Datenbestand vom 10. Juli 2019
Tel: 089 / 66060798
Mo - Fr, 9 - 12 Uhr
Fax: 089 / 66060799
aktualisiert am 10. Juli 2019
978-3-8439-3409-1, Reihe Informatik
Machine Learning and Security of Non-Executable Files
162 Seiten, Dissertation Eberhard-Karls-Universität Tübingen (2017), Hardcover, A5
Computer malware is a well-known threat in security which, despite the enormous time and effort invested in fighting it, is today more prevalent than ever. Recent years have brought a surge in one particular type: malware embedded in non-executable file formats, e.g., PDF, SWF and various office file formats. The result have been regular discoveries of new vulnerabilities.
The traditional approach to malware detection - signature matching, heuristics and behavioral profiling - has from its inception been a labor-intensive manual task, always a step behind the attacker. With the exponential growth of computers and networks, malware has become more diverse, wide-spread and adaptive than ever. An automated and scalable approach is needed to fill the gap between automated malware adaptation and manual malware detection, and machine learning is emerging as a viable solution. Its branch called adversarial machine learning studies the security of machine learning algorithms and the special conditions that arise when machine learning is applied for security.
Furthermore, the thesis presents a framework for security evaluation of machine learning classifiers in a case study performed on an independent PDF malware detector. The results show that the ability to manipulate a part of the classifier's feature set allows a malicious adversary to disguise malware so that it appears benign to the classifier. The presented methods are released as open-source software.