Improving malicious email detection through novel designated deep-learning architectures utilizing entire email.

In today's email dependent world, cyber criminals often target organizations using a variety of social engineering techniques and specially crafted malicious emails. When successful, such attacks can result in significant harm to physical and digital systems and assets, the leakage of sensitive information, reputation damage, and financial loss. Despite the plethora of studies on the detection of phishing attacks and malicious links in emails, there are no solutions capable of effectively, quickly, and accurately coping with more complex email-based attacks, such as malicious email attachments. This paper presents the first fully automated malicious email detection framework using deep ensemble learning to analyze all email segments (body, header, and attachments); this eliminates the need for human expert intervention for feature engineering. In this paper, we also demonstrate how an ensemble framework of deep learning classifiers each of which are trained on specific portions of an email (thereby independently utilizing the entire email) can generalize better than popular email analysis methods that analyze just a specific portion of the email for analysis. The proposed framework is evaluated comprehensively and with an AUC of 0.993, the proposed framework's results surpass state-of-the-art malicious email detection methods, including human expert feature-based machine learning models by a TPR of 5%.

Personalized insulin dose manipulation attack and its detection using interval-based temporal patterns and machine learning algorithms.

Many patients with diabetes are currently being treated with insulin pumps and other diabetes devices which improve their quality of life and enable effective treatment of diabetes. These devices are connected wirelessly and thus, are vulnerable to cyber-attacks which have already been proven feasible. In this paper, we focus on two types of cyber-attacks on insulin pump systems: an overdose of insulin, which can cause hypoglycemia, and an underdose of insulin, which can cause hyperglycemia. Both of these attacks can result in a variety of complications and endanger a patient's life. Specifically, we propose a sophisticated and personalized insulin dose manipulation attack; this attack is based on a novel method of predicting the blood glucose (BG) level in response to insulin dose administration. To protect patients from the proposed sophisticated and malicious insulin dose manipulation attacks, we also present an automated machine learning based system for attack detection; the detection system is based on an advanced temporal pattern mining process, which is performed on the logs of real insulin pumps and continuous glucose monitors (CGMs). Our multivariate time-series data (MTSD) collection consists of 225,780 clinical logs, collected from real insulin pumps and CGMs of 47 patients with type I diabetes (13 adults and 34 children) from two different clinics at Soroka University Medical Center in Beer-Sheva, Israel over a four-year period. We enriched our data collection with additional relevant medical information related to the subjects. In the extensive experiments performed, we evaluated the proposed attack and detection system and examined whether: (1) it is possible to accurately predict BG levels in order to create malicious data that simulate a manipulation attack and the patient's body in response to it; (2) it is possible to automatically detect such attacks based on advanced machine learning (ML) methods that leverage temporal patterns; (3) the detection capabilities of the proposed detection system differ for insulin overdose and underdose attacks; and (4) the granularity of the learning model (general / adult vs. pediatric clinic / individual patient) affects the detection capabilities. Our results show that (a) it is possible to predict, with nearly 90% accuracy, BG levels using our proposed methods, and by doing so, enable malicious data creation for our detection system evaluation; (b) it is possible to accurately detect insulin manipulation attacks using temporal patterns mining using several ML methods, including Logistic Regression, Random Forest, TPF class model, TPF top k, and ANN algorithms; (c) it is easier to detect an overdose attack than an underdose attack in more than 25%, in terms of AUC scores; and (d) the adult vs. pediatric model outperformed models of other granularities in the detection of overdose attacks, while the general model outperformed the other models in the case of detecting underdose attacks; for both attacks, attack detection among children was found to be more challenging than among adults. In addition to its use in the evaluation of our detection system, the proposed BG prediction method has great importance in the medical domain where it can contribute to improved care of patients with diabetes.

Cardio-ML: Detection of malicious clinical programmings aimed at cardiac implantable electronic devices based on machine learning and a missing values resemblance framework.

