Attacking and Defending Dynamic Analysis System-Calls Based IDS

Abstract : Machine-learning augments today’s IDS capability to cope with unknown malware. However, if an attacker gains partial knowledge about the IDS’s classifier, he can create a modified version of his malware, which can evade detection. In this article we present an IDS based on various classifiers using system calls executed by the inspected code as features. We then present a camouflage algorithm that is used to modify malicious code to be classified as benign, while preserving the code’s functionality, for decision tree and random forest classifiers. We also present transformations to the classifier’s input, to prevent this camouflage - and a modified camouflage algorithm that overcomes those transformations. Our research shows that it is not enough to provide a decision tree based classifier with a large training set to counter malware. One must also be aware of the possibility that the classifier would be fooled by a camouflage algorithm, and try to counter such an attempt with techniques such as input transformation or training set updates.
Type de document :
Communication dans un congrès
Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.103-119, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_7〉
Liste complète des métadonnées

Littérature citée [17 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01639619
Contributeur : Hal Ifip <>
Soumis le : lundi 20 novembre 2017 - 14:54:20
Dernière modification le : samedi 17 février 2018 - 17:46:02
Document(s) archivé(s) le : mercredi 21 février 2018 - 15:50:01

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Ishai Rosenberg, Ehud Gudes. Attacking and Defending Dynamic Analysis System-Calls Based IDS. Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.103-119, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_7〉. 〈hal-01639619〉

Partager

Métriques

Consultations de la notice

131