A team of researchers from the Los Alamos National Laboratory has introduced a new Microsoft Windows malware classification technique that uses artificial intelligence to identify novel malware families.
The method uses semi-supervised tensor decomposition methods and selected classification techniques, including a reject option, to enable cyber defense teams to classify malware families under conditions of class imbalance, LANL said Friday.
“The reject option is the model’s ability to say, ‘I do not know,’ instead of making a wrong decision, giving the model the knowledge discovery capability,” explained Maksim Eren, a scientist in advanced research in cyber systems at LANL.
With the reject option, security analysts can abstain predictions and gain confidence to apply the techniques to practical situations like novel threat detection.
“To the best of our knowledge, our paper sets a new world record by simultaneously classifying an unprecedented number of malware families, surpassing prior work by a factor of 29, in addition to operating under extremely difficult real-world conditions of limited data, extreme class-imbalance and with the presence of novel malware families,” Eren said.
Join the Potomac Officers Club’s 5th Annual Artificial Intelligence Summit on March 21 to hear more about cutting-edge AI innovations from government and industry experts. Register here.