AMAL: High-Fidelity, Behavior-Based Automated Malware Analysis and Classification
作者: Aziz Mohaisen , Omar Alrawi
DOI: 10.1007/978-3-319-15087-1_9
关键词:
摘要: This paper introduces AMAL, an operational automated and behavior-based malware analysis labeling (classification clustering) system that addresses many limitations shortcomings of the existing academic industrial systems. AMAL consists two sub-systems, AutoMal MaLabel. provides tools to collect low granularity behavioral artifacts characterize usage file system, memory, network, registry, does by running samples in virtualized environments. On other hand, MaLabel uses those create representative features, use them for building classifiers trained manually-vetted training samples, classify into families similar behavior. also enables unsupervised learning, implementing multiple clustering algorithms grouping. An evaluation both based on medium-scale (4,000 samples) large-scale datasets (more than 115,000 samples)—collected analyzed over 13 months—show AMAL’s effectiveness accurately characterizing, classifying, grouping samples. achieves a precision 99.5 % recall 99.6 certain families’ classification, more 98 clustering. Several benchmarks, costs estimates measurements highlight support merits features AMAL.
springer.com
sci-hub.st 参考文章(25)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Panayiotis Mavrommatis, Niels Provos, Dean McNamee, Nagendra Modadugu, Ke Wang, The ghost in the browser analysis of web-based malware conference on workshop on hot topics in understanding botnets. pp. 4- 4 ,(2007)
Christopher Kruegel, Ralf Hund, Thorsten Holz, Gregoire Jacob, JACKSTRAWS: picking command and control connections from bot traffic usenix security symposium. pp. 29- 29 ,(2011)
Joris Kinable, Orestis Kostakis, Malware classification based on call graph clustering Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 233- 245 ,(2011) , 10.1007/S11416-011-0151-Y
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Roberto Perdisci, Nick Feamster, Wenke Lee, Behavioral clustering of HTTP-based malware and signature generation using malicious network traces networked systems design and implementation. pp. 26- 26 ,(2010) , 10.5555/1855711.1855737
Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz, Automatic analysis of malware behavior using machine learning Journal of Computer Security. ,vol. 19, pp. 639- 668 ,(2011) , 10.3233/JCS-2010-0410
W. Timothy Strayer, David Lapsely, Robert Walsh, Carl Livadas, Botnet Detection Based on Network Behavior Botnet Detection. pp. 1- 24 ,(2008) , 10.1007/978-0-387-68768-1_1