Filters








288 Hits in 4.7 sec

Precise system-wide concatic malware unpacking [article]

David Korczynski
<span title="2019-08-24">2019</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
In this paper, we introduce a new tool, called Minerva, for effective automatic unpacking of malware samples.  ...  Minerva introduces a unified approach to precisely uncover execution waves in a packed malware sample and produce PE files that are well-suited for follow-up static analysis.  ...  The combination of needing to unpack samples before approach to precisely unpack malware samples with system-wide proper analysis is feasible, and that  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1908.09204v1">arXiv:1908.09204v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/r7ivlcxpj5h5lp2jnatld5dfyq">fatcat:r7ivlcxpj5h5lp2jnatld5dfyq</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200907121827/https://arxiv.org/pdf/1908.09204v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/48/0a/480a0c13460e114f0e86933a5e7e813be4400b50.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1908.09204v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

BareUnpack: Generic Unpacking on the Bare-Metal Operating System

Binlin CHENG, Pengwei LI
<span title="2018-12-01">2018</span> <i title="Institute of Electronics, Information and Communications Engineers (IEICE)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/xosmgvetnbf4zpplikelekmdqe" style="color: black;">IEICE transactions on information and systems</a> </i> &nbsp;
Malware has become a growing threat as malware writers have learned that signature-based detectors can be easily evaded by packing the malware. Packing is a major challenge to malware analysis.  ...  The existing generic unpacking approaches need a simulated environment to monitor the executing of the packed executables.  ...  We plan to study the feasibility of applying BareUnpack's idea to packed Linux malware in the future.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1587/transinf.2017edp7424">doi:10.1587/transinf.2017edp7424</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/fnlf23y46retnj7zdiv37foc7q">fatcat:fnlf23y46retnj7zdiv37foc7q</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190505183825/https://www.jstage.jst.go.jp/article/transinf/E101.D/12/E101.D_2017EDP7424/_pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/09/67/0967eebe5856d3ef78ce07c6e020d6879150c5db.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1587/transinf.2017edp7424"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

Deobfuscation, Unpacking, and Decoding of Obfuscated Malicious JavaScript for Machine Learning Models Detection Performance Improvement

Samuel Ndichu, Sangwook Kim, Seiichi Ozawa
<span title="2020-06-11">2020</span> <i title="Institution of Engineering and Technology (IET)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/l2p2a7zjnreudkkctzwtgdzigi" style="color: black;">CAAI Transactions on Intelligence Technology</a> </i> &nbsp;
For the detection of such codes, this study performs Deobfuscation, Unpacking, and Decoding (DUD-preprocessing) by function redefinition using a Virtual Machine (VM), a JS code editor, and a python int_to_str  ...  For a multi-layer obfuscation, general tools realize a formatted JS code, but some sections remain encoded.  ...  malware.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1049/trit.2020.0026">doi:10.1049/trit.2020.0026</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/upy4b7mg7rcutnvfw3uk2ovwb4">fatcat:upy4b7mg7rcutnvfw3uk2ovwb4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20211203015731/https://ietresearch.onlinelibrary.wiley.com/doi/pdf/10.1049/trit.2020.0026" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/24/e7/24e7a63005b2fd10515e7857b97b9d6404c71059.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1049/trit.2020.0026"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware [chapter]

Wenbo Yang, Yuanyuan Zhang, Juanru Li, Junliang Shu, Bodong Li, Wenjun Hu, Dawu Gu
<span title="">2015</span> <i title="Springer International Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
Then, we propose AppSpear, a generic and fine-grained system for automatically malware unpacking.  ...  This paper conducts a systematic study on existing Android malware which is packed.  ...  Acknowledgments We would like to thank our shepherd, Elias Athanasopoulos, and the anonymous reviewers for their insightful comments that greatly helped improve the manuscript of this paper.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-26362-5_17">doi:10.1007/978-3-319-26362-5_17</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/xoxyebbexncjrhlagqkdje7oxe">fatcat:xoxyebbexncjrhlagqkdje7oxe</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20151002045501/http://loccs.sjtu.edu.cn/~romangol/download/raid2015.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/f6/ce/f6ceb9c6c3070781da990883e3bf056ccd3c9204.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-26362-5_17"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

