Show simple item record

dc.contributor.authorMaestre Vidal, Jorge
dc.contributor.authorSotelo Monge, Marco Antonio
dc.contributor.authorMartínez Monterrubio, Sergio Mauricio
dc.contributor.otherSotelo Monge, Marco Antonioes_PE
dc.date.accessioned2019-11-11T19:32:27Z
dc.date.available2019-11-11T19:32:27Z
dc.date.issued2020
dc.identifier.citationMaestre Vidal, J., Sotelo Monge, M. A., & Martínez Monterrubio, S. (2020). EsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threats. Future Generation Computer Systems, 104, 159-173. https://doi.org/10.1016/j.future.2019.10.022es_PE
dc.identifier.urihttps://hdl.handle.net/20.500.12724/9671
dc.descriptionIndexado en Scopuses_PE
dc.description.abstractThe emergent communication technologies landscape has consolidated the anomaly-based intrusion detection paradigm as one of the most prominent solutions able to discover unprecedented malicious traits. It relied on building models of the normal/legitimate activities registered at the protected systems, from them analyzing the incoming observations looking for significant discordances that may reveal misbehaviors. But in the last years, the adversarial machine learning paradigm introduced never-seen-before evasion procedures able to jeopardize the traditional anomaly-based methods, thus entailing one of the major emerging challenges in the cybersecurity landscape. With the aim on contributing to their adaptation against adversarial threats, this paper presents EsPADA (Enhanced Payload Analyzer for malware Detection robust against Adversarial threats), a novel approach built on the grounds of the PAYL sensor family. At the SPARTA Training stage, both normal and adversarial models are constructed according to features extracted by N-gram, which are stored within Counting Bloom Filters (CBF). In this way it is possible to take advantage of both binary-based and spectral-based traffic modeling procedures for malware detection. At Detection stage, the payloads to be analyzed are collected from the protected environment and compared with the usage models previously built at Training. This leads to calculate different scores that allow to discriminate their nature (normal or suspicious) and to assess the labeling coherency, the latest studied for estimating the likelihood of the payload disguising mimicry attacks. The effectiveness of EsPADA was demonstrated on the public datasets DARPA'99 and UCM 2011 by achieving promising preliminarily results.es_PE
dc.formatapplication/pdf
dc.language.isospaes_PE
dc.publisherElsevieres_PE
dc.relation.ispartofurn:issn:0167-739X
dc.relation.urihttps://doi.org/10.1016/j.future.2019.10.022
dc.rightsinfo:eu-repo/semantics/restrictedAccesses_PE
dc.sourceRepositorio Institucional - Ulimaes_PE
dc.sourceUniversidad de Limaes_PE
dc.subjectMalware (Programa para computadora)es_PE
dc.subjectSeguridad informáticaes_PE
dc.subjectRedes de computadoreses_PE
dc.subjectMalware (Computer software)en_EN
dc.subjectData protectionen_EN
dc.subjectComputer networksen_EN
dc.subject.classificationIngeniería de sistemas / Diseño y métodoses_PE
dc.titleEsPADA: Enhanced Payload Analyzer for malware Detection robust against Adversarial threatses_PE
dc.typeinfo:eu-repo/semantics/articlees_PE
dc.description.versioninfo:eu-repo/semantics/publishedVersion
dc.type.otherArtículo en Scopuses_PE
dc.identifier.journalFuture Generation Computer Systems
dc.publisher.countryNLes_PE
dc.subject.ocdeIngeniería de telecomunicaciones, Ingeniería de sistemases_PE
dc.identifier.doihttps://doi.org/10.1016/j.future.2019.10.022


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record