Visible to the public Countering Malware Via Decoy Processes with Improved Resource Utilization Consistency

TitleCountering Malware Via Decoy Processes with Improved Resource Utilization Consistency
Publication TypeConference Paper
Year of Publication2019
AuthorsSutton, Sara, Bond, Benjamin, Tahiri, Sementa, Rrushi, Julian
Conference Name2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)
Date Publisheddec
KeywordsBIOS Security, control flow graphs, decoy process, decoy processes, defensive deception, flow graphs, Heating systems, heatmap training mechanism, human factors, invasive software, learning (artificial intelligence), machine learning, Malware, Metrics, neural nets, Neural Network, Neural networks, Probes, pubcrawl, resilience, Resiliency, resource allocation, Resource management, resource utilization consistency, Scalability, Training
AbstractThe concept of a decoy process is a new development of defensive deception beyond traditional honeypots. Decoy processes can be exceptionally effective in detecting malware, directly upon contact or by redirecting malware to decoy I/O. A key requirement is that they resemble their real counterparts very closely to withstand adversarial probes by threat actors. To be usable, decoy processes need to consume only a small fraction of the resources consumed by their real counterparts. Our contribution in this paper is twofold. We attack the resource utilization consistency of decoy processes provided by a neural network with a heatmap training mechanism, which we find to be insufficiently trained. We then devise machine learning over control flow graphs that improves the heatmap training mechanism. A neural network retrained by our work shows higher accuracy and defeats our attacks without a significant increase in its own resource utilization.
Citation Keysutton_countering_2019