Next-Gen Cyber Defense: Malware Classification and Automated Network Protection

Today's escalating cyber attacks are outpacing standard network security defenses and, once inside, malware rapidly subverts individual hosts. Automatic post-breach protection of enterprise networks is a challenging and fundamental research problem that requires understanding and exploiting malware targeting strategies.

In this work, we focus on the strategic malware classification problem and analyze massive-scale malware behavior to design accurate classifiers. Our malware classifier combines vantage point sensing with a Bayesian malware probability model of distinct host-level abnormalities and offers very high detection accuracy at any specified false alarm rate. This new capability makes accurate, network-hosted, multi-functional, enterprise-level post-compromise malware containment feasible.

We present a detailed analysis of real-world Worm, Bot, Scanning/Proxy, and Spam/Phishing behavior that contributes to both the strategic classification model and the strategic classifier design. Moreover, given the proprietary nature of both the data and the model, we also describe a simulation framework that researchers can use for comprehensive vulnerability assessment.