Actas de congresos
Pinpointing Malicious Activities Through Network And System-level Malware Execution Behavior
Registro en:
9783642311277
Lecture Notes In Computer Science (including Subseries Lecture Notes In Artificial Intelligence And Lecture Notes In Bioinformatics). , v. 7336 LNCS, n. PART 4, p. 274 - 285, 2012.
3029743
10.1007/978-3-642-31128-4_20
2-s2.0-84863904235
Autor
Gregio A.R.A.
Afonso V.M.
Filho D.S.F.
De Geus P.L.
Jino M.
Dos Santos R.D.C.
Institución
Resumen
Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware. © 2012 Springer-Verlag. 7336 LNCS PART 4 274 285 Universidade Federal da Bahia (UFBA),Universidade Federal do Reconcavo da Bahia (UFRB),Universidade Estadual de Feira de Santana (UEFS),University of Perugia,University of Basilicata (UB) Norman Sandbox, , http://www.norman.com/security_center/security_tools/ http://www.threatexpert.com/Afonso, V.M., Filho, D.S.F., Grégio, A.R.A., De Geus, P.L., Jino, M., A hybrid framework to analyze web and os malware Proceedings of the 2012 IEEE International Conference on Communications (ICC) (June 2012) Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G., Efficient detection of split personalities in malware 17th Annual Network and Distributed System Security Symposium, NDSS 2010 (February 2010) Bellard, F., Qemu, a fast and portable dynamic translator (2005) USENIX Annual Technical Conference, FREENIX Track, pp. 41-46 Calais, P.H., Pires, D.E.V., Guedes, D.O., Meira, W., Hoepers, C., Steding-jessen, K., A campaign-based characterization of spamming strategies Proceedings of the Fifth Conference on Email and Anti-Spam (CEAS) (2008) Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D., Dynamic Spyware Analysis (2007) Proceedings of the USENIX Annual Technical Conference, , USENIX Association, Berkeley Filiol, E., Malware pattern scanning schemes secure against black-box analysis (2006) Journal in Computer Virology, 2 (1), pp. 35-50 Filiol, E., Jacob, G., Le Liard, M., Evaluation methodology and theoretical model for antiviral behavioural detection strategies (2007) Journal in Computer Virology, 3 (1), pp. 23-37 Hoglund, G., Butler, J., (2006) Rootkits - Subverting the Windows Kernel, , Addison- Wesley Jacob, G., Debar, H., Filiol, E., Malware Behavioral Detection by Attribute- Automata Using Abstraction from Platform and Language (2009) LNCS, 5758, pp. 81-100. , Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. Springer, Heidelberg Kruegel, C., Kirda, E., Bayer, U., TTAnalyze: A tool for analyzing malware Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference (April 2006) Kruegel, C., Kirda, E., Bayer, U., Balzarotti, D., Habibi, I., Insights into current malware behavior 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), Boston (April 2009) Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C., A Layered Architecture for Detecting Malicious Behaviors (2008) LNCS, 5230, pp. 78-97. , Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. Springer, Heidelberg Provos, N., Holz, T., (2007) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, , 1st edn. Addison-Wesley Professional Rules for Naming Detected Objects, , http://www.securelist.com/en/%20threats/detect?chapter=136 Willems, C., Holz, T., Freiling, F., Toward Automated Dynamic Malware Analysis Using CWSandbox (2007) IEEE Security and Privacy, 5, pp. 32-39