Semi-Supervised Algorithms against Malware Evolution (SESAME)

ABSTRACT: Recent years have seen an explosion in the number and sophistication of malware attacks. The sheer volume of novel malware has made purely manual signature development impractical and has led to research on applying machine learning and data mining to automatically infer malware signatures in the wild. Unfortunately, researchers have recently found ways to game the machine learning algorithms and learn to predict which samples the learning algorithms will classify as benign or malicious, thus opening the door for innovative deception on the part of malware developers. To counter this threat, we propose Semi-Supervised Algorithms against Malware Evolution (SESAME), which uses online learning to evolve as new malware is encountered, recognizing novel families and adapting its model of families as they themselves evolve. It uses semi-supervised learning to enable it to learn from both labeled and unlabeled malware. SESAME combines a rich feature set with deep learning algorithms to learn the essential characteristics of malware that enable us to relate novel malware to existing malware. We propose to evaluate the potential of the novel approach afforded by SESAME by using both standard malware datasets and malware specifically designed to fool automated detection systems. BENEFIT: Because SESAME provides an evolving, real-time detection system capable of defeating evolving malware, it will have immediate and tangible benefit for military and Government programs as well as commercial security products. As the number of new malware encountered continues to grow exponentially, we must support and augment human analysts with automated techniques that enable near-real-time malware detection and remediation. Thus, techniques to detect novel and deliberately deceptive attacks will benefit a range of Governmental and commercial security products.