Patients with life-threatening arrhythmias are often treated with cardiac implantable electronic devices (CIEDs), such as pacemakers and implantable cardioverter defibrillators (ICDs). Recent advancements in CIEDs have enabled advanced functionality and connectivity that make such devices (particularly ICDs) vulnerable to cyber-attacks. One of the most dangerous attacks on CIED ecosystems is a data manipulation attack from a compromised programmer device that sends malicious clinical programmings to the CIED. Such attacks can affect the CIED functioning and impact patient's survival and quality of life. In this paper, we propose Cardio-ML - an automated system for the detection of malicious clinical programmings that is based on machine learning algorithms and a novel missing values resemblance framework. Our system is designed to detect new variants of existing attacks and, more importantly, new unknown (zero-day) attacks, aimed at ICDs. We collected 1651 legitimate clinical programmings from 514 patients, over a four-year period, from programmer devices at two medical centers. Our collection also includes 28 core malicious functionalities created by cardiac electrophysiology experts that were later used to create different variants of malicious programmings. Cardio-ML was evaluated extensively in three comprehensive experiments and showed high detection capabilities in most attack scenarios. We achieved perfect classification results for detecting newly created variants of existing core malicious functionalities, with an AUC of 100%; for completely new unknown (zero-day) malicious clinical programmings, an AUC of 80% was obtained, which is 14% better than the state-of-the-art method. We were able to further improve our detection results by identifying the best combination of legitimate and zero-day malicious programmings in the dataset, achieving an AUC of 87%. CIED clinical programmings have many parameters without values for a large number of samples (programmings). To cope with the extreme amount of missing values in our dataset, we developed a novel missing values-based resemblance framework and evaluated it using three dataset-creation approaches: a standard expert-driven approach, our novel data-driven approach, and a combined approach incorporating both approaches. The results showed that our novel framework handles missing values in the data better than the expert-driven approach which yields an empty dataset. In particular, the combined approach showed a 40% improvement in data utilization compared to the data-driven approach.

Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments.

Since the beginning of the 21st century, the use of cloud computing has increased rapidly, and it currently plays a significant role among most organizations' information technology (IT) infrastructure. Virtualization technologies, particularly virtual machines (VMs), are widely used and lie at the core of cloud computing. While different operating systems can run on top of VM instances, in public cloud environments the Linux operating system is used 90% of the time. Because of their prevalence, organizational Linux-based virtual servers have become an attractive target for cyber-attacks, mainly launched by sophisticated malware designed at causing harm, sabotaging operations, obtaining data, or gaining financial profit. This has resulted in the need for an advanced and reliable unknown malware detection mechanism for Linux cloud-based environments. Antivirus software and today's even more advanced malware detection solutions have limitations in detecting new, unseen, and evasive malware. Moreover, many existing solutions are considered untrusted, as they operate on the inspected machine and can be interfered with, and can even be detected by the malware itself, allowing malware to evade detection and cause damage. In this paper, we propose Deep-Hook, a trusted framework for unknown malware detection in Linux-based cloud environments. Deep-Hook hooks the VM's volatile memory in a trusted manner and acquires the memory dump to discover malware footprints while the VM operates. The memory dumps are transformed into visual images which are analyzed using a convolutional neural network (CNN) based classifier. The proposed framework has some key advantages, such as its agility, its ability to eliminate the need for features defined by a cyber domain expert, and most importantly, its ability to analyze the entire memory dump and thus to better utilize the existing indication it conceals, thus allowing the induction of a more accurate detection model. Deep-Hook was evaluated on widely used Linux virtual servers; four state-of-the-art CNN architectures; eight image resolutions; and a total of 22,400 volatile memory dumps representing the execution of a broad set of benign and malicious Linux applications. Our experimental evaluation results demonstrate Deep-Hook's ability to effectively, efficiently, and accurately detect and classify unknown malware (even evasive malware like rootkits), with an AUC and accuracy of up to 99.9%.

ASSAF: Advanced and Slim StegAnalysis Detection Framework for JPEG images based on deep convolutional denoising autoencoder and Siamese networks.

Steganography is the art of embedding a confidential message within a host message. Modern steganography is focused on widely used multimedia file formats, such as images, video files, and Internet protocols. Recently, cyber attackers have begun to include steganography (for communication purposes) in their arsenal of tools for evading detection. Steganalysis is the counter-steganography domain which aims at detecting the existence of steganography within a host file. The presence of steganography in files raises suspicion regarding the file itself, as well as its origin and receiver, and might be an indication of a sophisticated attack. The JPEG file format is one of the most popular image file formats and thus is an attractive and commonly used carrier for steganography embedding. State-of-the-art JPEG steganalysis methods, which are mainly based on neural networks, are limited in their ability to detect sophisticated steganography use cases. In this paper, we propose ASSAF, a novel deep neural network architecture composed of a convolutional denoising autoencoder and a Siamese neural network, specially designed to detect steganography in JPEG images. We focus on detecting the J-UNIWARD method, which is one of the most sophisticated adaptive steganography methods used today. We evaluated our novel architecture using the BOSSBase dataset, which contains 10,000 JPEG images, in eight different use cases which combine different JPEG's quality factors and embedding rates (bpnzAC). Our results show that ASSAF can detect stenography with high accuracy rates, outperforming, in all eight use cases, the state-of-the-art steganalysis methods by 6% to 40%.

