1st ACM Workshop on Robust Malware Analysis
WoRMA 2022
- URL: https://worma.gitlab.io/2022/
- Event Date: 2022-05-30 ~ 2022-05-30
- Submission Date: 2022-01-12
- Location: Nagasaki, Japan
1st ACM Workshop on Robust Malware Analysis (WoRMA)
co-located with ACM AsiaCCS
# Important Dates
- Paper submission deadline: January 12, 2022; 11:59 PM (AoE, UTC-12)
- Acceptance notification: February 23, 2022; 11:59 PM (AoE, UTC-12)
- Camera ready due: March 7, 2022; 11:59 PM (AoE, UTC-12)
- Workshop date: May 30, 2022
# Overview
Malware research is a discipline of information security that aims to provide protection against unwanted and dangerous software. Since the mid-1980s, researchers in this area are leading a technological arms race against creators of malware. Many ideas have been proposed, to varying degrees of effectiveness, from more traditional systems security and program analysis to the use of AI and Machine Learning. Nevertheless, with increased technological complexity and despite more sophisticated defenses, malware’s impact has grown, rather than shrunk. It appears that the defenders are continually reacting to yesterday’s threats, only to be surprised by their today’s minor variations.
This lack of robustness is most apparent in signature matching, where malware is represented by a characteristic substring. The fundamental limitation of this approach is its reliance on falsifiable evidence. Mutating the characteristic substring, i.e., falsifying the evidence, is effective in evading detection, and cheaper than discovering the substring in the first place. Unsurprisingly, the same limitation applies to malware detectors based on machine learning, as long as they rely on falsifiable features for decision-making. Robust malware features are necessary.
Furthermore, robust methods for malware classification and analysis are needed across the board to overcome phenomena including, but not limited to, concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, and adversarial machine learning, while supporting robust explanations. This workshop solicits work that aims to advance robust malware analysis, with the goal of creating long-term solutions to the threats of today’s digital environment. Potential research directions are malware detection, benchmark datasets, environments for malware arms race simulation, and exploring limitations of existing work, among others.
# Topics of Interest
Topics of interest include (but are not limited to):
## Malware Analysis
Topics related to understanding the malicious actions exhibited by malware:
- Identification of malware behaviors
- Identification of code modules which implement specific behaviors
- Unsupervised behavior identification
- Machine Learning and AI for behavior identification
- Reliable parsing of file formats and program code
- De-obfuscation and de-cloaking of malware
- Robust static and dynamic code analysis
- Feature extraction in presence of adversaries
- Robust signature generation and matching
## Malware Detection
Topics related to techniques for malware detection:
- Developing robust malware detection, malware family recognition, identification of novel malware families
- Network-based malware analysis
- Host-based malware analysis
- Malware datasets: publication of new datasets for detection, e.g., family recognition, new family identification, behavior identification, generalization ability
## Malware Attribution
- Topics exploring methods and techniques to confidently attribute a piece of malware to its creators:
- Binary and source-code attribution
- Adversarial attribution
## Malware Arms Race
Topics related to the malware arms race:
- Virtual malware arms race environments and competition reports – automated bots of malware and detectors simultaneously attacking and defending networked hosts, adaptively co-evolving in their quest towards supremacy
- Automated countermeasures to malware anti-analysis techniques, e.g., packing, anti-debugging, anti-emulation
- Bypassing anti-malware (anti-virus), e.g., via problem-space adversarial modifications
## Limitations of Malware Analysis
Topics exploring the limitations of existing research:
- Experiments demonstrating the limitations in robustness of existing methods (for detection, unpacking, behavior analysis, etc.), datasets, defenses
- Machine learning-based malware analysis and adversarial machine learning
- Overcoming limitations – demonstrating methods resilient to, e.g., concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, adversarial machine learning
# Submission Guidelines
We invite the following types of papers:
- Original Research papers, which are expected to be 8 pages, not exceeding 12 pages in double-column ACM format including the references and appendices. This category of papers should describe original work that is not previously published or concurrently submitted elsewhere.
- Position or open-problem paper, of up to 6 pages, using the same template (title for this category must include the text "Position Paper” at the beginning). Position research papers aim at fostering discussion and collaboration by presenting preliminary research activities, work in progress and/or industrial innovations. Position research papers may summarize research results published elsewhere or outline new emerging ideas.
