Malvidence - a cognitive malware characterization framework

Simple item page
dc.contributor.authorKhan, Muhammad Salman
dc.contributor.examiningcommitteeMcLeod, Robert (Electrical and Computer Engineering) Kinsner, Witold (Electrical and Computer Engineering) Goertzen, Andrew (Physics and Astronomy) Wang, Yingxu (Electrical and Computer Engineering, University of Calgary)en_US
dc.contributor.supervisorFerens, Ken (Electrical and Computer Engineering)en_US
dc.date.accessioned2018-12-19T20:36:49Z
dc.date.available2018-12-19T20:36:49Z
dc.date.issued2018-12-13en_US
dc.date.submitted2018-12-13T21:52:04Zen
dc.degree.disciplineElectrical and Computer Engineeringen_US
dc.degree.levelDoctor of Philosophy (Ph.D.)en_US
dc.description.abstractThe challenges of cyber security have outpaced the advantages of cyber tools and technologies. In 2018, World Economic Forum has already placed cyber security in the top five risks faced by the world. Cyber threats are evolving and can cripple economies and nations. The major tools of cyber threats are anonymity, deception and uncertainty. Current state of the art research is also evolving into addressing these challenges by applying new and proactive threat hunting approaches instead of doing reactive cyber defense, which is proving futile. Malware is an indispensable tool of cyber threat actors to accomplish malicious activities i.e. exfiltration, espionage and disruption. Using advanced obfuscation and mutation methods, malware adversaries are able to remain ahead of cyber defenders. Most malware detection technologies are based on finding a-priori known signatures of malware payload or known patterns of malware behavior. This dissertation addresses the challenge of hunting unknown behaviorally mutated malware inside a host computer by proposing a proof of concept framework named Malvidence for characterizing malware behavior within a host operating system process tree using cognitive machine intelligence. Using Malvidence framework, tools and techniques can be derived for variety of cyber security methods for threat detection. Cognitive Computing is a promising domain of machine intelligence which explores and develops new tools to incorporate human cognitive characteristics so that the performance of existing domain of artificial intelligence and machine learning can be improved. Therefore, cognitive complexity based fractal analysis is demonstrated and a methodology of extracting inherent but hidden patterns of malware dynamics using a temporal graph theoretical approach is proposed. Further, a set of graph theoretical features is analyzed and proposed for an effective characterization of malware behavior which can be subsequently used for malware hunting and detection. In addition, the proposed features are tested for their mathematical validity. Finally, using proposed cognitive complexity analysis, characterization performance of an unsupervised clustering algorithm is provided to demonstrate the validity of Malvidence framework.en_US
dc.description.noteFebruary 2019en_US
dc.identifier.citationMuhammad Salman Khan, Ken Ferens, & Witold Kinsner, (2015) “A cognitive multifractal approach to characterize complexity of non-stationary and malicious DNS data traffic using adaptive sliding window”, in proceedings of IEEE 14th Intl. Conf. Cognitive Informatics & Cognitive Computing (ICCI*CC15), Beijing, China, 2015. (doi: 10.1109/icci-cc.2015.7259368).en_US
dc.identifier.citationMuhammad Salman Khan, Ken Ferens, & Witold Kinsner, (2015) “A polyscale autonomous sliding window for cognitive machine classification of malicious Internet traffic”, in proceedings of 14th International Conference on Security and Management (SAM'15), WorldComp 2015, Las Vegas, USA, 2015.en_US
dc.identifier.citationMuhammad Salman Khan, Sana Siddiqui, Ken Ferens, & Witold Kinsner, (2016) "Spectral Fractal Dimension Trajectory (SFDT) to measure complexity of malicious attacks”, in proceedings of the International Conference on Security and Management (SAM’16), WorldComp 2016, Las Vegas, USA, 2016.en_US
dc.identifier.citationMuhammad Salman Khan, Ken Ferens, & Witold Kinsner, (2015) “Multifractal singularity spectrum for cognitive cyber defence in Internet time series”, in International Journal of Software Science and Computational Intelligence (IJSSCI), 2015 (doi: 10.4018/IJSSCI.2015070102).en_US
