@inproceedings{2677b2d799df4cd0ba723c7c3632a811,
title = "AI ATAC 1: An Evaluation of Prominent Commercial Malware Detectors",
abstract = "This work presents an evaluation of six prominent commercial endpoint malware detectors, a network malware detector, and a file-conviction algorithm from a cyber technology vendor. The evaluation was administered as the first of the Artificial I ntelligence Applications t o Autonomous Cybersecurity (AI ATAC) prize challenges, funded by / completed in service of the US Navy. The experiment employed 100K files (50/50% benign/malicious) with a stratified distribution of file types, including 1K zero-day program executables (increasing experiment size two orders of magnitude over previous work). We present an evaluation process of delivering a file to a fresh virtual machine donning the detection technology, waiting 90s to allow static detection, then executing the file and waiting another period for dynamic detection; this allows greater fidelity in the observational data than previous experiments, in particular, resource and time-to-detection statistics. To execute all 800K trials (100K files × 8 tools), a software framework is designed to choreograph the experiment into an automated, time-synced, and reproducible workflow with substantial parallelization. Software with base classes for this framework are provided. A cost-benefit model was configured to integrate the tools' detection statistics into a comparable quantity by simulating costs of use. This provides a ranking methodology for cyber competitions and a lens for reasoning about the varied statistical results. The results provide insights on state of commercial malware detection.",
keywords = "cost benefit analysis, dynamic analysis, endpoint detection, evaluation, intrusion detection, machine learning, malware detection, network detection, static analysis, test",
author = "Bridges, {Robert A.} and Brian Weber and Beaver, {Justin M.} and Smith, {Jared M.} and Verma, {Miki E.} and Savannah Norem and Kevin Spakes and Cory Watson and Nichols, {Jeff A.} and Brian Jewell and Iannacone, {Michael D.} and Stahl, {Chelsey Dunivan} and Huffer, {Kelly M.T.} and Oesch, {T. Sean}",
note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE International Conference on Big Data, BigData 2023 ; Conference date: 15-12-2023 Through 18-12-2023",
year = "2023",
doi = "10.1109/BigData59044.2023.10386590",
language = "English",
series = "Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "1620--1629",
editor = "Jingrui He and Themis Palpanas and Xiaohua Hu and Alfredo Cuzzocrea and Dejing Dou and Dominik Slezak and Wei Wang and Aleksandra Gruca and Lin, {Jerry Chun-Wei} and Rakesh Agrawal",
booktitle = "Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023",
}