Functional Cognitive Models of Malware Identification


An important source of constraints on unified theories of cognition is their ability to perform complex tasks that are challenging for humans. Malware reverse-engineering is an important type of analysis in the domain of cyber-security. Rapidly identifying the tasks that a piece of malware is designed to perform is an important part of reverse engineering that is manually performed in practice as it relies heavily on human intuition. We present an automated approach to malware task identification using two different approaches using ACT-R cognitive models. Against a real-world malware dataset, these cognitive models significantly out-perform baseline approaches while demonstrating key cognitive characteristics such as the ability to generalize to new categories and to quickly adapt to a change of environment. Finally, we discuss the implications of our approach for applying cognitive models to complex tasks.