A Malware and Variant Detection Method Using Function Call Graph Isomorphism

Jinrong Bai, Qibin Shi, Shiguang Mu
<span title="2019-09-22">2019</span> <i title="Hindawi Limited"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/sdme5pnua5auzcsjgqmqefb66m" style="color: black;">Security and Communication Networks</a> </i> &nbsp;
Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants.  ...  Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely.  ...  However, a few samples cannot be successfully unpacked. We manually unpack hard samples using specialized unpacker for specific packing tool or dynamic analysis tool (OllyDBG).  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1155/2019/1043794">doi:10.1155/2019/1043794</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/dxbk4jpykbds3jtrojlvh3kvce">fatcat:dxbk4jpykbds3jtrojlvh3kvce</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200219115213/https://pdfs.semanticscholar.org/a1d4/007cf50f77955ee61e9fb9a775e5fb8e4127.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/a1/d4/a1d4007cf50f77955ee61e9fb9a775e5fb8e4127.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1155/2019/1043794"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> hindawi.com </button> </a>

RAMBO: Run-Time Packer Analysis with Multiple Branch Observation [chapter]

Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, Pablo G. Bringas
<span title="">2016</span> <i title="Springer International Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
In this paper, we propose a set of domain-specific optimizations and heuristics to guide multi-path exploration and improve its efficiency and reliability for unpacking binaries protected with shifting  ...  The first solution that comes to mind to analyze these samples is to apply multi-path exploration to trigger the unpacking of all the code regions.  ...  This research was partially supported by the Basque Government under a pre-doctoral grant given to Xabier Ugarte-Pedrero.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-40667-1_10">doi:10.1007/978-3-319-40667-1_10</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/c2zpxdvaybaq7dm5qoji4qttiu">fatcat:c2zpxdvaybaq7dm5qoji4qttiu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20160818134011/http://paginaspersonales.deusto.es/isantos/papers/2016/2016-dimva-ugarte-rambo.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/6b/bd/6bbd585a24d95171222965b20fc1a78ce8faa271.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-40667-1_10"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Tracking concept drift in malware families

Anshuman Singh, Andrew Walenstein, Arun Lakhotia
<span title="">2012</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/rau5643b7ncwvh74y6p64hntle" style="color: black;">Proceedings of the 5th ACM workshop on Security and artificial intelligence - AISec &#39;12</a> </i> &nbsp;
The results of the study show negligible drift in mnemonic 2-grams extracted from unpacked versions of the samples.  ...  We illustrate the use of the proposed measures with a study on 3500+ samples from three families of x86 malware, spanning over 5 years.  ...  For a typical malware executable the number of n-grams can quickly run into millions. It is not feasible to track such a large number of features individually.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2381896.2381910">doi:10.1145/2381896.2381910</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/ccs/SinghWL12.html">dblp:conf/ccs/SinghWL12</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/lmgeoq5xsbf45mkat2vwjhxvf4">fatcat:lmgeoq5xsbf45mkat2vwjhxvf4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20121220161204/http://www.cacs.louisiana.edu/~arun/papers/2012-aisec-concept-drift.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/97/98/9798a6838d2385a0512e206c878077675e9f81dd.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2381896.2381910"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

IntroLib: Efficient and transparent library call introspection for malware forensics

Zhui Deng, Dongyan Xu, Xiangyu Zhang, Xuxiang Jiang
<span title="">2012</span> <i title="Elsevier BV"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/mpetrfjxlffapitphr7jkntyou" style="color: black;">Digital Investigation. The International Journal of Digital Forensics and Incident Response</a> </i> &nbsp;
On the other hand, existing malware-transparent analysis tools incur significant performance overhead, making them unsuitable for live malware monitoring and forensics.  ...  Our evaluation of an IntroLib prototype with 93 real-world malware samples shows that IntroLib is immune to emulation and API hooking detection by malware, uncovers more semantic information about malware  ...  Acknowledgement We thank the anonymous reviewers for their insightful comments. This research was supported, in part, by  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.diin.2012.05.013">doi:10.1016/j.diin.2012.05.013</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/ykyoildsc5fcdk3vng6frgziwi">fatcat:ykyoildsc5fcdk3vng6frgziwi</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20160810025509/https://www.csc.ncsu.edu/faculty/jiang/pubs/DFRWS12.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/43/3e/433eba14d3e79fdef1c1a2f16e74114786dbff47.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1016/j.diin.2012.05.013"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> elsevier.com </button> </a>

