Zero^2-SMELL: Uma nova abordagem de aprendizado zero-shot para detectar vulnerabilidades de dia zero
Resumo
Um dos problemas de segurança mais relevantes é inferir se um programa tem intenções maliciosas (software malware). Mesmo que o antivírus seja uma das abordagens mais populares para detecção de malware, novos tipos de malware são lançados em um ritmo acelerado, tornando a maioria das técnicas para detectá-los rapidamente obsoletas. Portanto, o antivírus normalmente falha em detectar novos malwares até que sua assinatura seja incorporada ao banco de dados. No entanto, novas técnicas para identificar malwares desconhecidos são necessárias para proteger os sistemas mesmo no dia zero do lançamento de um malware. O aprendizado few-shot é uma abordagem que consiste em usar alguns poucos exemplos de cada classe durante o treinamento de um modelo. Um caso interessante desse tipo de abordagem é a classificação de objetos que ainda não foram usados no conjunto de treinamento, ou seja, aprendizagem Zero-shot (ZSL). No presente trabalho, propomos um novo método de ZSL para classificar malware usando representação visual. Propomos um novo espaço de representação para calcular a similaridade entre pares de objetos, denominado espaço-S. Avaliamos nossa proposta em conjuntos de dados do mundo real compostos de exemplos de malware. Nossa proposta atingiu 81 na medida Recall@K e supera outros métodos em uma proporção de 14.81% em um modelo de classificação para vulnerabilidades de dia zero.
Palavras-chave:
Vunerabilidade de dia zero, Detecção de malware, aprendizagem de metrica profunda
Referências
Agarap, A. F. and Pepito, F. J. H. (2018). Towards building an intelligent anti-malware system: A deep learning approach using support vector machine (SVM) for malware classication. CoRR, abs/1801.00318.
Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten, M. J., Levi, M., Moore, T., and Savage, S. (2013). Measuring the cost of cybercrime. In The economics of information security and privacy, pages 265–300. Springer.
Barros, P. H., Queiroz, F., Figueredo, F., dos Santos, J. A., and Ramos, H. S. (2020). A new similarity space tailored for supervised deep metric learning. arXiv preprint arXiv:2011.08325.
Bozkir, A. S., Tahillioglu, E., Aydos, M., and Kara, I. (2021). Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision. Computers & Security, 103:102166.
Corum, A., Jenkins, D., and Zheng, J. (2019). Robust pdf malware detection with image In 2019 2nd International Conference on visualization and processing techniques. Data Intelligence and Security (ICDIS), pages 108–114.
Cozzolino, M., Martins, G., Souto, E., and Deus, F. (2012). Detecção de variações de malware metamórco por meio de normalização de código e identicação de subuxos. Anais do XII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 30–43.
Cui, Z., Xue, F., Cai, X., Cao, Y., Wang, G., and Chen, J. (2018). Detection of malicious code variants based on deep learning. IEEE Transactions on Industrial Informatics, 14(7):3187–3196.
Go, J. H., Jan, T., Mohanty, M., Patel, O. P., Puthal, D., and Prasad, M. (2020). Visualization approach for malware classication with resnext. In 2020 IEEE Congress on Evolutionary Computation (CEC), pages 1–7.
Hadsell, R., Chopra, S., and LeCun, Y. (2006). Dimensionality reduction by learning an invariant mapping. In 2006 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR’06), volume 2, pages 1735–1742. IEEE.
McLaughlin, N., Martinez del Rincon, J., Kang, B., Yerima, S., Miller, P., Sezer, S., Safaei, Y., Trickel, E., Zhao, Z., Doupé, A., and Joon Ahn, G. (2017). Deep android malware detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY ’17, page 301–308, New York, NY, USA. Association for Computing Machinery.
Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. S. (2011). Malware images: In Proceedings of the 8th International Visualization and automatic classication. Symposium on Visualization for Cyber Security, VizSec ’11, New York, NY, USA. Association for Computing Machinery.
Pinto, D. R. and Duarte, J. C. (2017). Static analysis on disassembled les: A deep In Annals of the XVII Brazilian Symlearning approach to malware classication. posium in Information Security and Computational Systems. Sociedade Brasileira de Computação, Brasília, DF, volume 804.
Rezende, E., Ruppert, G., Carvalho, T., Theophilo, A., Ramos, F., and Geus, P. d. (2018). Malicious software classication using VGG16 deep neural network’s bottleneck features. In Lati, S., editor, Information Technology New Generations, pages 51–59, Cham. Springer International Publishing.
Roseline, S. A., Geetha, S., Kadry, S., and Nam, Y. (2020). Intelligent vision-based malware detection and classication using deep random forest paradigm. IEEE Access, 8:206303–206324.
Sadiq, M. T., Yu, X., and Yuan, Z. (2021). Exploiting dimensionality reduction and neural network techniques for the development of expert brain–computer interfaces. Expert Systems with Applications, 164:114031.
Saeed, I. A., Selamat, A., and Abuagoub, A. M. (2013). A survey on malware and malware detection systems. International Journal of Computer Applications, 67(16).
Simonyan, K. and Zisserman, A. (2015). Very deep convolutional networks for large-scale image recognition. In Bengio, Y. and LeCun, Y., editors, 3rd International Conference on Learning Representations (ICLR).
Singh, A., Handa, A., Kumar, N., and Shukla, S. K. (2019). Malware classication using image representation. In Dolev, S., Hendler, D., Lodha, S., and Yung, M., editors, Cyber Security Cryptography and Machine Learning, pages 75–92, Cham. Springer International Publishing.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., and Venkatraman, S. IEEE Access, (2019). Robust intelligent malware detection using deep learning. 7:46717–46738.
