FeatureSmith- Learning to Detect Malware by Mining the Security Literature - USENIX Enigma 2017

Explore the potential of automating feature engineering for malware detection in this conference talk from USENIX Enigma 2017. Learn about FeatureSmith, a system that synthesizes knowledge from thousands of research papers to engineer features for machine learning classifiers. Discover how this approach compares to manual feature engineering in Android malware detection, achieving comparable performance to state-of-the-art detectors. Understand the challenges of feature engineering in security applications and how FeatureSmith addresses them by suggesting informative features and linking them to human-understandable concepts. Gain insights into the evolution of knowledge in malware detection and the potential alternatives to traditional approaches.

Intro
Security and Machine Learning
Running Example: Android Malware Detection • How should we compare samples? - Permissions
Dilemma
Plato's Allegory of the Cave
Challenge #1
Challenge #2
Intuition for Automatic Feature Engineering
Behavior Extraction
Behavior Understanding • Link behaviors to concrete features
Semantic Network Example
How Well Does This Work?
Auto vs. Manual: Experiment
Auto vs. Manual: Features
Auto vs. Manual: Detection Performance
Knowledge Evolution
Alternatives
In A Nutshell