Abstract
Cyber malware has evolved from simple hacking programs to highly sophisticated software engineering products. Human experts are in high demand but are busy, expensive, and have difficulty searching through massive amount of data to detect malware. In this paper, we develop algorithms for machines to learn visual pattern recognition processes from human experts and then to map, measure, attribute, and disrupt malware distribution networks. Our approach is to combine visualization and machine vision for an intuitive discovery system that includes visual ontology of textures, topological structures, traces, and dynamics. The machine vision and learning algorithms are designed to analyze texture patterns and search for similar topological dynamics. Compared to recent human-machine teaming systems that use input from human experts for supervised machine-learning, our approach uses fewer samples, i.e. less training, and aims for novel discoveries through human-machine teaming.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium (Security 2008) (2008)
Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)
McCoy, D., et al.: Pharmaleaks: understanding the business of online pharmaceutical affiliate programs. In: Proceedings of the 21st USENIX Conference on Security Symposium, Ser. Security 2012, pp. 1–1. USENIX Association, Berkeley (2012)
Karami, M., Damon, M.: Understanding the emerging threat of ddos-as-a-service. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (2013)
Google safe browsing. https://developers.google.com/safe-browsing/
Peryt, S, Morales, J.A., Casey, W., Volkmann, A., Cai, Y.: Visualizing malware distribution network. In: IEEE Conference on Visualization for Security, Baltimore, October 2016
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7870760
MouselabWEB. www.mouselabweb.org
Barzdinš, J., Barzdinaš, G., Cerans, K., Liepinš, R., Sprogis, A.: OWLGrEd: a UML style graphical notation and editor for OWL 2. In: Proceedings of the 7th International Workshop on OWL: Experiences and Directions (OWLED 2010), volume 614 of CEUR-WS (2010)
Kost, R.: VOM – Visual Ontology Modeler (2013). thematix.com/tools/vom/
Howse, J.: Visualizing ontologies: a case study. In: International Semantic Web Conference, ISWC 2011, pp. 257–272. Springer, Berlin (2011)
van der Maaten, L.J.P., Hinton, G.E.: Visualizing non-metric similarities in multiple maps. Mach. Learn. 87(1), 33–55 (2012)
Nataraj, L., et al.: Malware Images: Visualization and Automatic Classification, VizSec 2011, 20 July 2011
Cai, Y.: Pheromone-based visualization model of malware distribution networks. In: International Conference on Computational Science, to appear on Springer LNCS (2018)
Wigglesworth, V.B.: Insect Hormones, pp. 134–141. WH Freeman and Company, Holtzbrinck (1970)
TopQuadrant. TopBraid Composer. http://www.topquadrant.com/topbraid/
Acknowledgement
The authors would like to thank research assistants Pedro Pimentel and Sebastian Peryt for early prototypes. This project is in part funded by Cyber-Security University Consortium of Northrop Grumman Corporation. The authors are grateful to the support from Drs. Paul Conoval, Robert Pipe, and Donald Steiner. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. Internal use: * Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use: * This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at persmission@sei.cmu.edu. * These restrictions do not apply to U.S. government entities. Carnegie Mellon® and CERT® are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM19-0291.
Distribution Statement A: Approved for Public Release; Distribution is Unlimited; #19-0490; Dated 04/17/19.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Cai, Y., Morales, J.A., Casey, W., Ezer, N., Wang, S. (2020). Perceiving Behavior of Cyber Malware with Human-Machine Teaming. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)