Obfuscation-Resilient Executable Payload Extraction From Packed Malware

Binlin Cheng, Jiang Ming, Erika A Leal, Haotian Zhang, Jianming Fu, Guojun Peng, Jean-Yves Marion
<span title="2021-08-11">2021</span> <i title="Zenodo"> Zenodo </i> &nbsp;
However, reconstructing unpacked code's import tables, which is vital for further malware static/dynamic analyses, has largely been overlooked.  ...  Over the past two decades, packed malware is always a veritable challenge to security analysts.  ...  We thank the University of Texas at Arlington and the Department of Education for supporting us with a Graduate Assistance in Areas of National Need (GAANN) fellowship.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.5281/zenodo.5653364">doi:10.5281/zenodo.5653364</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/igdh5vjiw5gnpoch32kk5pmqve">fatcat:igdh5vjiw5gnpoch32kk5pmqve</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20220208052019/https://zenodo.org/record/5653364/files/Obfuscation-Resilient%20Executable%20Payload%20Extraction%20From%20Packed%20Malware.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/8a/5c/8a5ce6f05b08094711614a53ca0e5eae717996ab.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.5281/zenodo.5653364"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> zenodo.org </button> </a>

On the Reverse Engineering of the Citadel Botnet [chapter]

Ashkan Rahimian, Raha Ziarati, Stere Preda, Mourad Debbabi
<span title="">2014</span> <i title="Springer International Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
Citadel is an advanced information-stealing malware which targets financial information. This malware poses a real threat against the confidentiality and integrity of personal and business data.  ...  Citadel is an offspring of a previously analyzed malware called Zeus; thus, using the former as a reference, we can measure and quantify the similarities and differences of the new variant.  ...  ACKNOWLEDGMENT The authors would like to thank ESET Canada for their collaboration and acknowledge the support of Mr. Pierre-Marc Bureau and the guidance provided by Mr.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-05302-8_25">doi:10.1007/978-3-319-05302-8_25</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/pakzgzmqjrhn7cb62tisua3ggi">fatcat:pakzgzmqjrhn7cb62tisua3ggi</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170830033154/http://spectrum.library.concordia.ca/978699/1/RE_Citadel_Botnet.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/57/69/57696e8baf7d35b0a40a6f6d5c7b752faf4829a7.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-05302-8_25"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Eureka: A Framework for Enabling Static Malware Analysis [chapter]

Monirul Sharif, Vinod Yegneswaran, Hassen Saidi, Phillip Porras, Wenke Lee
<span title="">2008</span> <i title="Springer Berlin Heidelberg"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
We introduce Eureka, a framework for enabling static analysis on Internet malware binaries.  ...  They enable a visual means for understanding malware code through the automated construction of annotated control flow and call graphs.  ...  To evaluate the feasibility of this approach, we examined bigram distributions on a corpus of 1291 malware instances.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-540-88313-5_31">doi:10.1007/978-3-540-88313-5_31</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/4yttx4n5nzct3g2muemmvcbdl4">fatcat:4yttx4n5nzct3g2muemmvcbdl4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170808221925/http://www.covert.io/research-papers/security/Eureka%20-%20A%20framework%20for%20enabling%20static%20malware%20analysis.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/36/f5/36f538b479322c04595d5bdc5477e92c41ad3871.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-540-88313-5_31"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Kizzle: A Signature Compiler for Detecting Exploit Kits

