A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness

Author

Thomas E. Dube

Date of Award

9-15-2011

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Department of Electrical and Computer Engineering

First Advisor

Richard A. Raines, PhD.

Abstract

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. MaTR outperforms leading static heuristic methods with a statistically significant 1% improvement in detection accuracy and 85% and 94% reductions in false positive and false negative rates respectively. Against a set of publicly unknown malware, MaTR detection accuracy is 98.56%, a 65% performance improvement over the combined effectiveness of three commercial antivirus products.

AFIT Designator

AFIT-DCE-ENG-11-07

DTIC Accession Number

ADA549147

Recommended Citation

Dube, Thomas E., "A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness" (2011). Theses and Dissertations. 1379.
https://scholar.afit.edu/etd/1379