MLSEC 7 Flashcards
Malware
Software with malicious functionality
Available defense measures against malware
Signature-based detection (anti-malware tools)
Hardened design of operating systems
Learning-based detection approaches
Malware Clustering
Automatic analysis
Feature extraction
Clustering
Manual analysis
Automatic static analysis
Inspection of malicious code and files
Automatic dynamic analysis
Observation of program behavior of malware
Automatic traffic analysis
Monitoring of network traffic of malware
K-means Clustering
Compact representation of clusters by centroids
Probabilistic interpretation possible (generative model)
Number of clusters needs to be specified in advance
Linkage Clustering
No explicit vector space is necessary; distances sufficient
Hierarchical representation of clustered data
Quadratic memory and run-time complexity
Evasion of Static analysis
obfuscation
polymorphism
Evasion of Dynamic analysis
dormant code
sandbox detection
Evasion of Network analysis
encrypted traffic
covert channels
Evasion of clustering
Injection of random and fake behavior