Wang, P., Tang, Z., and Wang, J. (2021). A novel few-shot malware classication approach for unknown family recognition with multi-prototype modeling. Computers & Security, 106:102273.
Wang, X., Hua, Y., Kodirov, E., Hu, G., Garnier, R., and Robertson, N. M. (2019). Ranked list loss for deep metric learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR).
Xiaofang, B., Li, C., Weihua, H., and Qu, W. (2014). Malware variant detection using similarity search over content ngerprint. In The 26th Chinese Control and Decision Conference (2014 CCDC), pages 5334–5339. IEEE.
Anderson, R., Barton, C., Böhme, R., Clayton, R., Van Eeten, M. J., Levi, M., Moore, T., and Savage, S. (2013). Measuring the cost of cybercrime. In The economics of information security and privacy, pages 265–300. Springer.
Barros, P. H., Queiroz, F., Figueredo, F., dos Santos, J. A., and Ramos, H. S. (2020). A new similarity space tailored for supervised deep metric learning. arXiv preprint arXiv:2011.08325.
Bozkir, A. S., Tahillioglu, E., Aydos, M., and Kara, I. (2021). Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision. Computers & Security, 103:102166.
Corum, A., Jenkins, D., and Zheng, J. (2019). Robust pdf malware detection with image In 2019 2nd International Conference on visualization and processing techniques. Data Intelligence and Security (ICDIS), pages 108–114.
Cozzolino, M., Martins, G., Souto, E., and Deus, F. (2012). Detecção de variações de malware metamórco por meio de normalização de código e identicação de subuxos. Anais do XII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 30–43.
Cui, Z., Xue, F., Cai, X., Cao, Y., Wang, G., and Chen, J. (2018). Detection of malicious code variants based on deep learning. IEEE Transactions on Industrial Informatics, 14(7):3187–3196.
Go, J. H., Jan, T., Mohanty, M., Patel, O. P., Puthal, D., and Prasad, M. (2020). Visualization approach for malware classication with resnext. In 2020 IEEE Congress on Evolutionary Computation (CEC), pages 1–7.
Hadsell, R., Chopra, S., and LeCun, Y. (2006). Dimensionality reduction by learning an invariant mapping. In 2006 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR’06), volume 2, pages 1735–1742. IEEE.
McLaughlin, N., Martinez del Rincon, J., Kang, B., Yerima, S., Miller, P., Sezer, S., Safaei, Y., Trickel, E., Zhao, Z., Doupé, A., and Joon Ahn, G. (2017). Deep android malware detection. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY ’17, page 301–308, New York, NY, USA. Association for Computing Machinery.
Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. S. (2011). Malware images: In Proceedings of the 8th International Visualization and automatic classication. Symposium on Visualization for Cyber Security, VizSec ’11, New York, NY, USA. Association for Computing Machinery.
Pinto, D. R. and Duarte, J. C. (2017). Static analysis on disassembled les: A deep In Annals of the XVII Brazilian Symlearning approach to malware classication. posium in Information Security and Computational Systems. Sociedade Brasileira de Computação, Brasília, DF, volume 804.
Rezende, E., Ruppert, G., Carvalho, T., Theophilo, A., Ramos, F., and Geus, P. d. (2018). Malicious software classication using VGG16 deep neural network’s bottleneck features. In Lati, S., editor, Information Technology New Generations, pages 51–59, Cham. Springer International Publishing.
Roseline, S. A., Geetha, S., Kadry, S., and Nam, Y. (2020). Intelligent vision-based malware detection and classication using deep random forest paradigm. IEEE Access, 8:206303–206324.
Sadiq, M. T., Yu, X., and Yuan, Z. (2021). Exploiting dimensionality reduction and neural network techniques for the development of expert brain–computer interfaces. Expert Systems with Applications, 164:114031.
Saeed, I. A., Selamat, A., and Abuagoub, A. M. (2013). A survey on malware and malware detection systems. International Journal of Computer Applications, 67(16).
Simonyan, K. and Zisserman, A. (2015). Very deep convolutional networks for large-scale image recognition. In Bengio, Y. and LeCun, Y., editors, 3rd International Conference on Learning Representations (ICLR).
Singh, A., Handa, A., Kumar, N., and Shukla, S. K. (2019). Malware classication using image representation. In Dolev, S., Hendler, D., Lodha, S., and Yung, M., editors, Cyber Security Cryptography and Machine Learning, pages 75–92, Cham. Springer International Publishing.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., and Venkatraman, S. IEEE Access, (2019). Robust intelligent malware detection using deep learning. 7:46717–46738.
Wang, P., Tang, Z., and Wang, J. (2021). A novel few-shot malware classication approach for unknown family recognition with multi-prototype modeling. Computers & Security, 106:102273.
Wang, X., Hua, Y., Kodirov, E., Hu, G., Garnier, R., and Robertson, N. M. (2019). Ranked list loss for deep metric learning. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR).
Xiaofang, B., Li, C., Weihua, H., and Qu, W. (2014). Malware variant detection using similarity search over content ngerprint. In The 26th Chinese Control and Decision Conference (2014 CCDC), pages 5334–5339. IEEE.
Publicado
04/10/2021
Como Citar
BARROS, Pedro H.; GOMES, Gabriel N.; BARBOSA, Leonardo B.; RAMOS, Heitor S..
Zero^2-SMELL: Uma nova abordagem de aprendizado zero-shot para detectar vulnerabilidades de dia zero. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 99-112.
DOI: https://doi.org/10.5753/sbseg.2021.17309.
