FeatureSmith - Automatically Engineering Features for Malware Detection by Mining the Security Literature

Explore an innovative approach to malware detection in this conference talk from CCS 2016. Delve into the FeatureSmith system, which automatically engineers features by mining security literature. Learn how the authors, Ziyun Zhu and Tudor Dumitras from the University of Maryland, tackle the challenges of feature engineering in cybersecurity. Discover the system's architecture, including semantic network construction, feature inference, and feature explanation. Examine the benefits of this approach, such as improved feature ranking and the ability to generate new features. Gain insights into behavior extraction and understanding, and see how the system performs through ROC curve analysis. This 25-minute presentation covers key aspects of the research, from the initial dilemma in malware detection to the final conclusions, offering valuable knowledge for cybersecurity professionals and researchers.

Intro
Malware Detection
Dilemma
Feature Engineering Example
Outline
Behavior Extraction Example
Behavior Understanding
Corpus
Architecture - Semantic Network Construction
Architecture - Feature Inference
Architecture - Feature Explanation
ROC curve
Research Questions
Feature Ranking
Benefit #1 - Feature Explanation
Benefit N2 - New Features
Conclusion