847 Hits in 7.7 sec

Finding Non-trivial Malware Naming Inconsistencies [chapter]

Federico Maggi, Andrea Bellini, Guido Salvaneschi, Stefano Zanero
2011 Lecture Notes in Computer Science  
In addition, we propose a fast algorithm that finds non-trivial (i.e., beyond syntactic differences) inconsistencies.  ...  Malware analysts, and in particular antivirus vendors, never agreed on a single naming convention for malware specimens.  ...  Finding Naming Inconsistencies We hereby describe a two-phase, practical approach to build a high-level picture of inconsistencies in malware naming conventions across a given set of antivirus products  ... 
doi:10.1007/978-3-642-25560-1_10 fatcat:ch2kmx452bg4hf22y4uahekshe

Malware Type Recognition and Cyber Situational Awareness

Thomas Dube, Richard Raines, Gilbert Peterson, Kenneth Bauer, Michael Grimaila, Steven Rogers
2010 2010 IEEE Second International Conference on Social Computing  
Although pattern-based malware detection is an active research area, the additional context of the type of malware can improve cyber situational awareness.  ...  Malware Type Recognition (MaTR) is a research initiative extending detection technologies to provide the additional context of malware types using only static heuristics.  ...  CARO Naming Standard In order to establish naming standards and simplify sharing of information in the malware research community, CARO defines a recommended industry naming standard for discovered malware  ... 
doi:10.1109/socialcom.2010.139 dblp:conf/socialcom/DubeRPBGR10 fatcat:za35q5mqzjcdjfsep7k5aga7au

The power of procrastination

Clemens Kolbitsch, Engin Kirda, Christopher Kruegel
2011 Proceedings of the 18th ACM conference on Computer and communications security - CCS '11  
Whenever an anti-malware solution becomes popular, malware authors typically react promptly and modify their programs to evade defense mechanisms.  ...  Malware continues to remain one of the most important security problems on the Internet today.  ...  Instead, a non-trivial fraction of malware in the wild already includes such evasive techniques. Thus, it is crucial that sandboxes are improved to handle this threat.  ... 
doi:10.1145/2046707.2046740 dblp:conf/ccs/KolbitschKK11 fatcat:mnjx2q6baffwtfljnboxry4l3i

Detecting objective-C malware through memory forensics

Andrew Case, Golden G. Richard
2016 Digital Investigation. The International Journal of Digital Forensics and Incident Response  
authors, as evidenced in the notorious Crisis malware.  ...  In this paper, we focus on new methods for detecting userland malware written in Objective-C on Mac OS X.  ...  An investigator could also build a whitelist of named ports from a known-good system and then use it to quickly find named ports of forensic interest.  ... 
doi:10.1016/j.diin.2016.04.017 fatcat:hoiadrwxwfh4zkosdg3vhyciuy

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families [article]

Azqa Nadeem, Christian Hammerschmidt, Carlos H. Gañán, Sicco Verwer
2020 arXiv   pre-print
Malware family labels are known to be inconsistent. They are also black-box since they do not represent the capabilities of malware.  ...  We apply MalPaCA on a financial malware dataset collected in the wild that comprises of 1.1k malware samples resulting in 3.6M packets.  ...  We build MalPaCA -a tool to automatically build network behavioral profiles of malware samples collected in the wild; 3.  ... 
arXiv:1904.01371v3 fatcat:s3bqxuh2hfhk5jzas6rrk2fvzi

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families [chapter]

Azqa Nadeem, Christian Hammerschmidt, Carlos H. Gañán, Sicco Verwer
2020 Malware Analysis Using Artificial Intelligence and Deep Learning  
We build MalPaCA 4 -a tool to automatically build network behavioral profiles of malware samples collected in the wild; 3.  ...  We show the behavioral relationships between malwares using a Directed Acyclic Graph, which also uncovers discrepancies between behavioral clusters and traditional family labels;  ...  [37] propose a method to find inconsistencies in malware family labels generated by Anti-Virus (AV) scanners. Mohaisen et al.  ... 
doi:10.1007/978-3-030-62582-5_15 fatcat:v5kchsi3x5fjlilrlwv56tavee

Metadata-Driven Threat Classification of Network Endpoints Appearing in Malware [chapter]

Andrew G. West, Aziz Mohaisen
2014 Lecture Notes in Computer Science  
Networked machines serving as binary distribution points, C&C channels, or drop sites are a ubiquitous aspect of malware infrastructure.  ...  Leveraging 28,000 expert-labeled endpoints derived from ≈100k malware binaries this paper characterizes those domains/URLs towards prioritizing manual efforts and automatic signature generation.  ...  Acknowledgments We thank Verisign iDefense team members Ryan Olsen and Trevor Tonn for their assistance in obtaining and interpreting the malware corpus.  ... 
doi:10.1007/978-3-319-08509-8_9 fatcat:5ccxoe62ozca7dvbvmqh4n4koa

Python and Malware: Developing Stealth and Evasive Malware Without Obfuscation [article]

