PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Malicious and harmless software in the domain of system utilities

Autorzy
Wybrane pełne teksty z tego czasopisma
Identyfikatory
Warianty tytułu
Konferencja
Federated Conference on Computer Science and Information Systems (14 ; 01-04.09.2019 ; Leipzig, Germany)
Języki publikacji
EN
Abstrakty
EN
The focus of malware research is often directed on behaviour and features of malicious samples that stand out the most. However, our previous research led us to see that some features typical for malware may occur in harmless software as well. That finding guided us to direct more attention towards harmless samples and more detailed comparisons of malware and harmless software properties. To eliminate variables that may influence the results, we narrowed down our research study to specific software domain - system maintenance and utility tools. We analysed 100 malicious and 100 harmless samples from this domain and statistically evaluated how they differ regarding packing, program sections and their entropies, amount of code outside common sections and we also looked at differences in behaviour from the high-level view.
Rocznik
Tom
Strony
237--246
Opis fizyczny
Bibliogr. 16 poz., wykr., rys.
Twórcy
  • Technical University of Košice, Letná 9, 042 00 Košice, Slovakia
Bibliografia
  • 1. J. Šťastná and M. Tomášek, “Exploring malware behaviour for improvement of malware signatures,” in IEEE 13th International Scientific Conference on Informatics, 2015, Nov 2015. http://dx.doi.org/10.1109/Informatics.2015.7377846 pp. 275–280.
  • 2. J. Šťastná and M. Tomášek, “The problem of malware packing and its occurrence in harmless software,” Acta Electrotechnica et Informatica, vol. 16, no. 3, pp. 41–47, 2016. http://dx.doi.org/0.15546/aeei-2016-0022
  • 3. T.-Y. Wang and C.-H. Wu, “Detection of packed executables using support vector machines,” in International Conference on Machine Learning and Cybernetics (ICMLC), 2011, vol. 2, 2011. http://dx.doi.org/10.1109/ICMLC.2011.6016774. ISSN 2160-133X pp. 717–722.
  • 4. S. Josse, “Secure and advanced unpacking using computer emulation,” Journal in Computer Virology, vol. 3, no. 3, pp. 221–236, 2007. http://dx.doi.org/10.1007/s11416-007-0046-0
  • 5. M. Šipoš and S. Šimoňák, “Rasp abstract machine emulator – extending the emustudio platform,” Acta Electrotechnica et Informatica, vol. 17, no. 3, pp. 33–41, 2017. http://dx.doi.org/0.15546/aeei-2017-0024
  • 6. G. Jacob, P. Comparetti, M. Neugschwandtner, C. Kruegel, and G. Vigna, “A static, packer-agnostic filter to detect similar malware samples,” in Detection of Intrusions and Malware, and Vulnerability Assessment, ser. LNCS, vol. 7591. Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-37300-8_6. ISBN 978-3-642-37299-5 pp. 102–122.
  • 7. F. Guo, P. Ferrie, and T.-c. Chiueh, “A study of the packer problem and its solutions,” in Recent Advances in Intrusion Detection, ser. LNCS, vol. 5230. Springer Berlin Heidelberg, 2008. http://dx.doi.org/10.1007/978-3-540-87403-4_6. ISBN 978-3-540-87402-7 pp. 98–115.
  • 8. A. Singh and A. Lakhotia, “Game-theoretic design of an information exchange model for detecting packed malware,” in 6th International Conference on Malicious and Unwanted Software (MALWARE), 2011, 2011. http://dx.doi.org/10.1109/MALWARE.2011.6112319 pp. 1–7.
  • 9. P. Arntz. Analyzing malware by api calls. [Online]. Available: https://blog.malwarebytes.com/threat-analysis/2017/10/analyzing-malware-by-api-calls/
  • 10. J. Parsons and D. Oja, New Perspectives on Computer Concepts 2013: Comprehensive, ser. New Perspectives. Cengage Learning, 2012. ISBN 9781133190561
  • 11. M. Davis, S. Bodmer, and A. LeMasters, Hacking exposed malware and rootkits. New York: Mc-Graw Hill, 2010. ISBN 978-0-07-159119-5
  • 12. N. Biasini, E. Brumaghin, W. Mercer, and J. Reynolds. Ransom where? malicious cryptocurrency miners takeover, generating millions. [Online]. Available: http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
  • 13. P. Beaucamps, I. Gnaedig, and J.-Y. Marion, “Abstraction-based malware analysis using rewriting and model checking,” in Computer Security - ESORICS 2012, ser. LNCS, vol. 7459. Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-33167-1_46. ISBN 978-3-642-33166-4 pp. 806–823.
  • 14. H. Macedo and T. Touili, “Mining malware specifications through static reachability analysis,” in Computer Security - ESORICS 2013, ser. LNCS, vol. 8134. Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-40203-6_29. ISBN 978-3-642-40202-9 pp. 517–535.
  • 15. V. Marak, Windows Malware Analysis Essentials. Packt Publishing, 2015. ISBN 9781785287633
  • 16. K. Griffin, S. Schneider, X. Hu, and T.-c. Chiueh, “Automatic generation of string signatures for malware detection,” in Recent Advances in Intrusion Detection, ser. LNCS, vol. 5758. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-04342-0_6. ISBN 978-3-642-04341-3 pp. 101–120.
Uwagi
1. Track 2: Computer Science & Systems
2. Technical Session: 6th International Conference on Cryptography and Security Systems
3. Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2020).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-4f3e731c-9696-40de-93f3-f7063653ce68
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.