國立虎尾科技大學 |

Detecting Mimicry Attacks in Windows Malware.

Record Type:	Language materials, manuscript : Monograph/item
Title/Author:	Detecting Mimicry Attacks in Windows Malware./
Author:	Yin, Haikuo.
Description:	1 online resource (188 pages)
Notes:	Source: Dissertations Abstracts International, Volume: 85-06, Section: B.
Contained By:	Dissertations Abstracts International85-06B.
Subject:	Computer science. -
Online resource:	click for full text (PQDT)
ISBN:	9798381167368

Detecting Mimicry Attacks in Windows Malware.
Yin, Haikuo.

Detecting Mimicry Attacks in Windows Malware. - 1 online resource (188 pages)

Source: Dissertations Abstracts International, Volume: 85-06, Section: B.

Thesis (Ph.D.)--University of California, Los Angeles, 2023.

Includes bibliographical references

Ever since the earliest days of the Internet, malware has been a problem for computers. Since then, this problem's severity has only increased, with important organizations like universities and hospitals suffering major security breaches due to malware. As detection techniques get more advanced, so do attackers' evasion attempts. One such method, called the mimicry attack, introduces benign behavior to malware to produce a benign classification in detectors even while retaining its malicious behaviors. In this document, I will describe the work we did on developing malware detection methods that remain effective in the presence of such evasion attacks. Using Windows APIs, our detection pipeline generates a summary of program behavior, vectorizes it in a way that's robust to modifications, and constrains features to reduce the impact of added benign behaviors. We use two methods of constraining features, enforcing monotonicity on them and removing them from the feature vector. To evaluate this detection pipeline and other methods, we use hooking and injection techniques to generate mimicry attacks that can insert benign behavior in more locations than prior work, and are thus produce stronger attacks than prior work. Our results show that our methods can effectively and consistently detect malware that use both mimicry attacks and adversarial attacks with minimal accuracy loss in vanilla data.

Electronic reproduction.
Ann Arbor, Mich. :
ProQuest,
2024

Mode of access: World Wide Web

ISBN: 9798381167368Subjects--Topical Terms:

573171
Computer science.
Subjects--Index Terms:

Adversarial attackIndex Terms--Genre/Form:

554714
Electronic books.

Detecting Mimicry Attacks in Windows Malware.
LDR:02752ntm a22003857 4500 001 1143917
005 20240517105026.5
006 m o d
007 cr mn ---uuuuu
008 250605s2023 xx obm 000 0 eng d
020 $a 9798381167368
035 $a (MiAaPQ)AAI30817550
035 $a AAI30817550
040 $a MiAaPQ $b eng $c MiAaPQ $d NTU
100 1 $a Yin, Haikuo. $3 1468727
245 1 0 $a Detecting Mimicry Attacks in Windows Malware.
264 0 $c 2023
300 $a 1 online resource (188 pages)
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
500 $a Source: Dissertations Abstracts International, Volume: 85-06, Section: B.
500 $a Advisor: Kleinrock, Leonard.
502 $a Thesis (Ph.D.)--University of California, Los Angeles, 2023.
504 $a Includes bibliographical references
520 $a Ever since the earliest days of the Internet, malware has been a problem for computers. Since then, this problem's severity has only increased, with important organizations like universities and hospitals suffering major security breaches due to malware. As detection techniques get more advanced, so do attackers' evasion attempts. One such method, called the mimicry attack, introduces benign behavior to malware to produce a benign classification in detectors even while retaining its malicious behaviors. In this document, I will describe the work we did on developing malware detection methods that remain effective in the presence of such evasion attacks. Using Windows APIs, our detection pipeline generates a summary of program behavior, vectorizes it in a way that's robust to modifications, and constrains features to reduce the impact of added benign behaviors. We use two methods of constraining features, enforcing monotonicity on them and removing them from the feature vector. To evaluate this detection pipeline and other methods, we use hooking and injection techniques to generate mimicry attacks that can insert benign behavior in more locations than prior work, and are thus produce stronger attacks than prior work. Our results show that our methods can effectively and consistently detect malware that use both mimicry attacks and adversarial attacks with minimal accuracy loss in vanilla data.
533 $a Electronic reproduction. $b Ann Arbor, Mich. : $c ProQuest, $d 2024
538 $a Mode of access: World Wide Web
650 4 $a Computer science. $3 573171
650 4 $a Computer engineering. $3 569006
653 $a Adversarial attack
653 $a Malware detection
653 $a Mimicry attack
653 $a Monotonic model
653 $a Windows API
655 7 $a Electronic books. $2 local $3 554714
690 $a 0984
690 $a 0464
710 2 $a ProQuest Information and Learning Co. $3 1178819
710 2 $a University of California, Los Angeles. $b Computer Science 0201. $3 1182286
773 0 $t Dissertations Abstracts International $g 85-06B.
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30817550 $z click for full text (PQDT)