Security importance assessment for system objects and malware detection
作者: Weixuan Mao , Zhongmin Cai , Don Towsley , Qian Feng , Xiaohong Guan
DOI: 10.1016/J.COSE.2017.02.009
关键词:
摘要: System objects play different roles in computer systems and exhibit levels of importance to system security. Assessing the helps us develop effective security protection methods. However, little work has focused on understanding assessing from a perspective. In this paper, we build dependency network access behaviors quantify system-wide Similar other networked systems, observe small-world effect power-law distributions for in- out-degree network. Exploring rich structures provides insights into We assess objects, with respect security, by centrality metrics propose an based model malware detection. evaluate various perspectives demonstrate their feasibility practicality. Furthermore, extensive experimental results real-world dataset that our is capable detecting 7257 samples 27,840 benign processes 93.92% true positive rate at 0.1% false rate.
sci-hub.se 参考文章(46)
Chaoting Xuan, John Copeland, Raheem Beyah, Shepherding Loadable Kernel Modules through On-demand Emulation Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 48- 67 ,(2009) , 10.1007/978-3-642-02918-9_4
Antonio Nappa, M. Zubair Rafique, Juan Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting international conference on detection of intrusions and malware and vulnerability assessment. pp. 1- 20 ,(2013) , 10.1007/978-3-642-39235-1_1
Angelos D. Keromytis, Krysta Svore, Salvatore Stolfo, Katherine Heller, One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses Workshop on Data Mining for Computer Security (DMSEC), Melbourne, FL, November 19, 2003. pp. 2- 9 ,(2003) , 10.7916/D84B39Q0
Tobias Wüchner, Martín Ochoa, Alexander Pretschner, Robust and Effective Malware Detection Through Quantitative Data Flow Graph Metrics Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 98- 118 ,(2015) , 10.1007/978-3-319-20550-2_6
Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Sal Stolfo, None, Detecting malicious software by monitoring anomalous windows registry accesses recent advances in intrusion detection. pp. 36- 53 ,(2002) , 10.1007/3-540-36084-0_3
Weiqing Sun, R. Sekar, Zhenkai Liang, V. N. Venkatakrishnan, Expanding Malware Defense by Securing Software Installations international conference on detection of intrusions and malware and vulnerability assessment. pp. 164- 185 ,(2008) , 10.1007/978-3-540-70542-0_9
Mark Newman, Networks: An Introduction ,(2010)
Colin S. Gillespie, Fitting Heavy Tailed Distributions: The poweRlaw Package Journal of Statistical Software. ,vol. 64, pp. 1- 16 ,(2015) , 10.18637/JSS.V064.I02
Jae-wook Jang, Jiyoung Woo, Jaesung Yun, Huy Kang Kim, Mal-netminer Proceedings of the 23rd International Conference on World Wide Web - WWW '14 Companion. pp. 731- 734 ,(2014) , 10.1145/2567948.2579364
Konstantin Klemm, Víctor M. Eguíluz, Maxi San Miguel, Scaling in the Structure of Directory Trees in a Computer Cluster Physical Review Letters. ,vol. 95, pp. 128701- ,(2005) , 10.1103/PHYSREVLETT.95.128701