Deep feature transfer learning for trusted and automated malware signature generation in private cloud environments.

This paper presents TrustSign, a novel, trusted automatic malware signature generation method based on high-level deep features transferred from a VGG-19 neural network model pretrained on the ImageNet dataset. While traditional automatic malware signature generation techniques rely on static or dynamic analysis of the malware's executable, our method overcomes the limitations associated with these techniques by producing signatures based on the presence of the malicious process in the volatile memory. By leveraging the cloud's virtualization technology, TrustSign analyzes the malicious process in a trusted manner, since the malware is unaware and cannot interfere with the inspection procedure. Additionally, by removing the dependency on the malware's executable, our method is fully capable of signing fileless malware as well. TrustSign's signature generation process does not require feature engineering or any additional model training, and it is done in a completely unsupervised manner, eliminating the need for a human expert. Because of this, our method has the advantage of dramatically reducing signature generation and distribution time. In fact, in this paper we rethink the typical use of deep convolutional neural networks and use the VGG-19 model as a topological feature extractor for a vastly different task from the one it was trained for. The results of our experimental evaluation demonstrate TrustSign's ability to generate signatures impervious to the process state over time. By using the signatures generated by TrustSign as input for various supervised classifiers, we achieved up to 99.5% classification accuracy.

Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems.

Today, personal medical devices (PMDs) play an increasingly important role in healthcare ecosystems as patient life support equipment. As a result of technological advances, PMDs now encompass many components and functionalities that open the door to a variety of cyber-attacks. In this paper we present a taxonomy of ten widely-used PMDs based on the five diseases they were designed to treat. We also provide a comprehensive survey that covers 17 possible attacks aimed at PMDs, as well as the attacks' building blocks. For each PMD type, we create an ecosystem and data and attack flow diagram, which comprehensively describes the roles and interactions of the players associated with the PMD and presents the most vulnerable vectors and components within the PMDs' ecosystems; such knowledge can increase security awareness among PMD users and their healthcare providers. We also present the basic, yet important, building blocks that constitute the steps by which each of the attacks presented is carried out. Doing so allowed us to establish the foundations for the future development of a novel risk analysis methodology for medical devices. For each attack we mapped the building blocks required to carry out the attack and found that 50% of the attacks rely upon the ability to remotely connect to the PMD, while 61% of them rely on the physical proximity of the attacker to the PMD. Finally, by surveying 21 existing security mechanisms and mapping their coverage for the attacks, we identify the gaps between PMDs' security mechanisms and the possible attacks. We show that current security mechanisms generally fail to provide protection from all of the attacks against PMDs and suggest the development of a comprehensive framework to secure PMDs and protect the patients that rely upon them.

Inter-labeler and intra-labeler variability of condition severity classification models using active and passive learning methods.