Submissions must be anonymous (double-blind review), and authors should refer to their previous work in the third-person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or conference with proceedings.
Papers should be in LaTeX and we recommend using the ACM format. This format is required for the camera-ready version. Please follow the main CCS formatting instructions (except with page limits as described above). In particular, we recommend using the sigconf template, which can be downloaded from https://www.acm.org/publications/proceedings-template.
Accepted papers will be published by the ACM Digital Library and/or ACM Press. One author of each accepted paper is required to attend the workshop and present the paper for it to be included in the proceedings. Committee members are not required to read the appendices, so the paper should be intelligible without them. Submissions must be in English and properly anonymized.
# COMMITTEE
## Workshop Program Chairs
Fabio Pierazzi, King's College London, UK
Nedim Šrndić, Huawei Technologies, Germany
## Steering Committee
Lorenzo Cavallaro, University College London, UK
Pavel Laskov, University of Liechtenstein, Liechtenstein
Konrad Rieck, TU Braunschweig, Germany
Daniele Sgandurra, Huawei Technologies, Germany
## Program Committee
Giovanni Apruzzese, University of Liechtenstein, Liechtenstein
Daniel Arp, TU Berlin, Germany
Battista Biggio, University of Cagliari, Italy
Kevin Borgolte, Ruhr-University Bochum, Germany
Raphael Labaca Castro, Research Institute CODE - Universität der Bundeswehr München, Germany
Yizheng Chen, University of California, Berkeley, USA
Kathrin Grosse, University of Cagliari, Italy
Andrea Lanzi, University of Milan, Italy
Martina Lindorfer, TU Wien, Austria
Davide Maiorca, University of Cagliari, Italy
Enrico Mariconti, University College London, UK
Brad Miller, Google, USA
Luis Muñoz-González, Imperial College London, UK
Blaine Nelson, Robust Intelligence, USA
Feargus Pendlebury, University College London & Royal Holloway, University of London, UK
Erwin Quiring, TU Braunschweig, Germany
Christian Wressnegger, Karlsruhe Institute of Technology, Germany
co-located with ACM AsiaCCS
# Important Dates
- Paper submission deadline: January 12, 2022; 11:59 PM (AoE, UTC-12)
- Acceptance notification: February 23, 2022; 11:59 PM (AoE, UTC-12)
- Camera ready due: March 7, 2022; 11:59 PM (AoE, UTC-12)
- Workshop date: May 30, 2022
# Overview
Malware research is a discipline of information security that aims to provide protection against unwanted and dangerous software. Since the mid-1980s, researchers in this area are leading a technological arms race against creators of malware. Many ideas have been proposed, to varying degrees of effectiveness, from more traditional systems security and program analysis to the use of AI and Machine Learning. Nevertheless, with increased technological complexity and despite more sophisticated defenses, malware’s impact has grown, rather than shrunk. It appears that the defenders are continually reacting to yesterday’s threats, only to be surprised by their today’s minor variations.
This lack of robustness is most apparent in signature matching, where malware is represented by a characteristic substring. The fundamental limitation of this approach is its reliance on falsifiable evidence. Mutating the characteristic substring, i.e., falsifying the evidence, is effective in evading detection, and cheaper than discovering the substring in the first place. Unsurprisingly, the same limitation applies to malware detectors based on machine learning, as long as they rely on falsifiable features for decision-making. Robust malware features are necessary.
Furthermore, robust methods for malware classification and analysis are needed across the board to overcome phenomena including, but not limited to, concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, and adversarial machine learning, while supporting robust explanations. This workshop solicits work that aims to advance robust malware analysis, with the goal of creating long-term solutions to the threats of today’s digital environment. Potential research directions are malware detection, benchmark datasets, environments for malware arms race simulation, and exploring limitations of existing work, among others.
