Malicious and harmless software in the domain of system utilities

Šťastná, Jana

doi:10.15439/2019F244

Artykuł - szczegóły

Tytuł artykułu

Malicious and harmless software in the domain of system utilities

Autorzy

Šťastná Jana

Wybrane pełne teksty z tego czasopisma

http://annals-csis.org

Identyfikatory

DOI

10.15439/2019F244

Warianty tytułu

Konferencja

Federated Conference on Computer Science and Information Systems (14 ; 01-04.09.2019 ; Leipzig, Germany)

Języki publikacji

Abstrakty

The focus of malware research is often directed on behaviour and features of malicious samples that stand out the most. However, our previous research led us to see that some features typical for malware may occur in harmless software as well. That finding guided us to direct more attention towards harmless samples and more detailed comparisons of malware and harmless software properties. To eliminate variables that may influence the results, we narrowed down our research study to specific software domain - system maintenance and utility tools. We analysed 100 malicious and 100 harmless samples from this domain and statistically evaluated how they differ regarding packing, program sections and their entropies, amount of code outside common sections and we also looked at differences in behaviour from the high-level view.

Słowa kluczowe

invasive software software maintenance encryption malware

inwazyjne oprogramowanie konserwacja oprogramowania szyfrowanie złośliwe oprogramowanie

Wydawca

Polskie Towarzystwo Informatyczne

Czasopismo

Annals of Computer Science and Information Systems

Rocznik

2019

Tom

Vol. 18

Strony

237--246

Opis fizyczny

Bibliogr. 16 poz., wykr., rys.

Twórcy

autor

Šťastná Jana

jana.stastna@tuke.sk

Technical University of Košice, Letná 9, 042 00 Košice, Slovakia

Bibliografia

1. J. Šťastná and M. Tomášek, “Exploring malware behaviour for improvement of malware signatures,” in IEEE 13th International Scientific Conference on Informatics, 2015, Nov 2015. http://dx.doi.org/10.1109/Informatics.2015.7377846 pp. 275–280.
2. J. Šťastná and M. Tomášek, “The problem of malware packing and its occurrence in harmless software,” Acta Electrotechnica et Informatica, vol. 16, no. 3, pp. 41–47, 2016. http://dx.doi.org/0.15546/aeei-2016-0022
3. T.-Y. Wang and C.-H. Wu, “Detection of packed executables using support vector machines,” in International Conference on Machine Learning and Cybernetics (ICMLC), 2011, vol. 2, 2011. http://dx.doi.org/10.1109/ICMLC.2011.6016774. ISSN 2160-133X pp. 717–722.
4. S. Josse, “Secure and advanced unpacking using computer emulation,” Journal in Computer Virology, vol. 3, no. 3, pp. 221–236, 2007. http://dx.doi.org/10.1007/s11416-007-0046-0
5. M. Šipoš and S. Šimoňák, “Rasp abstract machine emulator – extending the emustudio platform,” Acta Electrotechnica et Informatica, vol. 17, no. 3, pp. 33–41, 2017. http://dx.doi.org/0.15546/aeei-2017-0024
6. G. Jacob, P. Comparetti, M. Neugschwandtner, C. Kruegel, and G. Vigna, “A static, packer-agnostic filter to detect similar malware samples,” in Detection of Intrusions and Malware, and Vulnerability Assessment, ser. LNCS, vol. 7591. Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-37300-8_6. ISBN 978-3-642-37299-5 pp. 102–122.
7. F. Guo, P. Ferrie, and T.-c. Chiueh, “A study of the packer problem and its solutions,” in Recent Advances in Intrusion Detection, ser. LNCS, vol. 5230. Springer Berlin Heidelberg, 2008. http://dx.doi.org/10.1007/978-3-540-87403-4_6. ISBN 978-3-540-87402-7 pp. 98–115.
8. A. Singh and A. Lakhotia, “Game-theoretic design of an information exchange model for detecting packed malware,” in 6th International Conference on Malicious and Unwanted Software (MALWARE), 2011, 2011. http://dx.doi.org/10.1109/MALWARE.2011.6112319 pp. 1–7.
9. P. Arntz. Analyzing malware by api calls. [Online]. Available: https://blog.malwarebytes.com/threat-analysis/2017/10/analyzing-malware-by-api-calls/
10. J. Parsons and D. Oja, New Perspectives on Computer Concepts 2013: Comprehensive, ser. New Perspectives. Cengage Learning, 2012. ISBN 9781133190561
11. M. Davis, S. Bodmer, and A. LeMasters, Hacking exposed malware and rootkits. New York: Mc-Graw Hill, 2010. ISBN 978-0-07-159119-5
12. N. Biasini, E. Brumaghin, W. Mercer, and J. Reynolds. Ransom where? malicious cryptocurrency miners takeover, generating millions. [Online]. Available: http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
13. P. Beaucamps, I. Gnaedig, and J.-Y. Marion, “Abstraction-based malware analysis using rewriting and model checking,” in Computer Security - ESORICS 2012, ser. LNCS, vol. 7459. Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-33167-1_46. ISBN 978-3-642-33166-4 pp. 806–823.
14. H. Macedo and T. Touili, “Mining malware specifications through static reachability analysis,” in Computer Security - ESORICS 2013, ser. LNCS, vol. 8134. Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-40203-6_29. ISBN 978-3-642-40202-9 pp. 517–535.
15. V. Marak, Windows Malware Analysis Essentials. Packt Publishing, 2015. ISBN 9781785287633
16. K. Griffin, S. Schneider, X. Hu, and T.-c. Chiueh, “Automatic generation of string signatures for malware detection,” in Recent Advances in Intrusion Detection, ser. LNCS, vol. 5758. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-04342-0_6. ISBN 978-3-642-04341-3 pp. 101–120.

Uwagi

1. Track 2: Computer Science & Systems

2. Technical Session: 6th International Conference on Cryptography and Security Systems

3. Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-4f3e731c-9696-40de-93f3-f7063653ce68