Abstract
Today machine learning is primarily applied to low level features such as machine code and measurable behaviors. However, a great asset for exploit type classifications is public exploit databases. Unfortunately, these databases contain only meta-data (high level or abstract data) of these exploits. Considering that classification depends on the raw measurements found in the field, these databases have been overlooked. In this study, we offer two usages for these high level datasets and evaluate their performance. The first usage is classification by using meta-data as a bridge (supervised), and the second usage is the study of exploits’ relations using clustering and Self Organizing Maps (unsupervised). Both offer insights into exploit detection and can be used as a means to better define exploit classes.
The original version of this chapter was revised.
An erratum to this chapter can be found at DOI 10.1007/978-3-319-27179-8_20
An erratum to this chapter can be found at http://dx.doi.org/10.1007/978-3-319-27179-8_20
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The Exploit DataBase – http://www.exploit-db.com/.
- 2.
CTAGS by Darren Hiebert – http://ctags.sourceforge.net/.
References
Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS, vol. 9, pp 8–11. Citeseer (2009)
Bellman, R.E.: Adaptive Control Processes: A Guided Tour, vol. 4. Princeton University Press, Princeton (1961)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Breiman, L., Friedman, J., Stone, C.J., Olshen, R.A.: Classification and Regression Trees. CRC Press, Boca Raton (1984)
Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. Technical report, DTIC Document (2006)
Coppersmith, D., Hong, S.J., Hosking, J.R.: Partitioning nominal attributes in decision trees. Data Min. Knowl. Disc. 3(2), 197–217 (1999)
Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)
Ritter, H., Kohonen, T.: Self-organizing semantic maps. Biol. Cybern. 61(4), 241–254 (1989)
Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Secur. Inform. 1(1), 1–22 (2012)
Sung, A.H., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables (save). In: 20th Annual Computer Security Applications Conference, pp. 326–334. IEEE (2004)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 156–168. IEEE (2001)
Walenstein, A., Venable, M., Hayes, M., Thompson, C., Lakhotia, A.: Exploiting similarity between variants to defeat malware. In: Proceedings of the BlackHat DC Conference (2007)
Wespi, A., Debar, H.: Building an intrusion-detection system to detect suspicious process behavior. In: Recent Advances in Intrusion Detection (1999)
Acknowledgements
This research was supported by the Ministry of Science and Technology, Israel.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Mirsky, Y., Gross, N., Shabtai, A. (2015). Up-High to Down-Low: Applying Machine Learning to an Exploit Database. In: Bica, I., Naccache, D., Simion, E. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2015. Lecture Notes in Computer Science(), vol 9522. Springer, Cham. https://doi.org/10.1007/978-3-319-27179-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-27179-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27178-1
Online ISBN: 978-3-319-27179-8
eBook Packages: Computer ScienceComputer Science (R0)