# Topics of Interest
Topics of interest include (but are not limited to):
## Malware Analysis
Topics related to understanding the malicious actions exhibited by malware:
- Identification of malware behaviors
- Identification of code modules which implement specific behaviors
- Unsupervised behavior identification
- Machine Learning and AI for behavior identification
- Reliable parsing of file formats and program code
- De-obfuscation and de-cloaking of malware
- Robust static and dynamic code analysis
- Feature extraction in presence of adversaries
- Robust signature generation and matching
## Malware Detection
Topics related to techniques for malware detection:
- Developing robust malware detection, malware family recognition, identification of novel malware families
- Network-based malware analysis
- Host-based malware analysis
- Malware datasets: publication of new datasets for detection, e.g., family recognition, new family identification, behavior identification, generalization ability
## Malware Attribution
- Topics exploring methods and techniques to confidently attribute a piece of malware to its creators:
- Binary and source-code attribution
- Adversarial attribution
## Malware Arms Race
Topics related to the malware arms race:
- Virtual malware arms race environments and competition reports – automated bots of malware and detectors simultaneously attacking and defending networked hosts, adaptively co-evolving in their quest towards supremacy
- Automated countermeasures to malware anti-analysis techniques, e.g., packing, anti-debugging, anti-emulation
- Bypassing anti-malware (anti-virus), e.g., via problem-space adversarial modifications
## Limitations of Malware Analysis
Topics exploring the limitations of existing research:
- Experiments demonstrating the limitations in robustness of existing methods (for detection, unpacking, behavior analysis, etc.), datasets, defenses
- Machine learning-based malware analysis and adversarial machine learning
- Overcoming limitations – demonstrating methods resilient to, e.g., concept drift (malware evolution), polymorphism, new malware families, new anti-analysis techniques, adversarial machine learning
# Submission Guidelines
We invite the following types of papers:
- Original Research papers, which are expected to be 8 pages, not exceeding 12 pages in double-column ACM format including the references and appendices. This category of papers should describe original work that is not previously published or concurrently submitted elsewhere.
- Position or open-problem paper, of up to 6 pages, using the same template (title for this category must include the text "Position Paper” at the beginning). Position research papers aim at fostering discussion and collaboration by presenting preliminary research activities, work in progress and/or industrial innovations. Position research papers may summarize research results published elsewhere or outline new emerging ideas.
Submissions must be anonymous (double-blind review), and authors should refer to their previous work in the third-person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or conference with proceedings.
Papers should be in LaTeX and we recommend using the ACM format. This format is required for the camera-ready version. Please follow the main CCS formatting instructions (except with page limits as described above). In particular, we recommend using the sigconf template, which can be downloaded from https://www.acm.org/publications/proceedings-template.
Accepted papers will be published by the ACM Digital Library and/or ACM Press. One author of each accepted paper is required to attend the workshop and present the paper for it to be included in the proceedings. Committee members are not required to read the appendices, so the paper should be intelligible without them. Submissions must be in English and properly anonymized.
# COMMITTEE
## Workshop Program Chairs
Fabio Pierazzi, King's College London, UK
Nedim Šrndić, Huawei Technologies, Germany
## Steering Committee
Lorenzo Cavallaro, University College London, UK
Pavel Laskov, University of Liechtenstein, Liechtenstein
Konrad Rieck, TU Braunschweig, Germany
Daniele Sgandurra, Huawei Technologies, Germany
## Program Committee
Giovanni Apruzzese, University of Liechtenstein, Liechtenstein
Daniel Arp, TU Berlin, Germany
Battista Biggio, University of Cagliari, Italy
Kevin Borgolte, Ruhr-University Bochum, Germany
Raphael Labaca Castro, Research Institute CODE - Universität der Bundeswehr München, Germany
Yizheng Chen, University of California, Berkeley, USA
Kathrin Grosse, University of Cagliari, Italy
Andrea Lanzi, University of Milan, Italy
Martina Lindorfer, TU Wien, Austria
Davide Maiorca, University of Cagliari, Italy
Enrico Mariconti, University College London, UK
Brad Miller, Google, USA
Luis Muñoz-González, Imperial College London, UK
Blaine Nelson, Robust Intelligence, USA
Feargus Pendlebury, University College London & Royal Holloway, University of London, UK
Erwin Quiring, TU Braunschweig, Germany
Christian Wressnegger, Karlsruhe Institute of Technology, Germany
Journal Promotion
|
| Acta Koreana (Acta Koreana) |
|
| Acta Via Serica (AVS) |
|
| Computers and Concrete (CAC) |
|
| Journal of Information Processing Systems (JIPS) |
|
| Journal of Internet Computing and Services (KSII - JICS) |
|
| Journal of Smart Tourism (Smart Tourism) |
|
| Membrane and Water Treatment (MWT) |
|
| Wind and Structures, An International Journal (Wind and Structures) |
MANUSCRIPTLINK © 2015 -