dc.identifier.citationMuhammad Salman Khan, Sana Siddiqui Robert D. McLeod, Ken Ferens, & Witold Kinsner, (2016) "Fractal based adaptive boosting algorithm for cognitive detection of computer malware”, in proceedings of 15th IEEE International Conference on Cognitive Informatics and Cognitive Computing (IEEE ICCI*CC 2016), Stanford University, USA. (doi: 10.1109/ICCI-CC.2016.7862074).en_US
dc.identifier.citationMuhammad Salman Khan, Sana Siddiqui, Ken Ferens, “Cognitive modeling of polymorphic malwares using fractal based semantic characterization”, in proceedings of IEEE 2017 International Conference on Technologies for Homeland Security (HST), pp. 1-7, April 2017, Waltham, MA, USA. (doi: 10.1109/THS.2017.7943487).en_US
dc.identifier.citationSana Siddiqui, Muhammad Salman Khan, Ken Ferens, & Witold Kinsner, “Fractal based cognitive neural network to detect obfuscated and indistinguishable Internet threats”, in proceedings of the 16th IEEE International Conference on Cognitive Informatics and Cognitive Computing (IEEE ICCI*CC 2017), July 2017, University of Oxford, UK.en_US
dc.identifier.citationSana Siddiqui, Muhammad Salman Khan, Ken Ferens, “Cognitive computing and multiscale analysis for cyber security” in Computer and Network Security Essentials Book, pp. 507-519, Ed. Kevin Daimi, Springer, 2017. (doi: 10.1007/978-3-319-58424-9_29).en_US
dc.identifier.citationMuhammad Salman Khan, Sana Siddiqui, Ken Ferens, “A cognitive and concurrent cyber kill chain model” in Computer and Network Security Essentials Book, pp. 585-602, Ed. Kevin Daimi, Springer, 2017. (doi: 10.1007/978-3-319-58424-9_34).en_US
dc.identifier.urihttp://hdl.handle.net/1993/33600
dc.language.isoengen_US
dc.rightsopen accessen_US
dc.subjectFractalsen_US
dc.subjectMalware mutationen_US
dc.subjectAnomaly detectionen_US
dc.subjectClusteringen_US
dc.subjectUnsupervised machine learningen_US
dc.subjectMalware characterization frameworken_US
dc.subjectEndpoint threat detectionen_US
dc.subjectEDRen_US
dc.subjectEndpoint detection and responseen_US
dc.subjectMicrosoft Windowsen_US
dc.subjectProcess treeen_US
dc.subjectPolymorphismen_US
dc.subjectMetamorphismen_US
dc.subjectClass imbalanceen_US
dc.subjectClass inseparabilityen_US
dc.subjectVariance fractal dimensionen_US
dc.subjectCorrelation fractal dimensionen_US
dc.subjectInformation fractal dimensionen_US
dc.subjectSpectral fractal dimensionen_US
dc.subjectGraph theoryen_US
dc.subjectTime graphsen_US
dc.subjectCognitive machine intelligenceen_US
dc.subjectCognitive computingen_US
dc.subjectCyber kill chainen_US
dc.subjectCognitive and concurrent cyber kill chainen_US
dc.subjectSemantic analysisen_US
dc.subjectFeaturesen_US
dc.subjectAttributesen_US
dc.subjectk-meansen_US
dc.subjectfBmen_US
dc.subjectFractional Brownian motion processen_US
dc.subjectCyber securityen_US
dc.subjectBehavioral analyticsen_US
dc.subjectHost anomaly detectionen_US
dc.subjectMalware data seten_US
dc.subjectSemanticsen_US
dc.subjectCyber threat huntingen_US
dc.subjectThreat modelen_US
dc.subjectFeature elicitationen_US
dc.subjectCyber defenseen_US
dc.subjectCyber event triageen_US
dc.subjectCSOCen_US
dc.subjectCyber Security Operation Centeren_US
dc.subjectMultiscale Analysisen_US
dc.subjectMultifractalen_US
dc.subjectAdvanced Persistent Threatsen_US
dc.subjectAPTen_US
dc.subjectObfuscationen_US
dc.subjectCyber deceptionen_US
dc.subjectCognitive informaticsen_US
dc.subjectComputational intelligenceen_US
dc.subjectSIEMen_US
dc.subjectSecurity information and event managementen_US
dc.subjectPenetration testingen_US
dc.subjectProactive cyber securityen_US
dc.titleMalvidence - a cognitive malware characterization frameworken_US
dc.typedoctoral thesisen_US
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
khan_muhammad.pdf
Size:
40.29 MB
Format:
Adobe Portable Document Format
Description:
Ph.D. Dissertation
Download
License bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
license.txt
Size:
2.2 KB
Format:
Item-specific license agreed to upon submission
Description:
Download
Collections
FGS - Electronic Theses and Practica