* update 2024-01-10 06:17:10

arXiv_db/Malware/2024.md

@@ -42,3 +42,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-01-08 12:52:59 - Survey and Analysis of DNS Filtering Components</summary>
+
+- *Jonathan Magnusson*
+
+- `2401.03864v1` - [abs](http://arxiv.org/abs/2401.03864v1) - [pdf](http://arxiv.org/pdf/2401.03864v1)
+
+> The Domain Name System (DNS) comprises name servers translating domain names into, commonly, IP addresses. Authoritative name servers hosts the resource records (RR) for certain zones, and resolver name servers are responsible for querying and answering DNS queries on behalf of their clients. Unfortunately, cybercriminals often use DNS for malicious purposes, such as phishing, malware distribution, and botnet communication. To combat these threats, filtering resolvers have become increasingly popular, employing various techniques to identify and block malicious requests. In this paper, we survey several techniques to implement and enhance the capabilities of filtering resolvers including response policy zones, threat intelligence feeds, and detection of algorithmically generated domains. We identify the current trends of each area and find missing intersections in the literature, which could be used to improve the effectiveness of filtering resolvers. In addition, we propose future work designing a framework for filtering resolvers using state-of-the-art approaches identified in this study.
+
+</details>
+
+<details>
+
+<summary>2024-01-08 17:12:45 - Transcending Transcend: Revisiting Malware Classification in the Presence of Concept Drift</summary>
+
+- *Federico Barbero, Feargus Pendlebury, Fabio Pierazzi, Lorenzo Cavallaro*
+
+- `2010.03856v6` - [abs](http://arxiv.org/abs/2010.03856v6) - [pdf](http://arxiv.org/pdf/2010.03856v6)
+
+> Machine learning for malware classification shows encouraging results, but real deployments suffer from performance degradation as malware authors adapt their techniques to evade detection. This phenomenon, known as concept drift, occurs as new malware examples evolve and become less and less like the original training examples. One promising method to cope with concept drift is classification with rejection in which examples that are likely to be misclassified are instead quarantined until they can be expertly analyzed.   We propose TRANSCENDENT, a rejection framework built on Transcend, a recently proposed strategy based on conformal prediction theory. In particular, we provide a formal treatment of Transcend, enabling us to refine conformal evaluation theory -- its underlying statistical engine -- and gain a better understanding of the theoretical reasons for its effectiveness. In the process, we develop two additional conformal evaluators that match or surpass the performance of the original while significantly decreasing the computational overhead. We evaluate TRANSCENDENT on a malware dataset spanning 5 years that removes sources of experimental bias present in the original evaluation. TRANSCENDENT outperforms state-of-the-art approaches while generalizing across different malware domains and classifiers.   To further assist practitioners, we determine the optimal operational settings for a TRANSCENDENT deployment and show how it can be applied to many popular learning algorithms. These insights support both old and new empirical findings, making Transcend a sound and practical solution for the first time. To this end, we release TRANSCENDENT as open source, to aid the adoption of rejection strategies by the security community.
+
+</details>
+