EsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threats

Jorge Maestre Vidal, Marco Antonio Sotelo Monge, Sergio Mauricio Martínez Monterrubio

Producción científica: Contribución a una revistaArtículo (Contribución a Revista)revisión exhaustiva

15 Citas (Scopus)

Resumen

The emergent communication technologies landscape has consolidated the anomaly-based intrusion detection paradigm as one of the most prominent solutions able to discover unprecedented malicious traits. It relied on building models of the normal/legitimate activities registered at the protected systems, from them analyzing the incoming observations looking for significant discordances that may reveal misbehaviors. But in the last years, the adversarial machine learning paradigm introduced never-seen-before evasion procedures able to jeopardize the traditional anomaly-based methods, thus entailing one of the major emerging challenges in the cybersecurity landscape. With the aim on contributing to their adaptation against adversarial threats, this paper presents EsPADA (Enhanced Payload Analyzer for malware Detection robust against Adversarial threats), a novel approach built on the grounds of the PAYL sensor family. At the SPARTA Training stage, both normal and adversarial models are constructed according to features extracted by N-gram, which are stored within Counting Bloom Filters (CBF). In this way it is possible to take advantage of both binary-based and spectral-based traffic modeling procedures for malware detection. At Detection stage, the payloads to be analyzed are collected from the protected environment and compared with the usage models previously built at Training. This leads to calculate different scores that allow to discriminate their nature (normal or suspicious) and to assess the labeling coherency, the latest studied for estimating the likelihood of the payload disguising mimicry attacks. The effectiveness of EsPADA was demonstrated on the public datasets DARPA'99 and UCM 2011 by achieving promising preliminarily results.

Idioma originalInglés
Páginas (desde-hasta)159-173
Número de páginas15
PublicaciónFuture Generation Computer Systems
Volumen104
DOI
EstadoPublicada - mar. 2020

COAR

  • Artículo

Categorías Repositorio Ulima

  • Ingeniería de sistemas / Diseño y métodos

Temas Repositorio Ulima

  • Computer networks
  • Data protection
  • Malware (Computer software)
  • Malware (Programa para computadora)
  • Redes de computadores
  • Seguridad informática

Huella

Profundice en los temas de investigación de 'EsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threats'. En conjunto forman una huella única.

Citar esto