As we are moving towards a digital society, our world has become more and more connected. This seamless connectivity has transformed and accelerated the way business is conducted, but it also increases exposure to cyber threats.
The main problem when dealing with modern cyber attacks is the sheer amount of data which passes through a computer system, the complexity of automatic attacks, as well as the high frequency of attacks.
This project explores applying Machine Learning to the problem of malware detection – the most prevalent cyberthreat.
We developed a machine learning library to train intelligent malware detectors. The library includes three main components:
1. The use of open source reverse engineering tools to convert executable code to an assembly code
2. Text analytics techniques to extract features from assembly code
3. A deep learning module to train an intelligent malware detector
The library has been extensively tested on a large malware dataset which was developed with project partners. We developed a demonstrator application to show how the machine library detects malicious executables.
Our malware detector library is highly configurable:
• Applicable for different business domains and uses
• Easy to train for new types of malware
• Customisable for different usage scenarios: high speed for email scanning, high recall for critical systems etc.
• Explainable: can support explainable ML methods to understand key features of malicious code
CeADAR Applied Research Group, UCD