Yuval Fledel scite author profile

We present a method for detecting new malicious executables, which comprise the following steps: (a) in an offline training phase, finding a set of (not necessary consecutive) system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database; (b) in a real time detection phase, for each running executable, continuously monitoring its issued system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. We have evaluated our method and the preliminary results are promising and justify the use of system calls sequences for the purpose of detection of new malicious executables.

show abstract

Monitoring, analysis, and filtering system for purifying network traffic of known and unknown malicious content

Shabtai¹,

Potashnik²,

Fledel³

et al. 2011

Security Comm Networks

View full text Add to dashboard Cite

The early detection, alert and response (eDare) framework is presented in this paper. The goal of this framework is to address the risks stemming from malicious software propagating via networks operated by Internet/network service providers (ISP/NSP). To achieve this goal, eDare employs network-based traffic scanning appliances that enable sanitation of Internet traffic of known malware. Remaining traffic is extracted and various types of algorithms are invoked in an attempt to detect instances of previously un-encountered malware and to generate a unique and simple byte-string signature for such malware. That signature is immediately uploaded to the aforementioned network traffic scanners. To augment judgments of the algorithms, human experts are consulted for assistance in classifying files suspected of being malware about which the automatic detection algorithms are not sufficiently decisive. Finally, collaborative feedback and tips from end-users are meshed into the identification process. This makes tackling of suspect files, whose impact can be assessed on a large, distributed scale, possible. The system incorporates static and behavioral analysis of malware and novel automatic signature generation algorithm. eDare was implemented and tested using an evaluation environment especially developed for that purpose. The results suggest that eDare can detect and remove unknown malware effectively.of the new malware, analyze it, create a new signature, and update their clients [3]. During the period between the appearance of a new (unknown) malware and the update of the signature-base of the anti-virus clients, millions of computers are vulnerable to it. Therefore, while being very precise, this approach is useless against previously unobserved malware. Furthermore, this approach is viable only if a user maintains an up-to-date repository of malware signatures on her device.The heuristic-based methods, which attempt to overcome the limitations of the signature-based approach, are based on rules determined by experts that define a malicious behavior, or a benign behavior, in order to detect unknown malware [4]. However, besides the fact that these methods can be bypassed, their main drawback is that, by definition, they can only detect the presence of a malware after the infected program has been executed. A. Shabtai et al. Monitoring, analysis, and filtering system Security Comm. Networks 2011; 4:947-965

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yuval Fledel

Google Android: A Comprehensive Security Assessment

Automated Static Code Analysis for Classifying Android Applications Using Machine Learning

Securing Android-Powered Mobile Devices Using SELinux

A Method for Detecting Unknown Malicious Executables

Monitoring, analysis, and filtering system for purifying network traffic of known and unknown malicious content

Contact Info

Product

Resources

About