Unveiling Zeus: automated classification of malware samples
作者: Abedelaziz Mohaisen , Omar Alrawi
关键词:
摘要: Malware family classification is an age old problem that many Anti-Virus (AV) companies have tackled. There are two common techniques used for classification, signature based and behavior based. Signature uses a sequence of bytes appears in the binary code to identify detect malware. Behavior artifacts created by malware during execution identification. In this paper we report on unique dataset obtained from our operations classified using several machine learning behavior-based approach. Our main class interested classifying popular Zeus For its 65 features robust identifying families. We show like file system, registry, network can be distinct families with high accuracy - some cases as 95 percent.
acm.org
core.ac.uk
sci-hub.se 参考文章(14)
Joris Kinable, Orestis Kostakis, Malware classification based on call graph clustering Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 233- 245 ,(2011) , 10.1007/S11416-011-0151-Y
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz, Automatic analysis of malware behavior using machine learning Journal of Computer Security. ,vol. 19, pp. 639- 668 ,(2011) , 10.3233/JCS-2010-0410
Hengli Zhao, Ming Xu, Ning Zheng, Jingjing Yao, Qiang Ho, Malicious Executables Classification Based on Behavioral Factor Analysis international conference on e-education, e-business, e-management and e-learning. pp. 502- 506 ,(2010) , 10.1109/IC4E.2010.78
Hamad Binsalleeh, Thomas Ormerod, Amine Boukhtouta, Prosenjit Sinha, Amr Youssef, Mourad Debbabi, Lingyu Wang, None, On the analysis of the Zeus botnet crimeware toolkit conference on privacy, security and trust. pp. 31- 38 ,(2010) , 10.1109/PST.2010.5593240
Robert J Tibshirani, Bradley Efron, An introduction to the bootstrap ,(1993)
Igor Santos, Xabier Ugarte-Pedrero, Borja Sanz, Carlos Laorden, Pablo G Bringas, None, Collective classification for packed executable identification Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference on - CEAS '11. pp. 23- 30 ,(2011) , 10.1145/2030376.2030379
Ronghua Tian, Lynn Batten, Rafiqul Islam, Steve Versteeg, An automated classification system based on the strings of trojan and virus families international conference on malicious and unwanted software. pp. 23- 30 ,(2009) , 10.1109/MALWARE.2009.5403021
Marco Ramilli, Matt Bishop, Multi-stage delivery of malware international conference on malicious and unwanted software. pp. 91- 97 ,(2010) , 10.1109/MALWARE.2010.5665788
Younghee Park, Douglas Reeves, Vikram Mulukutla, Balaji Sundaravel, Fast malware classification by automated behavioral graph matching cyber security and information intelligence research workshop. pp. 45- ,(2010) , 10.1145/1852666.1852716