AI ATAC 1: An Evaluation of Prominent Commercial Malware Detectors

Robert A. Bridges, Brian Weber, Justin M. Beaver, Jared M. Smith, Miki E. Verma, Savannah Norem, Kevin Spakes, Cory Watson, Jeff A. Nichols, Brian Jewell, Michael D. Iannacone, Chelsey Dunivan Stahl, Kelly M.T. Huffer, T. Sean Oesch

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This work presents an evaluation of six prominent commercial endpoint malware detectors, a network malware detector, and a file-conviction algorithm from a cyber technology vendor. The evaluation was administered as the first of the Artificial I ntelligence Applications t o Autonomous Cybersecurity (AI ATAC) prize challenges, funded by / completed in service of the US Navy. The experiment employed 100K files (50/50% benign/malicious) with a stratified distribution of file types, including 1K zero-day program executables (increasing experiment size two orders of magnitude over previous work). We present an evaluation process of delivering a file to a fresh virtual machine donning the detection technology, waiting 90s to allow static detection, then executing the file and waiting another period for dynamic detection; this allows greater fidelity in the observational data than previous experiments, in particular, resource and time-to-detection statistics. To execute all 800K trials (100K files × 8 tools), a software framework is designed to choreograph the experiment into an automated, time-synced, and reproducible workflow with substantial parallelization. Software with base classes for this framework are provided. A cost-benefit model was configured to integrate the tools' detection statistics into a comparable quantity by simulating costs of use. This provides a ranking methodology for cyber competitions and a lens for reasoning about the varied statistical results. The results provide insights on state of commercial malware detection.

Original languageEnglish
Title of host publicationProceedings - 2023 IEEE International Conference on Big Data, BigData 2023
EditorsJingrui He, Themis Palpanas, Xiaohua Hu, Alfredo Cuzzocrea, Dejing Dou, Dominik Slezak, Wei Wang, Aleksandra Gruca, Jerry Chun-Wei Lin, Rakesh Agrawal
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1620-1629
Number of pages10
ISBN (Electronic)9798350324457
DOIs
StatePublished - 2023
Event2023 IEEE International Conference on Big Data, BigData 2023 - Sorrento, Italy
Duration: Dec 15 2023Dec 18 2023

Publication series

NameProceedings - 2023 IEEE International Conference on Big Data, BigData 2023

Conference

Conference2023 IEEE International Conference on Big Data, BigData 2023
Country/TerritoryItaly
CitySorrento
Period12/15/2312/18/23

Funding

The research is based on work supported by the US Department of Defense (DOD), Naval Information Warfare Systems Command (NAVWAR), via the US Department of Energy (DOE) under contract DE-AC05-00OR22725. The views and conclusions contained herein are those of the authors and should not be interpreted as representing the official p olicies o re ndorsements, e ither e xpressed o r i mplied, o f t he DOD, NAVWAR, or the US Government. The US Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation thereon. MIT licensed code containing base classes for the software described in this paper, as well as an example implementation of the framework is provided [1]. Authors thank Charlie Horak for the editorial review, Mike Karlbom for ongoing support and guidance; Jessica Briesacker for counseling. This manuscript has been co-authored by UT-Battelle, LLC under Contract No. DE-AC05-00OR22725 with the US DOE. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. The DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan). The research is based on work supported by the US Department of Defense (DOD), Naval Information Warfare Systems Command (NAVWAR), via the US Department of Energy (DOE) under contract DE-AC05-00OR22725. The views and conclusions contained herein are those of the authors and should not be interpreted as representing the official p olicies o r e ndorsements, e ither e xpressed o r i mplied, o f t he DOD, NAVWAR, or the US Government. The US Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation thereon.

FundersFunder number
U.S. Department of Defense
U.S. Department of EnergyDE-AC05-00OR22725
Government of South Australia
Naval Information Warfare Systems Command
UT-Battelle

    Keywords

    • cost benefit analysis
    • dynamic analysis
    • endpoint detection
    • evaluation
    • intrusion detection
    • machine learning
    • malware detection
    • network detection
    • static analysis
    • test

    Fingerprint

    Dive into the research topics of 'AI ATAC 1: An Evaluation of Prominent Commercial Malware Detectors'. Together they form a unique fingerprint.

    Cite this