Title | ||
---|---|---|
Pinpointing malicious activities through network and system-level malware execution behavior |
Abstract | ||
---|---|---|
Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1007/978-3-642-31128-4_20 | ICCSA (4) |
Keywords | Field | DocType |
lower-level execution trace,system-level malware execution behavior,large set,major threat,system-level dangerous activity,suspicious behavior,internet-connected system,observed dangerous activity,different type,malicious activity,actual malware,malware sample | Cryptovirology,Computer science,Computer security,Computer network,Malware,System level,Malware analysis | Conference |
Volume | ISSN | Citations |
7336 | 0302-9743 | 2 |
PageRank | References | Authors |
0.61 | 11 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
André Ricardo Abed Grégio | 1 | 66 | 9.51 |
Vitor Monte Afonso | 2 | 71 | 4.66 |
Dario Simões Fernandes Filho | 3 | 12 | 2.08 |
Paulo Lício de Geus | 4 | 83 | 13.37 |
Mario Jino | 5 | 171 | 25.04 |
Rafael Duarte Coelh dos Santos | 6 | 2 | 0.61 |