Arnur G. Tokhtabayev scite author profile

Arnur G. Tokhtabayev

5Publications

32Citation Statements Received

27Citation Statements Given

How they've been cited

How they cite others

Affiliations

George Mason University, Binghamton University, Multimedia University

Publications

Order By: Most citations

Detection of Worm Propagation Engines in the System Call Domain using Colored Petri Nets

Tokhtabayev

Skormin

Dolgikh

2008

View full text Add to dashboard Cite

While network worms carry various payloads and may utilize any available exploits, they all have one common component -the propagation engine. Moreover, it is important to note that the number of conceptually distinct propagation engines employed by existing network worms is quite limited.This paper presents a novel signature-based approach for detecting attacks perpetrated by network worms as a manifestation of a semantic functionality performed by one of the few known propagation engines. We propose a novel methodology to recognize any semantic functionality in the system call domain through utilizing Colored Petri Nets. In this application, Petri Nets embody behavior-based signatures of the propagation engine functionalities. These signatures are indicative of the shell code activity in the first stage of the worm proliferation.We developed, tested and evaluated a Propagation Engine Detector (PED) system that detects activity of the worm shell code executed by a process during an attack. Moreover, PED is able to recognize the type of propagation engine employed by the attacking worm.

show abstract

PyTrigger: A System to Trigger &amp; Extract User-Activated Malware Behavior

Fleck

Tokhtabayev

Alarif

et al. 2013

View full text Add to dashboard Cite

Expressive, Efficient and Obfuscation Resilient Behavior Based IDS

Tokhtabayev

Skormin

Dolgikh

2010

View full text Add to dashboard Cite

Malware Characterization Using Behavioral Components

Yavvari

Tokhtabayev

Rangwala

et al. 2012

View full text Add to dashboard Cite

Abstract. Over the past years, we have experienced an increase in the quantity and complexity of malware binaries. This change has been fueled by the introduction of malware generation tools and reuse of different malcode modules. Recent malware appears to be highly modular and less functionally typified. A side-effect of this "composition" of components across different malware types, a growing number of new malware samples cannot be explicitly assigned to traditional classes defined by Anti-Virus (AV) vendors. Indeed, by nature, clustering techniques capture dominant behavior that could be a manifestation of only one of the malware component failing to reveal malware similarities that depend on other, less dominant components and other evolutionary traits. In this paper, we introduce a novel malware behavioral commonality analysis scheme that takes into consideration component-wise grouping, called behavioral mapping. Our effort attempts to shed light to malware behavioral relationships and go beyond simply clustering the malware into a family. To this end, we implemented a method for identifying soft clusters and reveal shared malware components and traits. Using our method, we demonstrate that a malware sample can belong to several groups (clusters), implying sharing of its respective components with other samples from the groups. We performed experiments with a large corpus of real-world malware data-sets and identified that we can successfully highlight malware component relationships across the existing AV malware families and variants.

show abstract

Dynamic, resilient detection of complex malicious functionalities in the system call domain

Tokhtabayev

Skormin

Dolgikh

2010

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.