Share Your Research, Maximize Your Social Impacts
Main Menu
Searching By
PARTNERS
WORMA 2022 - 1st ACM WORKSHOP ON ROBUST MALWARE ANALYSIS (WORMA)
Topics/Call fo Papers
Malware research is a discipline of information security that aims to provide protection against unwanted and dangerous software. Since the mid-1980s, researchers in this area are leading a technological arms race against creators of malware. Many ideas have been proposed, to varying degrees of effectiveness, from more traditional systems security and program analysis to the use of AI and Machine Learning. Nevertheless, with increased technological complexity and despite more sophisticated defenses, malware’s impact has grown, rather than shrunk. It appears that the defenders are continually reacting to yesterday’s threats, only to be surprised by their today’s minor variations.
This lack of robustness is most apparent in signature matching, where malware is represented by a characteristic substring. The fundamental limitation of this approach is its reliance on falsifiable evidence. Mutating the characteristic substring, i.e., falsifying the evidence, is effective in evading detection, and cheaper than discovering the substring in the first place. Unsurprisingly, the same limitation applies to malware detectors based on machine learning, as long as they rely on falsifiable features for decision-making. Robust malware features are necessary.
Furthermore, robust methods for malware classification and analysis are needed across the board to overcome phenomena including, but not limited to, concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, and adversarial machine learning, while supporting robust explanations. This workshop solicits work that aims to advance robust malware analysis, with the goal of creating long-term solutions to the threats of today’s digital environment. Potential research directions are malware detection, benchmark datasets, environments for malware arms race simulation, and exploring limitations of existing work, among others.
Topics of Interest
Topics of interest include (but are not limited to):
Malware Analysis
Topics related to understanding the malicious actions exhibited by malware:
Identification of malware behaviors
Identification of code modules which implement specific behaviors
Unsupervised behavior identification
Machine Learning and AI for behavior identification
Reliable parsing of file formats and program code
De-obfuscation and de-cloaking of malware
Robust static and dynamic code analysis
Feature extraction in presence of adversaries
Robust signature generation and matching
Malware Detection
Topics related to techniques for malware detection:
Developing robust malware detection, malware family recognition, identification of novel malware families
Network-based malware analysis
Host-based malware analysis
Malware datasets: publication of new datasets for detection, e.g., family recognition, new family identification, behavior identification, generalization ability
Malware Attribution
Topics exploring methods and techniques to confidently attribute a piece of malware to its creators:
Binary and source-code attribution
Adversarial attribution
Malware Arms Race
Topics related to the malware arms race:
Virtual malware arms race environments and competition reports – automated bots of malware and detectors simultaneously attacking and defending networked hosts, adaptively co-evolving in their quest towards supremacy
Automated countermeasures to malware anti-analysis techniques, e.g., packing, anti-debugging, anti-emulation
Bypassing anti-malware (anti-virus), e.g., via problem-space adversarial modifications
Limitations of Malware Analysis
Topics exploring the limitations of existing research:
Experiments demonstrating the limitations in robustness of existing methods (for detection, unpacking, behavior analysis, etc.), datasets, defenses
Machine learning-based malware analysis and adversarial machine learning
Overcoming limitations – demonstrating methods resilient to, e.g., concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, adversarial machine learning
This lack of robustness is most apparent in signature matching, where malware is represented by a characteristic substring. The fundamental limitation of this approach is its reliance on falsifiable evidence. Mutating the characteristic substring, i.e., falsifying the evidence, is effective in evading detection, and cheaper than discovering the substring in the first place. Unsurprisingly, the same limitation applies to malware detectors based on machine learning, as long as they rely on falsifiable features for decision-making. Robust malware features are necessary.
Furthermore, robust methods for malware classification and analysis are needed across the board to overcome phenomena including, but not limited to, concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, and adversarial machine learning, while supporting robust explanations. This workshop solicits work that aims to advance robust malware analysis, with the goal of creating long-term solutions to the threats of today’s digital environment. Potential research directions are malware detection, benchmark datasets, environments for malware arms race simulation, and exploring limitations of existing work, among others.
Topics of Interest
Topics of interest include (but are not limited to):
Malware Analysis
Topics related to understanding the malicious actions exhibited by malware:
Identification of malware behaviors
Identification of code modules which implement specific behaviors
Unsupervised behavior identification
Machine Learning and AI for behavior identification
Reliable parsing of file formats and program code
De-obfuscation and de-cloaking of malware
Robust static and dynamic code analysis
Feature extraction in presence of adversaries
Robust signature generation and matching
Malware Detection
Topics related to techniques for malware detection:
Developing robust malware detection, malware family recognition, identification of novel malware families
Network-based malware analysis
Host-based malware analysis
Malware datasets: publication of new datasets for detection, e.g., family recognition, new family identification, behavior identification, generalization ability
Malware Attribution
Topics exploring methods and techniques to confidently attribute a piece of malware to its creators:
Binary and source-code attribution
Adversarial attribution
Malware Arms Race
Topics related to the malware arms race:
Virtual malware arms race environments and competition reports – automated bots of malware and detectors simultaneously attacking and defending networked hosts, adaptively co-evolving in their quest towards supremacy
Automated countermeasures to malware anti-analysis techniques, e.g., packing, anti-debugging, anti-emulation
Bypassing anti-malware (anti-virus), e.g., via problem-space adversarial modifications
Limitations of Malware Analysis
Topics exploring the limitations of existing research:
Experiments demonstrating the limitations in robustness of existing methods (for detection, unpacking, behavior analysis, etc.), datasets, defenses
Machine learning-based malware analysis and adversarial machine learning
Overcoming limitations – demonstrating methods resilient to, e.g., concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, adversarial machine learning
Other CFPs
- Workshop on the security implications of Deepfakes and Cheapfakes (WDC)
- 1st International Workshop on Cybersecurity and Social Sciences (CySSS)
- 8th ACM Cyber-Physical System Security Workshop (CPSS 2022)
- The 9th ACM ASIA Public-Key Cryptography Workshop
- 17th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS 2022)
Last modified: 2022-01-23 17:24:47