Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Transfer Learning in Pre-Trained Large Language Models for Malware Detection Based on System Calls (2405.09318v1)

Published 15 May 2024 in cs.CR and cs.LG

Abstract: In the current cybersecurity landscape, protecting military devices such as communication and battlefield management systems against sophisticated cyber attacks is crucial. Malware exploits vulnerabilities through stealth methods, often evading traditional detection mechanisms such as software signatures. The application of ML/DL in vulnerability detection has been extensively explored in the literature. However, current ML/DL vulnerability detection methods struggle with understanding the context and intent behind complex attacks. Integrating LLMs with system call analysis offers a promising approach to enhance malware detection. This work presents a novel framework leveraging LLMs to classify malware based on system call data. The framework uses transfer learning to adapt pre-trained LLMs for malware detection. By retraining LLMs on a dataset of benign and malicious system calls, the models are refined to detect signs of malware activity. Experiments with a dataset of over 1TB of system calls demonstrate that models with larger context sizes, such as BigBird and Longformer, achieve superior accuracy and F1-Score of approximately 0.86. The results highlight the importance of context size in improving detection rates and underscore the trade-offs between computational complexity and performance. This approach shows significant potential for real-time detection in high-stakes environments, offering a robust solution to evolving cyber threats.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (22)
  1. Cyber threats and cyber deception in hybrid warfare. Acta Polytechnica Hungarica, 18(3):25–45, 2021.
  2. When autonomous intelligent goodware will fight autonomous intelligent malware: A possible future of cyber defense. In MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM), pages 1–7. IEEE, 2019.
  3. Trusting artificial intelligence in cybersecurity is a double-edged sword. Nature Machine Intelligence, 1(12):557–560, 2019.
  4. Cybersecurity data science: an overview from machine learning perspective. Journal of Big data, 7:1–29, 2020.
  5. Large language models in cybersecurity: State-of-the-art. arXiv preprint arXiv:2402.00891, 2024.
  6. Fundamentals of generative large language models and perspectives in cyber-defense. arXiv preprint arXiv:2303.12132, 2023.
  7. Malwspecsys: A dataset containing syscalls of an iot spectrum sensor affected by heterogeneous malware, 2022.
  8. Sequencegram: n-gram modeling of system calls for program based anomaly detection. In 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011), pages 1–10. IEEE, 2011.
  9. Malgra: Machine learning and n-gram malware feature extraction and detection system. Electronics, 9(11):1777, 2020.
  10. Privacy-preserving and syscall-based intrusion detection system for iot spectrum sensors affected by data falsification attacks. IEEE Internet of Things Journal, 2022.
  11. Language models for novelty detection in system call traces. arXiv preprint arXiv:2309.02206, 2023.
  12. Lstm-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems. arXiv preprint arXiv:1611.01726, 2016.
  13. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):1–22, 2019.
  14. Can language models help in system security? investigating log anomaly detection using bert. In Proceedings of the The 20th Annual Workshop of the Australasian Language Technology Association, pages 139–147, 2022.
  15. Bert-log: Anomaly detection for system logs based on pre-trained language model. Applied Artificial Intelligence, 36(1):2145642, 2022.
  16. Electrosense: Open and big spectrum data. IEEE Communications Magazine, 56(1):210–217, 2017.
  17. Hammerzeit. BASHLITE. https://github.com/hammerzeit/BASHLITE, 2016. Last accessed: 15 April, 2024.
  18. Nccgroup. The Tick – A simple embedded Linux backdoor. https://github.com/nccgroup/thetick/, 2021. Last accessed: 15 April, 2024.
  19. Error996. bedevil (bdvl). https://github.com/Error996/bdvl/, 2020. Last accessed: 15 April, 2024.
  20. Jimmyly00. Ransomware PoC GitHub repository. https://github.com/jimmy-ly00/Ransomware-PoC, 2020. Last accessed: 15 April, 2024.
  21. Huggingface’s transformers: State-of-the-art natural language processing. arXiv preprint arXiv:1910.03771, 2019.
  22. Intelligent and behavioral-based detection of malware in iot spectrum sensors. International Journal of Information Security, 22(3):541–561, 2023.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets