Malware Analysis Using Artificial Intelligence and Deep Learning
暫譯: 使用人工智慧與深度學習的惡意程式分析

本書專注於使用深度學習 (DL) 和人工智慧 (AI) 作為工具，以推進惡意軟體檢測和分析領域。本書的各個章節涵蓋了各種最先進的 AI 和 DL 技術，這些技術應用於多個具有挑戰性的惡意軟體相關問題。基於 DL 和 AI 的惡意軟體檢測和分析方法主要是數據驅動的，因此對於惡意軟體的專家領域知識需求較少。

本書填補了 DL/AI 與惡意軟體分析之間的空白。它涵蓋了廣泛的現代和實用的 DL 和 AI 技術，包括框架和開發工具，使讀者能夠在多種惡意軟體（及相關）使用案例中，利用尖端研究進行創新。

Mark Stamp has extensive experience in information security and machine learning, having worked in these fields within academic, industrial, and government environments. After completing his PhD research in cryptography at Texas Tech University, he spent more than seven years as a cryptanalyst with the United States National Security Agency (NSA), followed by two years developing a digital rights management product for a Silicon Valley start-up company. Since 2002, Dr. Stamp has been a Professor in the Department of Computer Science at San Jose State University, where he teaches courses in machine learning and information security. To date, he has published more than 140 research papers, most of which deal with problems at the interface between machine learning and information security. Dr. Stamp served as co-editor of the Handbook of Information and Communication Security (Springer, 2010), and he is the author of four books, including a popular information security textbook (Information Security: Principles and Practice, 2nd edition, Wiley, 2011) and, most recently, a machine learning textbook (Introduction to Machine Learning with Applications in Information Security, Chapman and Hall/CRC, 2017).

Mamoun Alazab received his PhD degree in Computer Science from the Federation University of Australia, School of Science, Information Technology and Engineering. He is currently an Associate Professor in the College of Engineering, IT and Environment at Charles Darwin University, Australia. He is a cyber-security researcher and practitioner with industry and academic experience. Dr. Alazab's research is multidisciplinary, with a focus on cyber security and digital forensics of computer systems, including current and emerging issues in the cyber environment, such as cyber-physical systems and the Internet of Things. His research takes into consideration the unique challenges present in these environments, with an emphasis on cybercrime detection and prevention. He has a particular interest in the application of machine learning as an essential tool for cybersecurity, examples of which include detecting attacks, analyzing malicious code, and uncovering vulnerabilities in software. He is the Founder and the Chair of the IEEE Northern Territory Subsection (February 2019 - present), a Senior Member of the IEEE, Cybersecurity Academic Ambassador for Oman's Information Technology Authority (ITA), and Member of the IEEE Computer Society's Technical Committee on Security and Privacy (TCSP). In addition, he has collaborated with government and industry on many projects, including work with IBM, Trend Micro, Westpac, the Australian Federal Police (AFP), the Australian Communications and Media Authority (ACMA), Westpac, UNODC to name a few.

Andrii Shalaginov is a Researcher in Information Security and Digital Forensics at the Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, Norwegian University of Science and Technology (NTNU). Dr. Shalaginov was awarded the PhD degree in Information Security from NTNU in February 2018. During the last decade, Dr. Shalaginov's focus has been on the fields of cybercrime investigation and intelligent malware detection. His primary expertise is in static and dynamic malware analysis, development of machine learning-aided intelligent computer virus detection models, and similarity-based categorization of cyberattacks in the Internet of Things. Further, Dr. Shalaginov has worked as a security researcher for UNICRI/EUIPO on malware analysis for copyright-infringing websites. He was nominated as a representative from Norway at COST Action CA17124 "DigForAsp - Digital forensics: evidence analysis via intelligent systems and practices". In 2018, Dr. Shalaginov, together with his NTNU team, received an award for first place in the "Future of Smart Policing" hackathon competition sponsored by INTERPOL (Singapore). Dr. Shalaginov also holds a second Master's Degree in Information Security (Digital Forensics) from Gjøvik University College (GUC), and he received BSc and MSc degrees in System Designing from the National Technical University of Ukraine "Kyiv Polytechnic Institute", Department of Computer-Aided Design. Finally, Dr. Shalaginov is LE-1/LPIC-1 certified and has extensive industry experience, including work at Samsung R&D Center.

**Mark Stamp** 在資訊安全和機器學習領域擁有豐富的經驗，曾在學術界、工業界和政府機構工作。完成德州科技大學的密碼學博士研究後，他在美國國家安全局（NSA）擔任密碼分析師超過七年，隨後在一家矽谷初創公司開發數位版權管理產品兩年。自2002年以來，Stamp博士一直是聖荷西州立大學計算機科學系的教授，教授機器學習和資訊安全相關課程。迄今為止，他已發表超過140篇研究論文，大多數論文涉及機器學習與資訊安全之間的問題。Stamp博士曾擔任《資訊與通信安全手冊》（Springer, 2010）的共同編輯，並著有四本書籍，包括一本受歡迎的資訊安全教科書《資訊安全：原則與實踐》（第二版，Wiley, 2011）以及最近出版的機器學習教科書《機器學習導論：在資訊安全中的應用》（Chapman and Hall/CRC, 2017）。

**Mamoun Alazab** 於澳大利亞聯邦大學科學、資訊技術與工程學院獲得計算機科學博士學位。目前，他是澳大利亞查爾斯達爾文大學工程、資訊技術與環境學院的副教授。他是一位擁有產業和學術經驗的網路安全研究者和實踐者。Alazab博士的研究是多學科的，專注於計算機系統的網路安全和數位取證，包括網路環境中的當前和新興問題，如網路物理系統和物聯網。他的研究考慮到這些環境中存在的獨特挑戰，強調網路犯罪的檢測和預防。他特別關注機器學習作為網路安全的重要工具的應用，例子包括檢測攻擊、分析惡意代碼和發現軟體中的漏洞。他是IEEE北領地分會的創始人和主席（2019年2月至今），IEEE的高級會員，阿曼資訊技術管理局（ITA）的網路安全學術大使，以及IEEE計算機學會安全與隱私技術委員會（TCSP）的成員。此外，他還與政府和產業合作了許多項目，包括與IBM、趨勢科技、西太平洋銀行、澳大利亞聯邦警察（AFP）、澳大利亞通訊與媒體管理局（ACMA）、西太平洋銀行、聯合國毒品和犯罪問題辦公室（UNODC）等的合作。

**Andrii Shalaginov** 是挪威科技大學（NTNU）資訊安全與通信技術系的資訊安全和數位取證研究員。Shalaginov博士於2018年2月獲得NTNU的資訊安全博士學位。在過去十年中，Shalaginov博士專注於網路犯罪調查和智能惡意軟體檢測領域。他的主要專長在於靜態和動態惡意軟體分析、開發機器學習輔助的智能電腦病毒檢測模型，以及物聯網中網路攻擊的相似性分類。此外，Shalaginov博士曾擔任UNICRI/EUIPO的安全研究員，負責對侵犯版權網站的惡意軟體分析。他被提名為挪威在COST行動CA17124「DigForAsp - 數位取證：通過智能系統和實踐進行證據分析」的代表。2018年，Shalaginov博士與他的NTNU團隊在INTERPOL（新加坡）贊助的「未來智能警務」黑客馬拉松競賽中獲得第一名獎項。Shalaginov博士還擁有Gjøvik大學學院（GUC）資訊安全（數位取證）第二個碩士學位，並在烏克蘭國立技術大學「基輔理工學院」的計算機輔助設計系獲得學士和碩士學位。最後，Shalaginov博士擁有LE-1/LPIC-1認證，並擁有豐富的產業經驗，包括在三星研發中心的工作。