Enhanced Cybersecurity Measures Are Rooted in AI

This post is also available in: עברית (Hebrew)

A research team at Los Alamos National Laboratory has set a new world record in classifying malware families. They are doing so by using AI to address critical deficiencies in large-scale malware analysis, making significant advancements in the classification of Microsoft Windows malware, thus paving the way for enhanced cybersecurity measures.

Maksim Eren, a scientist in Advanced Research in Cyber Systems at Los Alamos, states: “Artificial intelligence methods developed for cyber-defense systems, including systems for large-scale malware analysis, need to consider real-world challenges. Our method addresses several of them.”

The team’s research was recently published in “ACM Transactions on Privacy and Security” and introduces an innovative method that is revolutionizing the field of Windows malware classification. The approach reportedly achieves realistic malware family classification by leveraging semi-supervised tensor decomposition methods and selective classification. More specifically, it uses the reject option.

According to Techxplore, the reject option is the model’s ability to say ‘I do not know,’ instead of making a wrong decision, giving the model the knowledge discovery capability. Cyber defense teams need to quickly identify infected machines and malicious programs, which in turn can be uniquely crafted for their victims, making it difficult to gather large numbers of samples for traditional machine learning methods.

This new method can accurately work with samples of larger and smaller datasets at the same time (class imbalance), allowing it to detect rare and prominent malware families. It can also reject predictions if it is not confident in its answer, which could give security analysts the confidence to apply these techniques to practical high-stakes situations like cyber defense for detecting novel threats.

Being able to distinguish between novel threats and known types of malware specimens is essential to develop mitigation strategies. Furthermore, this method can maintain its performance even when limited data is used in its training.

“To the best of our knowledge, our paper sets a new world record by simultaneously classifying an unprecedented number of malware families, surpassing prior work by a factor of 29, in addition to operating under extremely difficult real-world conditions of limited data, extreme class-imbalance and with the presence of novel malware families,” Eren concludes.