Computer Science > Cryptography and Security
arXiv:2301.04314 (cs)
[Submitted on 11 Jan 2023 (v1), last revised 6 Mar 2023 (this version, v2)]
Title:ML-FEED: Machine Learning Framework for Efficient Exploit Detection
View a PDF of the paper titled ML-FEED: Machine Learning Framework for Efficient Exploit Detection, by Tanujay Saha and Tamjid Al-Rahat and Najwa Aaraj and Yuan Tian and Niraj K. Jha
View PDFAbstract:Machine learning (ML)-based methods have recently become attractive for detecting security vulnerability exploits. Unfortunately, state-of-the-art ML models like long short-term memories (LSTMs) and transformers incur significant computation overheads. This overhead makes it infeasible to deploy them in real-time environments. We propose a novel ML-based exploit detection model, ML-FEED, that enables highly efficient inference without sacrificing performance. We develop a novel automated technique to extract vulnerability patterns from the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) databases. This feature enables ML-FEED to be aware of the latest cyber weaknesses. Second, it is not based on the traditional approach of classifying sequences of application programming interface (API) calls into exploit categories. Such traditional methods that process entire sequences incur huge computational overheads. Instead, ML-FEED operates at a finer granularity and predicts the exploits triggered by every API call of the program trace. Then, it uses a state table to update the states of these potential exploits and track the progress of potential exploit chains. ML-FEED also employs a feature engineering approach that uses natural language processing-based word embeddings, frequency vectors, and one-hot encoding to detect semantically-similar instruction calls. Then, it updates the states of the predicted exploit categories and triggers an alarm when a vulnerability fingerprint executes. Our experiments show that ML-FEED is 72.9x and 75,828.9x faster than state-of-the-art lightweight LSTM and transformer models, respectively. We trained and tested ML-FEED on 79 real-world exploit categories. It predicts categories of exploit in real-time with 98.2% precision, 97.4% recall, and 97.8% F1 score. These results also outperform the LSTM and transformer baselines.
| Comments: | This paper has been published in The Fourth IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, 2022 |
| Subjects: | Cryptography and Security (cs.CR) |
| Cite as: | arXiv:2301.04314 [cs.CR] |
| (orarXiv:2301.04314v2 [cs.CR] for this version) | |
| https://doi.org/10.48550/arXiv.2301.04314 arXiv-issued DOI via DataCite |
Submission history
From: Tanujay Saha [view email][v1] Wed, 11 Jan 2023 05:28:44 UTC (5,344 KB)
[v2] Mon, 6 Mar 2023 22:48:01 UTC (5,344 KB)
Full-text links:
Access Paper:
- View PDF
- TeX Source
- Other Formats
View a PDF of the paper titled ML-FEED: Machine Learning Framework for Efficient Exploit Detection, by Tanujay Saha and Tamjid Al-Rahat and Najwa Aaraj and Yuan Tian and Niraj K. Jha
References & Citations
Bookmark
Bibliographic and Citation Tools
Bibliographic Explorer(What is the Explorer?)
Connected Papers(What is Connected Papers?)
Litmaps(What is Litmaps?)
scite Smart Citations(What are Smart Citations?)
Code, Data and Media Associated with this Article
alphaXiv(What is alphaXiv?)
CatalyzeX Code Finder for Papers(What is CatalyzeX?)
DagsHub(What is DagsHub?)
Gotit.pub(What is GotitPub?)
Hugging Face(What is Huggingface?)
Papers with Code(What is Papers with Code?)
ScienceCast(What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower(What are Influence Flowers?)
CORE Recommender(What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community?Learn more about arXivLabs.