6 Hits in 6.5 sec

Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence

Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti
2015 USENIX Security Symposium  
Malware sandboxes are automated dynamic analysis systems that execute programs in a controlled environment.  ...  In this paper, we propose a novel methodology to automatically identify malware development cases from the samples submitted to a malware analysis sandbox.  ...  Acknowledgment We would like to thank Claudio Guarnieri for the fruitful discussions and insights.  ... 
dblp:conf/uss/GrazianoCBLB15 fatcat:6uhdthbdrnfffadgntr77bo4ty

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Luca Caviglione, Michal Choras, Igino Corona, Artur Janicki, Wojciech Mazurczyk, Marek Pawlicki, Katarzyna Wasielewska
2020 IEEE Access  
It allows using the victim's machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there.  ...  On this basis, we review the evolution of modern threats in the communication networks, with a particular focus on the techniques employing information hiding.  ...  Later, various types of dynamic analysis and sandboxes have been introduced in order to inspect malware and compare its behavior with the well-known patterns.  ... 
doi:10.1109/access.2020.3048319 fatcat:tatdk6pzczgp3aylvbxoxabuta

On the Security of Machine Learning in Malware C8C Detection

Joseph Gardiner, Shishir Nagaraja
2016 ACM Computing Surveys  
One of the main challenges in security today is defending against malware attacks.  ...  As a consequence, an alternative line of work has focused on detecting and disrupting the individual steps that follow an initial compromise and are essential for the successful progression of the attack  ...  Evading dynamic analysis systems. To overcome the limitations of signature-based analysis of malicious code, researchers use dynamic analysis tools, also called sandboxes [Egele et al. 2012] .  ... 
doi:10.1145/3003816 fatcat:jmuklpr2bjamfgygu6rpi4ldmm

Institute Resilience Through Detection, Response, and Recovery [chapter]

Dan Blum
2020 Rational Cybersecurity for Business  
Enact response in a structured manner wherein each business function has a script for its part; for example, after a data breach, IT restores affected systems to normal operation, public relations communicates  ...  Businesses should develop response plans for common types of incidents and for potential incidents from top risk scenarios.  ...  Security monitoring can be like looking for needles in the haystack, such as • Threats, human or automated, attacking or already inside the systems • Security controls not operating in compliance with  ... 
doi:10.1007/978-1-4842-5952-8_9 fatcat:52wtkyvlsvbv3d7kwcjmqlbl7e

Threat Detection using Information Flow Analysis on Kernel Audit Logs

Sadegh Momeni Milajerdi
For cyber threat-hunting, we develop an inexact graph pattern matching approach to align a query graph extracted from cyber threat intelligence to a provenance graph constructed out of kernel audit logs  ...  Kernel audit logs are a rich source of information containing the history of causal dependencies and information flows among system entities in a host system.  ...  [136] have proposed an approach for mining malware behavior from dynamic traces of that malware's samples. Similarly, Kolbitsch et al.  ... 
doi:10.25417/uic.13474962 fatcat:66suvjwjzvda5hsvbpfogiheyi

Maritime cybersecurity practices scheme (black box) [article]

Στέργιος Οικονόμου, University Of Thessaly, University Of Thessaly, Γεώργιος Σταμούλης
| P a g e «Υπεύθυνη Δήλωση μη λογοκλοπής και ανάληψης προσωπικής ευθύνης» Με πλήρη επίγνωση των συνεπειών του νόμου περί πνευματικών δικαιωμάτων, και γνωρίζοντας τις συνέπειες της λογοκλοπής, δηλώνω υπεύθυνα  ...  The main objective for a security analyst using a SIEM system is to reduce the number of falsepositive alerts, in order to avoid being in a "needle-in-the-haystack" situation.  ...  (SOC) for further analysis.  ... 
doi:10.26253/heal.uth.7015 fatcat:bmprmnvksbbgllqhq5zav72xim