* update 2024-11-29 06:21:24

arXiv_db/Malware/2024.md

@@ -3682,3 +3682,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-11-27 13:28:43 - Using Malware Detection Techniques for HPC Application Classification</summary>
+
+- *Thomas Jakobsche, Florina M. Ciorba*
+
+- `2411.18327v1` - [abs](http://arxiv.org/abs/2411.18327v1) - [pdf](http://arxiv.org/pdf/2411.18327v1)
+
+> HPC systems face security and compliance challenges, particularly in preventing waste and misuse of computational resources by unauthorized or malicious software that deviates from allocation purpose. Existing methods to classify applications based on job names or resource usage are often unreliable or fail to capture applications that have different behavior due to different inputs or system noise. This research proposes an approach that uses similarity-preserving fuzzy hashes to classify HPC application executables. By comparing the similarity of SSDeep fuzzy hashes, a Random Forest Classifier can accurately label applications executing on HPC systems including unknown samples. We evaluate the Fuzzy Hash Classifier on a dataset of 92 application classes and 5333 distinct application samples. The proposed method achieved a macro f1-score of 90% (micro f1-score: 89%, weighted f1-score: 90%). Our approach addresses the critical need for more effective application classification in HPC environments, minimizing resource waste, and enhancing security and compliance.
+
+</details>
+
+<details>
+
+<summary>2024-11-27 17:03:00 - Living off the Analyst: Harvesting Features from Yara Rules for Malware Detection</summary>
+
+- *Siddhant Gupta, Fred Lu, Andrew Barlow, Edward Raff, Francis Ferraro, Cynthia Matuszek, Charles Nicholas, James Holt*
+
+- `2411.18516v1` - [abs](http://arxiv.org/abs/2411.18516v1) - [pdf](http://arxiv.org/pdf/2411.18516v1)
+
+> A strategy used by malicious actors is to "live off the land," where benign systems and tools already available on a victim's systems are used and repurposed for the malicious actor's intent. In this work, we ask if there is a way for anti-virus developers to similarly re-purpose existing work to improve their malware detection capability. We show that this is plausible via YARA rules, which use human-written signatures to detect specific malware families, functionalities, or other markers of interest. By extracting sub-signatures from publicly available YARA rules, we assembled a set of features that can more effectively discriminate malicious samples from benign ones. Our experiments demonstrate that these features add value beyond traditional features on the EMBER 2018 dataset. Manual analysis of the added sub-signatures shows a power-law behavior in a combination of features that are specific and unique, as well as features that occur often. A prior expectation may be that the features would be limited in being overly specific to unique malware families. This behavior is observed, and is apparently useful in practice. In addition, we also find sub-signatures that are dual-purpose (e.g., detecting virtual machine environments) or broadly generic (e.g., DLL imports).
+
+</details>
+