BACKGROUND AND OBJECTIVES: Labeling instances by domain experts for classification is often time consuming and expensive. To reduce such labeling efforts, we had proposed the application of active learning (AL) methods, introduced our CAESAR-ALE framework for classifying the severity of clinical conditions, and shown its significant reduction of labeling efforts. The use of any of three AL methods (one well known [SVM-Margin], and two that we introduced [Exploitation and Combination_XA]) significantly reduced (by 48% to 64%) condition labeling efforts, compared to standard passive (random instance-selection) SVM learning. Furthermore, our new AL methods achieved maximal accuracy using 12% fewer labeled cases than the SVM-Margin AL method. However, because labelers have varying levels of expertise, a major issue associated with learning methods, and AL methods in particular, is how to best to use the labeling provided by a committee of labelers. First, we wanted to know, based on the labelers' learning curves, whether using AL methods (versus standard passive learning methods) has an effect on the Intra-labeler variability (within the learning curve of each labeler) and inter-labeler variability (among the learning curves of different labelers). Then, we wanted to examine the effect of learning (either passively or actively) from the labels created by the majority consensus of a group of labelers. METHODS: We used our CAESAR-ALE framework for classifying the severity of clinical conditions, the three AL methods and the passive learning method, as mentioned above, to induce the classifications models. We used a dataset of 516 clinical conditions and their severity labeling, represented by features aggregated from the medical records of 1.9 million patients treated at Columbia University Medical Center. We analyzed the variance of the classification performance within (intra-labeler), and especially among (inter-labeler) the classification models that were induced by using the labels provided by seven labelers. We also compared the performance of the passive and active learning models when using the consensus label. RESULTS: The AL methods: produced, for the models induced from each labeler, smoother Intra-labeler learning curves during the training phase, compared to the models produced when using the passive learning method. The mean standard deviation of the learning curves of the three AL methods over all labelers (mean: 0.0379; range: [0.0182 to 0.0496]), was significantly lower (p=0.049) than the Intra-labeler standard deviation when using the passive learning method (mean: 0.0484; range: [0.0275-0.0724). Using the AL methods resulted in a lower mean Inter-labeler AUC standard deviation among the AUC values of the labelers' different models during the training phase, compared to the variance of the induced models' AUC values when using passive learning. The Inter-labeler AUC standard deviation, using the passive learning method (0.039), was almost twice as high as the Inter-labeler standard deviation using our two new AL methods (0.02 and 0.019, respectively). The SVM-Margin AL method resulted in an Inter-labeler standard deviation (0.029) that was higher by almost 50% than that of our two AL methods The difference in the inter-labeler standard deviation between the passive learning method and the SVM-Margin learning method was significant (p=0.042). The difference between the SVM-Margin and Exploitation method was insignificant (p=0.29), as was the difference between the Combination_XA and Exploitation methods (p=0.67). Finally, using the consensus label led to a learning curve that had a higher mean intra-labeler variance, but resulted eventually in an AUC that was at least as high as the AUC achieved using the gold standard label and that was always higher than the expected mean AUC of a randomly selected labeler, regardless of the choice of learning method (including a passive learning method). Using a paired t-test, the difference between the intra-labeler AUC standard deviation when using the consensus label, versus that value when using the other two labeling strategies, was significant only when using the passive learning method (p=0.014), but not when using any of the three AL methods. CONCLUSIONS: The use of AL methods, (a) reduces intra-labeler variability in the performance of the induced models during the training phase, and thus reduces the risk of halting the process at a local minimum that is significantly different in performance from the rest of the learned models; and (b) reduces Inter-labeler performance variance, and thus reduces the dependence on the use of a particular labeler. In addition, the use of a consensus label, agreed upon by a rather uneven group of labelers, might be at least as good as using the gold standard labeler, who might not be available, and certainly better than randomly selecting one of the group's individual labelers. Finally, using the AL methods: when provided by the consensus label reduced the intra-labeler AUC variance during the learning phase, compared to using passive learning.

Improving condition severity classification with an efficient active learning based framework.

Classification of condition severity can be useful for discriminating among sets of conditions or phenotypes, for example when prioritizing patient care or for other healthcare purposes. Electronic Health Records (EHRs) represent a rich source of labeled information that can be harnessed for severity classification. The labeling of EHRs is expensive and in many cases requires employing professionals with high level of expertise. In this study, we demonstrate the use of Active Learning (AL) techniques to decrease expert labeling efforts. We employ three AL methods and demonstrate their ability to reduce labeling efforts while effectively discriminating condition severity. We incorporate three AL methods into a new framework based on the original CAESAR (Classification Approach for Extracting Severity Automatically from Electronic Health Records) framework to create the Active Learning Enhancement framework (CAESAR-ALE). We applied CAESAR-ALE to a dataset containing 516 conditions of varying severity levels that were manually labeled by seven experts. Our dataset, called the "CAESAR dataset," was created from the medical records of 1.9 million patients treated at Columbia University Medical Center (CUMC). All three AL methods decreased labelers' efforts compared to the learning methods applied by the original CAESER framework in which the classifier was trained on the entire set of conditions; depending on the AL strategy used in the current study, the reduction ranged from 48% to 64% that can result in significant savings, both in time and money. As for the PPV (precision) measure, CAESAR-ALE achieved more than 13% absolute improvement in the predictive capabilities of the framework when classifying conditions as severe. These results demonstrate the potential of AL methods to decrease the labeling efforts of medical experts, while increasing accuracy given the same (or even a smaller) number of acquired conditions. We also demonstrated that the methods included in the CAESAR-ALE framework (Exploitation and Combination_XA) are more robust to the use of human labelers with different levels of professional expertise.