Ben Stock, Benjamin Livshits, Benjamin Zorn
<span title="">2016</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/64vpoz5fx5azda553iibjuf7h4" style="color: black;">2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)</a> </i> &nbsp;
When evaluated over a four-week period, false-positive rates for Kizzle are under 0.03%, while the false-negative rates are under 5%.  ...  Kizzle is able to generate anti-virus signatures for detecting EKs, which compare favorably to manually created ones. Kizzle is highly responsive and can generate new signatures within hours.  ...  This work was partially supported by the German Ministry for Education and Research (BMBF) through funding for the Center for IT-Security, Privacy and Accountability (CISPA).  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/dsn.2016.48">doi:10.1109/dsn.2016.48</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/dsn/StockLZ16.html">dblp:conf/dsn/StockLZ16</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/nglkl2z23rfixfgzukvcdp7b5q">fatcat:nglkl2z23rfixfgzukvcdp7b5q</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200322040347/https://www.microsoft.com/en-us/research/wp-content/uploads/2017/01/dsn16.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/24/aa/24aadb811ecabbae895ca7acc58a608f50eca306.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/dsn.2016.48"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>

An incremental malware detection model for meta-feature API and system call sequence

Pushkar Kishore, Swadhin Kumar Barisal, Durga Prasad Mohapatra
<span title="2020-09-26">2020</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/zbznsfsymfchdlmdsmo2bglth4" style="color: black;">Proceedings of the 2020 Federated Conference on Computer Science and Information Systems</a> </i> &nbsp;
We classify malware samples into their respective types and demonstrated via a case study that, our proposed model can reduce the effort required in STS-Tool(Socio-Technical Security Tool) approach and  ...  An incremental malware detection model is proposed to decide the label of the binary executable under study.  ...  These three views together help plan a model for system-athand. Now, we discuss below the effort optimization process for the above case study.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.15439/2020f73">doi:10.15439/2020f73</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/fedcsis/KishoreBM20.html">dblp:conf/fedcsis/KishoreBM20</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/bspawioy4jfxlf6navjepbqozu">fatcat:bspawioy4jfxlf6navjepbqozu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20201103174459/https://annals-csis.org/proceedings/2020/drp/pdf/73.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/30/70/30703ce9265dcba924156286244a422501bd7b38.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.15439/2020f73"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

A Comparative Study of Malware Family Classification [chapter]

Rafiqul Islam, Irfan Altas
<span title="">2012</span> <i title="Springer Berlin Heidelberg"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
In this paper, we present a comparative study of conventional malware family classification techniques and identifiy their limitations.  ...  We made a comparative analysis and conclude that the independent features are not good enough to defence against current as well as future malware.  ...  Dynamic analysis is time consuming as each malware sample must be executed for a certain time period and its actions logged all within a controlled environment to ensure that it cannot infect an active  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-642-34129-8_48">doi:10.1007/978-3-642-34129-8_48</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/4gae6kj4gvhslpfl3bpdhoaeae">fatcat:4gae6kj4gvhslpfl3bpdhoaeae</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200325222126/https://link.springer.com/content/pdf/10.1007%2F978-3-642-34129-8_48.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/12/bd/12bdafd9a9da66b5a12f258000fded2d3cb55618.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-642-34129-8_48"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Dynamic graph-based malware classifier

Hossein Hadian Jazi, Ali A. Ghorbani
<span title="">2016</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/zb4rq5sfzzczvgii5ae2373dhq" style="color: black;">2016 14th Annual Conference on Privacy, Security and Trust (PST)</a> </i> &nbsp;
The anti-virus industry receives a sheer amount of new malware samples on a daily basis.  ...  The prevalence of new sophisticated instances, for most of which no signature is available, coupled with the significant growth of potentially harmful programs have made the adoption of an effective automated  ...  Our comparative analysis shows that our dynamic graph-based method performs better in detecting malware samples compared to static graph-based methods even when they use unpacker tools.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/pst.2016.7906945">doi:10.1109/pst.2016.7906945</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/pst/JaziG16.html">dblp:conf/pst/JaziG16</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/y74gu3a6dfdmzbfnwsjdtfdcqm">fatcat:y74gu3a6dfdmzbfnwsjdtfdcqm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180427051443/https://unbscholar.lib.unb.ca/islandora/object/unbscholar%3A7672/datastream/PDF/view" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/77/38/77383337b4dfc986247ae8bc47116a8ca23a3afb.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/pst.2016.7906945"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>
&laquo; Previous Showing results 1 &mdash; 15 out of 288 results