A research team at Los Alamos National Laboratory is utilizing artificial intelligence to tackle various critical deficiencies in large-scale malware analysis, achieving notable progress in the categorization of Microsoft Windows malware and laying the groundwork for improved cybersecurity strategies. Through their methodology, the team has established a new record in the classification of malware families.
Maksim Eren, a scientist in Advanced Research in Cyber Systems at Los Alamos, emphasized the importance of considering real-world challenges in the development of artificial intelligence methods for cyber-defense systems, particularly those geared towards large-scale malware analysis. Their innovative approach addresses multiple challenges effectively.
Recently featured in ACM Transactions on Privacy and Security, the team’s research introduces a groundbreaking AI-based technique that revolutionizes Windows malware classification. By employing semi-supervised tensor decomposition methods and selective classification, notably the reject option, the approach achieves practical malware family classification.
Eren highlighted the significance of the reject option, which allows the model to admit uncertainty rather than making inaccurate decisions, thereby enhancing the model’s knowledge discovery capabilities.
In the realm of cybersecurity, swift identification of infected machines and malicious software is crucial. However, the unique nature of malicious programs tailored for specific targets poses challenges in gathering diverse samples for traditional machine learning models.
This novel method adeptly handles samples from both extensive and limited datasets simultaneously, addressing class imbalances effectively. Furthermore, it can abstain from predictions when unsure, instilling confidence in security analysts to employ these techniques in critical scenarios such as cyber defense against emerging threats.
The capability to discern between novel threats and known malware variants is pivotal for devising effective mitigation strategies. Additionally, this method exhibits consistent performance even with restricted training data.
By leveraging the reject option and tensor decomposition techniques to unveil intricate hidden patterns within data, the team has significantly enhanced malware characterization capabilities, marking a substantial advancement in the field.
Eren noted that their paper sets a remarkable milestone by classifying an unparalleled number of malware families, outperforming previous endeavors by a factor of 29. This achievement is particularly noteworthy considering the challenging real-world conditions of limited data, severe class imbalances, and the presence of novel malware families.
The team’s tensor decomposition methods, coupled with high-performance computing and graphics processing unit capabilities, are now accessible as a user-friendly Python library on GitHub.
For additional details, refer to the publication by Maksim E. Eren et al, titled “Semi-Supervised Classification of Malware Families Under Extreme Class Imbalance via Hierarchical Non-Negative Matrix Factorization with Automatic Model Selection,” published in ACM Transactions on Privacy and Security (2023). DOI: 10.1145⁄3624567.
Source: Los Alamos National Laboratory
Citation:
Using AI to develop enhanced cybersecurity measures (2024, February 15)
retrieved 15 February 2024
from https://techxplore.com/news/2024-02-ai-cybersecurity.html
