Session

Towards Explainable Representations of Malware Behavior

We address the problems of (a) detecting malware in network telemetry logs and (b) providing a comprehensible explanation of behavioral patterns that identify the malware. We develop a neural network which processes a sequence of events observed on a network host and detects the presence of malware. Shapley values are then used to highlight events that jointly constitute the characteristic behavioral pattern of the malware. We demonstrate this architecture on detection of the njRAT malware.

Biography

I am a Postdoc at the University of Potsdam. I received a Master’s Degree in Computer Science (Diplominformatiker) in 2010 and a Ph.D. (Dr. rer. nat.) in 2016 from the University of Potsdam. I am interested in machine learning. My current research interests lie in generative adversarial networks, and data science. Machine learning has many diverse applications, and I am working on some of them: computer security (detecting of malware, analysis of encrypted network traffic), precision medicine, and model-building for various applications.

Latest news

3 reasons you need to be at CyberSec&AI ...

Partnerships and collaborations drive progress and technological advances. With travel restrictions ...

Podcast: Avast’s Michal Pechoucek on what e...

Michal is one of the chief architects behind CyberSec&AI Connected, which takes place online on ...

Bobby Filar, Lead Data Scientist at Elastic, ...

Bobby Filar is the Lead Data Scientist at Elastic where he employs machine learning and natural lang...

Professor Lorenzo Cavallaro on adversarial ma...

Lorenzo leads the Systems Security Research Lab where he specializes in the intersection of program ...