Suggestions in Courses

See all course results

Suggestions in News

  • No suggestions found.

Suggestions in Events

See all events results
London Met Website

Reinforcement learning for an efficient and effective malware investigation during cyber Incident response

Lists
Tools

Dunsin, Dipo, Ghanem, Mohamed Chahine, Ouazzane, Karim and Vassilev, Vassil (2024) Reinforcement learning for an efficient and effective malware investigation during cyber Incident response. High-Confidence Computing. ISSN 2667-2952 (In Press)

Abstract

The ever-escalating prevalence of malware is a serious cybersecurity threat, often requiring advanced post-incident forensic investigation techniques. This paper proposes a framework to enhance malware forensics by leveraging reinforcement learning (RL). The approach combines heuristic and signaturebased methods, supported by RL through a unified MDP model,
which breaks down malware analysis into distinct states and actions. This optimisation enhances the identification and classification of malware variants. The framework employs Q-learning and other techniques to boost the speed and accuracy of detecting new and unknown malware, outperforming traditional methods. We tested the experimental framework across multiple virtual environments infected with various malware types. The RL agent collected forensic evidence and improved its performance through
Q-tables and temporal difference learning. The epsilon-greedy exploration strategy, in conjunction with Q-learning updates, effectively facilitated transitions. The learning rate depended on the complexity of the MDP environment: higher in simpler ones for quicker convergence and lower in more complex ones for stability. This RL-enhanced model significantly reduced the time required for post-incident malware investigations, achieving a high accuracy rate of 94% in identifying malware. These results indicate RL’s potential to revolutionise post-incident forensics investigations in cybersecurity. Future work will incorporate more advanced RL algorithms and large language models (LLMs) to further enhance the effectiveness of malware forensic analysis.

Documents
9838:50156
[thumbnail of Reinforcement_Learning_for_an_Efficient_and_Effective_Malware_Investigation_during_Cyber_Incident_Response-ACCEPTED.pdf]
Reinforcement_Learning_for_an_Efficient_and_Effective_Malware_Investigation_during_Cyber_Incident_Response-ACCEPTED.pdf - Accepted Version
Restricted to Repository staff only until 15 May 2025.
Available under License Creative Commons Attribution 4.0.

Download (4MB) | Request a copy
Details
Title:
Reinforcement learning for an efficient and effective malware investigation during cyber Incident response
Creators:
Dunsin, Dipo, Ghanem, Mohamed Chahine, Ouazzane, Karim and Vassilev, Vassil
Official URL:
https://www.sciencedirect.com/journal/high-confide...
Date:
15 November 2024
Subjects:
000 Computer science, information & general works
300 Social sciences > 340 Law
600 Technology > 620 Engineering & allied operations
Department:
School of Computing and Digital Media
Publisher:
Elsevier
Uncontrolled Keywords:
Cyber Incident, Digital Forensics, Artificial Intelligence, Reinforcement Learning, Markov Chain, MDP, DFIR, Malware, Incident Response.
Record
URI:
https://repository.londonmet.ac.uk/id/eprint/9838
Item Type:
Article
Depositing User:
Mohamed Ghanem
Date Deposited:
15 Nov 2024 10:29
Revision:
21
Last Modified:
15 Nov 2024 10:29
View Item View Item
CORE (COnnecting REpositories)