Date of Award
3-10-2010
Document Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department
Department of Electrical and Computer Engineering
First Advisor
Richard Raines, PhD
Abstract
Detecting network intruders and malicious software is a significant problem for network administrators and security experts. New threats are emerging at an increasing rate, and current signature and statistics-based techniques are not keeping pace. Intelligent systems that can adapt to new threats are needed to mitigate these new strains of malware as they are released. This research detects malware based on its qualia, or essence rather than its low-level implementation details. By looking for the underlying concepts that make a piece of software malicious, this research avoids the pitfalls of static solutions that focus on predefined bit sequence signatures or anomaly thresholds. This research develops a novel, hierarchical modeling method to represent a computing system and demonstrates the representation’s effectiveness by modeling the Blaster worm. Using Latent Dirichlet Allocation and Support Vector Machines abstract concepts are automatically generated that can be used in the hierarchical model for malware detection. Finally, the research outlines a novel system that uses multiple levels of individual software agents that sharing contextual relationships and information across different levels of abstraction to make decisions. This qualia-based system provides a framework for developing intelligent classification and decision-making systems for a number of application areas.
AFIT Designator
AFIT-DCS-ENG-10-01
DTIC Accession Number
ADA516367
Recommended Citation
Birrer, Bobby D., "Developing a Qualia-Based Multi-Agent Architecture for Use in Malware Detection" (2010). Theses and Dissertations. 1963.
https://scholar.afit.edu/etd/1963