Evasive Malware Detection Using Groups of Processes
作者: Gheorghe Hăjmăşan , Alexandra Mondoc , Radu Portase , Octavian Creţ
DOI: 10.1007/978-3-319-58469-0_3
关键词:
摘要: Fueled by a recent boost in revenue, cybercriminals are developing increasingly sophisticated and advanced malicious applications. This new generation of malware is able to avoid most the existing detection methods. Even behavioral solutions no longer immune evasion, mostly because focus on actions or characteristics single process. We propose shifting from as component more accurate perspective multi-component systems. dynamic solution that identifies groups related processes, analyzes performed processes these using heuristics evaluates their behavior such even evasive, multiprocess can be detected. Using information provided once has been detected, comprehensive system cleanup performed, ensure all traces an attack have removed at risk.
springer.com
archives-ouvertes.fr
sci-hub.st 参考文章(11)
Yuede Ji, Yukun He, Dewei Zhu, Qiang Li, Dong Guo, A Mulitiprocess Mechanism of Evading Behavior-Based Bot Detection Approaches information security practice and experience. pp. 75- 89 ,(2014) , 10.1007/978-3-319-06320-1_7
Yoseba K. Penya, Jaime Devesa, Pablo García Bringas, Xabier Cantero, Igor Santos, Automatic Behaviour-based Analysis and Classification System for Malware Detection. international conference on enterprise information systems. pp. 395- 399 ,(2010)
Bill Blunden, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System ,(2009)
Smita Naval, Vijay Laxmi, Muttukrishnan Rajarajan, Manoj Singh Gaur, Mauro Conti, Employing Program Semantics for Malware Detection IEEE Transactions on Information Forensics and Security. ,vol. 10, pp. 2591- 2604 ,(2015) , 10.1109/TIFS.2015.2469253
Engin Kirda, Paolo Milani Comparetti, Christopher Kruegel, Clemens Kolbitsch, Xiaoyong Zhou, XiaoFeng Wang, Effective and efficient malware detection at the end host usenix security symposium. pp. 351- 366 ,(2009)
Weiqin Ma, Pu Duan, Sanmin Liu, Guofei Gu, Jyh-Charn Liu, Shadow attacks: automatically evading system-call-behavior based malware detection Journal of Computer Virology and Hacking Techniques. ,vol. 8, pp. 1- 13 ,(2012) , 10.1007/S11416-011-0157-5
Marco Ramilli, Matt Bishop, Multi-stage delivery of malware international conference on malicious and unwanted software. pp. 91- 97 ,(2010) , 10.1109/MALWARE.2010.5665788
Ammar Ahmed Elhadi, Mohd Aizaini Maarof, Bazara Barry, Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph International journal of security and its applications. ,vol. 7, pp. 29- 42 ,(2013) , 10.14257/IJSIA.2013.7.5.03
Yuede Ji, Yukun He, Xinyang Jiang, Jian Cao, Qiang Li, Combating the evasion mechanisms of social bots Computers & Security. ,vol. 58, pp. 230- 249 ,(2016) , 10.1016/J.COSE.2016.01.007
Marco Ramilli, Matt Bishop, Shining Sun, Multiprocess malware international conference on malicious and unwanted software. pp. 8- 13 ,(2011) , 10.1109/MALWARE.2011.6112320