A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is
Converting malware into images followed by vision-based deep learning algorithms has shown superior threat detection efficacy compared with classical machine learning algorithms. When malware are visualized as images, visual-based interpretation schemes can also be applied to extract insights of why individual samples are classified as malicious. In this work, via two case studies of dynamic malware classification, we extend the local interpretable model-agnostic explanation algorithm toarXiv:1905.00122v1 fatcat:pxnv4gvxdnfjpjeod2paodnrtm
more »... image-based dynamic malware classification and examine its interpretation fidelity. For both case studies, we first train deep learning models via transfer learning on malware images, demonstrate high classification effectiveness, apply an explanation method on the images, and correlate the results back to the samples to validate whether the algorithmic insights are consistent with security domain expertise. In our first case study, the interpretation framework identifies indirect calls that uniquely characterize the underlying exploit behavior of a malware family. In our second case study, the interpretation framework extracts insightful information such as cryptography-related APIs when applied on images created from API existence, but generate ambiguous interpretation on images created from API sequences and frequencies. Our findings indicate that current image-based interpretation techniques are promising for explaining vision-based malware classification. We continue to develop image-based interpretation schemes specifically for security applications.
Lecture Notes in Computer Science
Android's intent framework serves as the primary method for interprocess communication (IPC) among apps. The increased volume of intent IPC present in Android devices, coupled with intent's ability to implicitly nd valid receivers for IPC, bring about new security challenges. We propose Intentio Ex Machina (IEM), an access control solution for Android intent security. IEM separates the logic for performing access control from the point of interception by placing an interface in the Androiddoi:10.1007/978-3-319-45744-4_19 fatcat:wqcjc2ym7vadngb6dwh6353avq
more »... work. This allows the access control logic to be placed inside a normal application and reached via the interface. The app, called a user rewall, can then receive intents as they enter the system and inspect them. Not only can the user rewall allow or block intents, but it can even modify them to a controlled extent. Since it runs as a user application, developers are able to create user rewalls that manufacturers can then integrate into their devices. In this way, IEM allows for a new genre of security application for Android systems oering a creative and interactive approach to active IPC defense.
runtime monitor. 2 Available in Intel ® , AMD ® , and ARM ® processors. 3 Analyzing Root Cause Using Symbex. 4 We reported new vulnerabilities to MITRE for responsible disclosure. 5 https://github.com/carter-yagemann ...dblp:conf/uss/YagemannPCBSL21 fatcat:cfwe7o4gdfetnmgxvakd4pw754
In "Modeling Large-Scale Manipulation in Open Stock Markets," Carter Yagemann, Pak Ho Chung, Erkam Uzun, Sai Ragam, Brendan Saltaformaggio, and Wenke Lee studied U.S. ... The work that models the open stock markets security by Yagemann et al. also received an ACM Functional Artifact Badge. We appreciate all authors' contributions to this special issue. ...doi:10.1109/msec.2021.3106595 fatcat:55emlvymc5cotlet46eisa5rpq