application and reached via the interface. The app, called a user rewall, can then receive intents as they enter the system and inspect them. Not only can the user rewall allow or block intents, but it can even modify them to a controlled extent. Since it runs as a user application, developers are able to create user rewalls that manufacturers can then integrate into their devices. In this way, IEM allows for a new genre of security application for Android systems oering a creative and interactive approach to active IPC defense.
ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems
2021
USENIX Security Symposium
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
runtime monitor. 2 Available in Intel ® , AMD ® , and ARM ® processors. 3 Analyzing Root Cause Using Symbex. 4 We reported new vulnerabilities to MITRE for responsible disclosure. 5 https://github.com/carter-yagemann ...
dblp:conf/uss/YagemannPCBSL21
fatcat:cfwe7o4gdfetnmgxvakd4pw754
ACSAC 2020: Furthering the Quest to Tackle Hard Problems and Find Practical Solutions
2021
IEEE Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In "Modeling Large-Scale Manipulation in Open Stock Markets," Carter Yagemann, Pak Ho Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee studied U.S. ...
The work that models the open stock markets security by Yagemann et al. also received an ACM Functional Artifact Badge. We appreciate all authors' contributions to this special issue. ...
doi:10.1109/msec.2021.3106595
fatcat:55emlvymc5cotlet46eisa5rpq