A general definition of malware

Kramer, Simon; Bradfield, Julian C.

doi:10.1007/s11416-009-0137-1

Cited by 60 publications

(27 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cryptolocker, WannaCry, TeslaCrypt use DGA for generating domain name. Kramer and Bradfield [8] suggest a continuous monitoring approach for ransomware detection that includes -maintaining the ransomware signature and Indicators of Compromise (IOC), looking for file execution from %APPDATA% folder and %TEMP% folder, monitoring back-up files, checking file extensions, observing the anomalous network behaviour during key exchange and looking at I/O requests and Master File Table (MFT) in NTFS file Detection. Brewer [9] proposes an automated approach to track the changes to the system"s desktop that indicate ransomware-like behavior.…”

Section: Related Workmentioning

confidence: 99%

Identifying Ransomware - Specific Properties using Static Analysis of Executables

Vidyarthi¹,

Kumar²,

Rakshit³

2019

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

Ransomware attacks have risen exponentially over the past decade with increasing severity, potency to cause damage, and ease of carrying out attack. The conventional anti-malware techniques are compelled to include advanced ransomware detection mechanisms. This paper presents the results of the study and analysis of ransomware executable files in order to identify the characteristic properties that distinguish ransomware from other malware and benign executable files. The program binaries are analyzed statically and dynamically to observe the typical behaviour and structure of the ransomware. Using the dynamic and static analysis technique, ransomware-specific properties are extracted from the executable files. The experiments show that higher accuracy of classification, using machine learning algorithms, is achieved by combining these properties with the set of generic malware properties for malware detection. 367 higher accuracy. Static and debug-time analysis of ransomware identified 9 specific properties, when added to 60 generic properties for malware detection, the classification accuracy is increased. Along with these properties, 7 dynamic behavior patterns specific to ransomware are identified. This research work can be further enhanced by addressing the challenges present in this work such as evasive behavior of certain ransomware and their system locking property.

show abstract

Section: Related Workmentioning

confidence: 99%

Identifying Ransomware - Specific Properties using Static Analysis of Executables

Vidyarthi¹,

Kumar²,

Rakshit³

2019

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

show abstract

“…Malicious behaviors have been defined in different ways. The foundational approaches via computable functions [1], based in Kleene's recursion theorem [4,5,6], or the neat definition using MALog [20] capture the essence of such behaviors, but are too abstract to be used in practice or require the full specification of software functionality. Our work is close to the approaches using model checking and temporal logic formulas as malicious behavior specification [24,25].…”

Section: Related Workmentioning

confidence: 99%

Mining Malware Specifications through Static Reachability Analysis

Macedo

Touili

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

International audienceAbstract. The number of malicious software (malware) is growing out of control. Syntactic signature based detection cannot cope with such growth and manual construction of malware signature databases needs to be replaced by computer learning based approaches. Currently, a single modern signature capturing the semantics of a malicious behavior can be used to replace an arbitrarily large number of old-fashioned syntactical signatures. However teaching computers to learn such behaviors is a challenge. Existing work relies on dynamic analysis to extract malicious behaviors, but such technique does not guarantee the coverage of all behaviors. To sidestep this limitation we show how to learn malware signatures using static reachability analysis. The idea is to model binary programs using pushdown systems (that can be used to model the stack operations occurring during the binary code execution), use reachability analysis to extract behaviors in the form of trees, and use subtrees that are common among the trees extracted from a training set of malware files as signatures. To detect malware we propose to use a tree automaton to compactly store malicious behavior trees and check if any of the subtrees extracted from the file under analysis is malicious. Experimental data shows that our approach can be used to learn signatures from a training set of malware files and use them to detect a test set of malware that is 5 times the size of the training set

show abstract

“…Current antiviral detection methods and techniques are largely reactive, with antivirus software being updated according to new viruses and threats that are discovered (Filiol, 2005) (Dechaux and Filiol, 2016). There is an "arms race" between computer virus and antivirus writers (Kramer and Bradfield, 2010), and any antiviral techniques developed for current computer virus, are ultimately bypassed by new, and more advanced viral behaviours. A more proactive approach would be to detect new threats before they emerge in the real world, for which a thorough understanding of the possible behaviours, structures and capabilities of computer viruses is required.…”

Section: Introductionmentioning

confidence: 99%

Computer Viruses: The Abstract Theory Revisited

Gladychev

2020

Proceedings of the 6th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Identifying new viral threats, and developing long term defences against current and future computer viruses, requires an understanding of their behaviour, structure and capabilities. This paper aims to advance this understanding by further developing the abstract theory of computer viruses. A method of providing abstract definitions for classes of viruses is presented in this paper, which addresses inadequacies of previous techniques. Formal definitions for some classes of viruses are then provided, which correspond to existing informal definitions. To relate the abstract theory to the real world, the connection between the abstract definitions and concrete virus implementations is examined. The use of the proposed method in studying the fundamental properties of computer viruses is discussed.

show abstract

A general definition of malware

Cited by 60 publications

References 23 publications

Identifying Ransomware - Specific Properties using Static Analysis of Executables

Identifying Ransomware - Specific Properties using Static Analysis of Executables

Mining Malware Specifications through Static Reachability Analysis

Computer Viruses: The Abstract Theory Revisited

Contact Info

Product

Resources

About