A Survey of Stealth Malware: Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions
作者: Terrance E. Boult , Manuel Günther , Ethan M. Rudd , Andras Rozsa
DOI:
关键词:
摘要: As our professional, social, and financial existences become increasingly digitized as government, healthcare, military infrastructures rely more on computer technologies, they present larger lucrative targets for malware. Stealth malware in particular poses an increased threat because it is specifically designed to evade detection mechanisms, spreading dormant, the wild extended periods of time, gathering sensitive information or positioning itself a high-impact zero-day attack. Policing growing attack surface requires development efficient anti-malware solutions with improved generalization detect novel types resolve these occurrences little burden human experts possible. In this paper, we survey malicious stealth technologies well existing detecting categorizing countermeasures autonomously. While machine learning offers promising potential autonomous new types, both at network level host level, findings suggest that several flawed assumptions inherent most recognition algorithms prevent direct mapping between problem solution. The notable closed world assumption: no sample belonging class outside static training set will appear query time. We formalized adaptive open framework relate mathematically research from other domains.
arxiv.org
harvard.edu参考文章(93)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Lalit P. Jain, Walter J. Scheirer, Terrance E. Boult, Multi-class Open Set Recognition Using Probability of Inclusion european conference on computer vision. pp. 393- 409 ,(2014) , 10.1007/978-3-319-10578-9_26
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Abhinav Srivastava, Andrea Lanzi, Jonathon Giffin, Davide Balzarotti, Operating system interface obfuscation and the revealing of hidden operations international conference on detection of intrusions and malware and vulnerability assessment. pp. 214- 233 ,(2011) , 10.1007/978-3-642-22424-9_13
Galen Hunt, Doug Brubacher, Detours: binary interception of Win32 functions conference on usenix windows nt symposium. pp. 14- 14 ,(1999)
Melanie Middlemiss, Grant Dick, Feature selection of intrusion detection data using a hybrid genetic algorithm/KNN approach hybrid intelligent systems. pp. 519- 527 ,(2003)
Angelos D. Keromytis, Krysta Svore, Salvatore Stolfo, Katherine Heller, One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses Workshop on Data Mining for Computer Security (DMSEC), Melbourne, FL, November 19, 2003. pp. 2- 9 ,(2003) , 10.7916/D84B39Q0
Samuel Kotz, Saralees Nadarajah, Extreme Value Distributions: Theory and Applications ,(2000)