EsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threats

Maestre Vidal J.; SOTELO MONGE, MARCO ANTONIO; Monterrubio S.M.M.

Title

Date Issued

01 March 2020

Access level

metadata only access

Resource Type

journal article

Author(s)

Maestre Vidal J.

SOTELO MONGE, MARCO ANTONIO

Monterrubio S.M.M.

Universidad de Lima

Publisher(s)

Elsevier B.V.

Abstract

The emergent communication technologies landscape has consolidated the anomaly-based intrusion detection paradigm as one of the most prominent solutions able to discover unprecedented malicious traits. It relied on building models of the normal/legitimate activities registered at the protected systems, from them analyzing the incoming observations looking for significant discordances that may reveal misbehaviors. But in the last years, the adversarial machine learning paradigm introduced never-seen-before evasion procedures able to jeopardize the traditional anomaly-based methods, thus entailing one of the major emerging challenges in the cybersecurity landscape. With the aim on contributing to their adaptation against adversarial threats, this paper presents EsPADA (Enhanced Payload Analyzer for malware Detection robust against Adversarial threats), a novel approach built on the grounds of the PAYL sensor family. At the SPARTA Training stage, both normal and adversarial models are constructed according to features extracted by N-gram, which are stored within Counting Bloom Filters (CBF). In this way it is possible to take advantage of both binary-based and spectral-based traffic modeling procedures for malware detection. At Detection stage, the payloads to be analyzed are collected from the protected environment and compared with the usage models previously built at Training. This leads to calculate different scores that allow to discriminate their nature (normal or suspicious) and to assess the labeling coherency, the latest studied for estimating the likelihood of the payload disguising mimicry attacks. The effectiveness of EsPADA was demonstrated on the public datasets DARPA'99 and UCM 2011 by achieving promising preliminarily results.

Start page

159

End page

173

Volume

104

Language

English

OCDE Knowledge area

Ingeniería de sistemas y comunicaciones Sistemas de automatización, Sistemas de control

Subjects

DOI

10.1016/j.future.2019.10.022

Scopus EID

2-s2.0-85074374474

Source

Future Generation Computer Systems

ISSN of the container

0167739X

Sponsor(s)

Jorge Maestre Vidal ( https://jmaestrevidal.com ) is PhD. in Computer Science, and Senior Specialist in cyber defense at Indra, being part of its Digital Labs division. He is the Technical Coordinator of the Indra’s solutions for Cyber Situational Awareness acquisition for supporting military decision-making, leading the related technical activites conducted on National and International innovation programmes, like the EDA projects Cyber Defence Situation Awareness Package - Rapid Research Prototype (CySAP-RRP) (EDA 16.CAT.OP.078.) or Generation of Data Sets for Validation of Cyber Defence Tools (Cat. B FC B-1508-GP). He is former member of the Department of Software Engineering and Artificial Intelligence (DISIA) of the Faculty of Computer Science and Engineering at the Complutense University of Madrid (UCM), Spain. He received a Computer Science Engineering degree from the UCM in 2012, and a master degree in Research in Computer Science in 2013. In 2016 he was Visiting Research at Instituto de Telecomunicações (IT), Aveiro, Portugal. His academic experience includes teaching, direction of final degrees projects and partitipation at postgraduate tribunals (Master and Doctoral degrees) . In addition, he participated in projects funded by private organizations (Banco Santander, Safelayer Secure Communications S.A., etc.) and public institutions (NATO, EDA, FP7, Horizon 2020, Plan Nacional de I+D+i, Spanish Ministry of Defense, etc.). He was recently participant in the European projects SELFNET (H2020-ICT-2014- 2/671672) and RAMSES (H2020-FCT-04-2015/700326), currently leading the Indra’s technical partitipation in the Full Spectrum Situational Awareness (T-SHARK) programme of the SPARTA (H2020-FCT-2015/83089) project. He is collaborator of the 5G-PPP Security WG and the EDA Cyber Defence CapTech. His main research interests are Artificial Intelligence, Information Security and the emerging Communication Technologies, where he has significant background proved by publications in several research journals (Knowledge-Based Systems, Swarm and Evolutionary Computation, Journal of Network and Computer Applications, etc.), conferences (ARES, EuroS&P, ICIT, RAID, etc.), experience as peer-reviewer (Elsevier, MDPI, IEEE, Adelaide, etc.) and member of different organizing/technical committees (ICSP-AS, SDN-NGAS, ICQNM, AIR, etc.). He is evaluator of the National Fund for Scientific and Technological Development (FONDECYT) of the Chilean National Commission for Scientific and Technological Research (CONICYT). This work is funded by the European Commission Horizon 2020 Programme under grant agreement number 830892, as part of the project H2020-SU-ICT-03-2018/830892 SPARTA: Special projects for advanced research and technology in Europe Marco Antonio Sotelo Monge holds a Ph.D. in Computer Science from the University Complutense of Madrid (2018), where he has worked as a researcher at the Department of Artificial Intelligence and Software Engineering. Marco Antonio is currently a lecturer at Universidad de Lima. His main research areas include 5G networks, Information Security, SDN/NFV, and Artificial Intelligence; and the outcomes of his research activity have been disseminated in specialized scientific journals and international conferences, both as author and peer reviewer (IEEE, Elsevier, MDPI, Inderscience). He also holds professional experience in the areas of Information Technology and Quality Assurance in education, activities that have combined with teaching since 2007 in Peru, and since 2015 in Spain. Over the past few years, he has participated in research projects funded by the Horizon 2020 Programme of the European Commission. An excellence scholarship awarded by the Peruvian Ministry of Education in 2013 enabled him to conduct postgraduate studies in Spain, where he developed his research career afterwards. Thanks to the Secretariat of Education, Technology and Innovation of Mexico City (SECTEI) for their support with the third author’s postdoctoral fellowship during his studies at the Complutense University of Madrid.

Sources of information: Directorio de Producción Científica Scopus

Options