Aggregated Machine Learning on Indicators of Compromise

Abstract

The increasing ubiquity of mobile computing technology has lead to new trends in many different sectors. Bring Your Own Device is one such growing trend in the workplace, because it allows enterprise organizations to benefit from the power of distributed computing and communications equipment that their employees have already purchased. Unfortunately, the integration of a diverse set of mobile devices (e.g., smart phones, tablets, etc.) presents enterprise systems with new challenges, including new attack vectors for malware. Malware mitigation for mobile technology is a long-standing problem for which there is not yet a good solution. In this paper, we focus on identifying malicious applications, and verifying the absence of malicious or vulnerable code in applications that the enterprises and their users seek to utilize. Our analysis toolbox includes static analysis and permissions risk scoring, pre-installation vetting techniques designed to insure that malware is never installed in devices on an enterprise network. However, dynamic code-loading techniques and changing security requirements mean that apps which previously passed the verification process, and have been installed on devices, may no longer meet security standards, and may be malicious. To identify these apps, and prevent future installation of them, we propose a crowd-sourced behavioral analysis technique, using machine learning to identify malicious activity through anomalies in system calls, network behavior, and power consumption. These techniques apply effectively to single user devices over time, and to individual devices within an enterprise network.

Document Details

Document Type

Technical Report

Publication Date

Jul 01, 2019

Accession Number

AD1077818

Entities

Tags