Vasilios Koutsokostas, Constantinos Patsakis
2021 arXiv   pre-print
As a result, we show that stealth and evasive malware can be efficiently developed, bypassing with ease state of the art malware detection tools without raising any alert.  ...  Second, our work exposes significant issues of well-known sandboxes that allow malware to evade their checks.  ...  For instance, the vast majority of sandboxes expose inconsistent CPU specifications (processor name vs cores/CPU) while we also noticed the use of non-existing CPU names in one of them.  ... 
arXiv:2105.00565v1 fatcat:5cetfh4ofbbxlgreab5xptmyie

Familial Clustering For Weakly-labeled Android Malware Using Hybrid Representation Learning

Yanxin Zhang, Yulei Sui, Shirui Pan, Zheng Zheng, Baodi Ning, Ivor Tsang, Wanlei Zhou
2019 IEEE Transactions on Information Forensics and Security  
due to the inconsistent, incomplete and overly generic labels reported by these closed-source AV engines, whose capabilities vary greatly and whose internal mechanisms are opaque (i.e., intermediate detection  ...  Labeling malware or malware clustering is important for identifying new security threats, triaging and building reference datasets.  ...  Labeling malware is a non-trivial task.  ... 
doi:10.1109/tifs.2019.2947861 fatcat:yps5spdsyresnepfjqi4kz236m


Antonio Bianchi, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
non-infected r2d2 tdss non-infected non-infected r2d2 tdss non-infected non-infected r2d2 tdss non-infected non-infected r2d2 tdss non-infected non-infected stuxnet tld3 non-infected non-infected stuxnet  ...  rustock r2d2 non-infected non-infected non-infected non-infected non-infected non-infected non-infected non-infected stuxnet non-infected non-infected tdss mebroot zeroaccess tdl3 blackenergy rustock r2d2  ... 
doi:10.1145/2382196.2382234 dblp:conf/ccs/BianchiSKV12 fatcat:iet2bfj4dreijhji6glbrxilja

Euphony: Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware

Mederic Hurier, Guillermo Suarez-Tangil, Santanu Kumar Dash, Tegawende F. Bissyande, Yves Le Traon, Jacques Klein, Lorenzo Cavallaro
2017 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR)  
The key novelty of our approach, named EU-PHONY [20] , is that no a-priori knowledge on malware families is needed.  ...  Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks.  ...  In particular, reliable malware labels are a necessary input to guarantee the quality of both malware detection and classification models. Malware labeling, however, is not a trivial task.  ... 
doi:10.1109/msr.2017.57 dblp:conf/msr/HurierSDBTKC17 fatcat:6eqyljqfhbej3aswtehnc34hh4

A Journey Through Android App Analysis: Solutions and Open Challenges

Jacques Klein
2021 Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems  
In this paper, we will briefly introduce our key contributions in both (1) Android app static analysis to detect security issues, and (2) Android Malware Detection with machine learning.  ...  Inconsistencies in Anti-Virus (AV) labels are indeed common. This is due to both naming disagreements [14] across vendors and also a lack of adopted standards for naming malware.  ...  Malware labeling, however, is not a trivial task.  ... 
doi:10.1145/3457340.3458298 fatcat:ei5vjazjz5akrgj5nlt3cvfodm

Applying Semantic Technologies to Fight Online Banking Fraud

Rodrigo Carvalho, Michael Goldsmith, Sadie Creese
2015 2015 European Intelligence and Security Informatics Conference  
It takes the example of online banking fraud to propose an ontology aimed at mapping criminal organisations and identifying malware developers.  ...  trivial task.  ...  Nevertheless, they could still be compared to find relationships between different malware.  ... 
doi:10.1109/eisic.2015.42 dblp:conf/eisic/CarvalhoGC15 fatcat:gdgcvc7tx5bdtaf6yjgxkgx2cq

Automatic Malware Description via Attribute Tagging and Similarity Embedding [article]

Felipe N. Ducau, Ethan M. Rudd, Tad M. Heppner, Alex Long, and Konstantin Berlin
2020 arXiv   pre-print
family names.  ...  With the rapid proliferation and increased sophistication of malicious software (malware), detection methods no longer rely only on manually generated signatures but have also incorporated more general  ...  We also thank Richard Cohen for sharing his expertise in malware detection. This research was funded by Sophos Ltd.  ... 
arXiv:1905.06262v3 fatcat:f3txmt5r65ab7k46r63gkhapxq

Virtual Machine Introspection Based Malware Behavior Profiling and Family Grouping [article]

Shun-Wen Hsiao, Yeali S.Sun, Meng Chang Chen
2017 arXiv   pre-print
The studies of malware profiles show the malwares from a malware family are very similar to each others and distinct from other malware families as well as benign software.  ...  We also establish a malware profiling website based on VMP for malware research.  ...  The result may help forensic analysts investigate new specimens, and assist in reconciling malware naming inconsistencies. Bayer et al.  ... 
arXiv:1705.01697v1 fatcat:76joj2unf5g2tjkdcvva5a2udi
« Previous Showing results 1 — 15 out of 847 results