Show simple item record

dc.contributor.authorMaestre Vidal, Jorge
dc.contributor.authorSotelo Monge, Marco Antonio
dc.contributor.authorMartínez Monterrubio, Sergio Mauricio
dc.contributor.otherSotelo Monge, Marco Antonio
dc.date.accessioned2019-11-11T19:32:27Z
dc.date.available2019-11-11T19:32:27Z
dc.date.issued2020
dc.identifier.citationMaestre Vidal, J., Sotelo Monge, M. A., & Martínez Monterrubio, S. (2020). EsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threats. Future Generation Computer Systems, 104, 159-173. https://doi.org/10.1016/j.future.2019.10.022es_PE
dc.identifier.issn0167-739X
dc.identifier.urihttps://hdl.handle.net/20.500.12724/9671
dc.description.abstractThe emergent communication technologies landscape has consolidated the anomaly-based intrusion detection paradigm as one of the most prominent solutions able to discover unprecedented malicious traits. It relied on building models of the normal/legitimate activities registered at the protected systems, from them analyzing the incoming observations looking for significant discordances that may reveal misbehaviors. But in the last years, the adversarial machine learning paradigm introduced never-seen-before evasion procedures able to jeopardize the traditional anomaly-based methods, thus entailing one of the major emerging challenges in the cybersecurity landscape. With the aim on contributing to their adaptation against adversarial threats, this paper presents EsPADA (Enhanced Payload Analyzer for malware Detection robust against Adversarial threats), a novel approach built on the grounds of the PAYL sensor family. At the SPARTA Training stage, both normal and adversarial models are constructed according to features extracted by N-gram, which are stored within Counting Bloom Filters (CBF). In this way it is possible to take advantage of both binary-based and spectral-based traffic modeling procedures for malware detection. At Detection stage, the payloads to be analyzed are collected from the protected environment and compared with the usage models previously built at Training. This leads to calculate different scores that allow to discriminate their nature (normal or suspicious) and to assess the labeling coherency, the latest studied for estimating the likelihood of the payload disguising mimicry attacks. The effectiveness of EsPADA was demonstrated on the public datasets DARPA'99 and UCM 2011 by achieving promising preliminarily results.en_EN
dc.formatapplication/html
dc.language.isospa
dc.publisherElsevier
dc.relation.ispartofurn:issn:0167-739X
dc.relation.urihttps://doi.org/10.1016/j.future.2019.10.022
dc.rightsinfo:eu-repo/semantics/restrictedAccess*
dc.sourceRepositorio Institucional Ulima
dc.sourceUniversidad de Lima
dc.subjectMalware (Computer software)en_EN
dc.subjectData protectionen_EN
dc.subjectComputer networksen_EN
dc.subjectMalware (Programa para computadora)es_PE
dc.subjectSeguridad informáticaes_PE
dc.subjectRedes de computadoreses_PE
dc.subject.classificationPendientees_PE
dc.titleEsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threatsen_EN
dc.typeinfo:eu-repo/semantics/article
dc.type.otherArtículo en Scopus
ulima.areas.lineasdeinvestigacionProductividad y empleo / Innovación: tecnologías y productoses_PE
dc.identifier.journalFuture Generation Computer Systems
dc.publisher.countryNL
dc.identifier.doihttps://doi.org/10.1016/j.future.2019.10.022
ulima.catOI
ulima.autor.afiliacionUniversidad de Lima
ulima.autor.carrera(No figura en la lista del año 2019-1)
dc.identifier.isni0000000121541816
dc.identifier.scopusid2-s2.0-85074374474


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record