Lecture 10

Questions and Answers

What is the primary purpose of malware classification?

• To provide information about the source and motives of an adversary (correct)
• To eliminate the malware from a system
• To create a database of all known malware
• To detect malware in a system

What is the difference between malware detection and malware classification?

• Both detection and classification involve the same process
• Detection involves detecting malware, while classification assigns a class of malware to a given sample (correct)
• Detection and classification are two terms used interchangeably
• Classification involves detecting malware, while detection assigns a class of malware to a given sample

What was the initial number of features collected for malware classification?

• 9.53%
• 50 million (correct)
• 50 thousand
• 179,000

What was the dimensionality of the dataset after feature selection and random projections?

179,000 (A)

What was the best performing DNN architecture for malware classification?

A DNN with one hidden layer (A)

What was the error rate on malware type for the best performing DNN architecture?

9.53% (C)

What is the purpose of DGAs in malware tools?

To generate large numbers of domain names for difficult-to-track communications with C2 servers (C)

Why is it difficult to block malicious domains using standard techniques such as blacklisting or sink-holing?

Because DGAs generate large numbers of varying domain names (D)

What are some of the cyber-attacks that DGAs are used for?

Spam campaigns, theft of personal data, and implementation of distributed denial-of-service (DDoS) attacks (A)

What was the error rate on malware type for a DNN with nine layers?

97% (D)