Abstract:
With the rise in malware attacks on modern computer systems, there is a critical need for the computer security defenses to not only detect the presence of adversaries ac...Show MoreMetadata
Abstract:
With the rise in malware attacks on modern computer systems, there is a critical need for the computer security defenses to not only detect the presence of adversaries accurately, but also have the ability to do so at the earliest possible time to avoid suffering from extensive system damages. Currently, malware defenders have to accumulate sufficient amounts of system event samples to detect the malware presence and identify them with increased confidence. Unfortunately, in many instances, a longer wait may have already resulted in the loss of valuable time toward stopping the malicious activity, and may even nullify the usefulness of any potential defensive actions.In this paper, we present Foreseer, a framework that can help proactive defenses through forecasting the raw event series needed for early detection of malware. To accomplish this goal, we leverage Long Short-Term Memory (LSTM) neural networks aided with attention mechanisms, that can memorize complex sequential patterns and use this information to predict the future events with high accuracy. Foreseer design adopts a joint hardware-software optimization approach to improve its efficiency by using symbolic representation for its event series, deploying runtime machine code optimizations using Just-in-Time Python compilers, hardware accelerated mixed precision quantization available in Nvidia GPUs. We evaluate the efficacy of Foreseer framework using RanSAP, an open dataset for ransomware storage access patterns. Our experimental results show that Foreseer is able to synthesize ransomware-related features with low errors for most dominant factors used in detection (such as the size of a block accessed by a sample, shannon entropy), and cuts the time to predict the malware presence by about 40%.
Published in: 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)
Date of Conference: 26-27 September 2022
Date Added to IEEE Xplore: 04 November 2022
ISBN Information: