Use this URL to cite or link to this record in EThOS:
Title: Machine learning techniques for evolving threats
Author: Jordaney, Roberto
ISNI:       0000 0004 8500 7147
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Access from Institution:
Malicious threats pose a serious problem for everyday activities. The number of attacks are always increasing and automatic means of analysis have been employed to deal with this growth. In this scenario, it is difficult to trust the automatic decision making-criteria because they are often based on the assumption that the objects used to learn the malicious patterns are similar to the ones in need of an assessment. This is usually not the case because the strategy perpetrated by malicious actors is ever-evolving to defeat new defence mechanisms. For this reason, I have developed Conformal Evaluator, a statistical assessment framework that provides quality measures to the decisions of an existing classifier. The goal of the framework is to enrich the information provided by the classifier with quality measures. With this framework, I assessed the quality of the decisionmaking process of 3 algorithms and provided interesting insights. Using conformal evaluator framework, I developed Transcend, a technique that aims to identify the start of the performance degradation due to a change in the testing distribution. Transcend is then successfully applied to 2 algorithms on an Android binary and a Windows malware multiclass classification settings. This technique shows that it is possible to identify thresholds below which it is not wise to trust the outcome of a classification. To further investigate the link between malicious actors and evolving malicious strategies I looked into the beginning of an infection. The first step is often that a malicious software is downloaded and installed by an unaware user. Cyber criminals often target users with online malicious campaigns inducing them to install malicious software. To tackle this problem, I developed an algorithm that aims to identify malicious downloads before the actual executable is downloaded. The system was tested with the traffic generated from a major US university producing interesting results.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available
Keywords: machine learning ; malware ; Malware classification