Evasion-resistant malware signature based on profiling kernel data structure objects

Shosha, Ahmed F.; Liu, Chen‐Ching; Gladyshev, Pavel; Matten, Marcus

doi:10.1109/crisis.2012.6378949

Cited by 6 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, features that can distinguish certain type of traffic from the traffic flows are picked for the network traffic model training. The idea behind the feature selection tools is to reduce the amount of features into a feasible subset of features that do not correlate with each other [5,6]. In this paper proposed graph based technique for malware detection.…”

Section: Introductionmentioning

confidence: 99%

Improved Malware Detection Technique Using Ensemble Based Classifier and Graph Theory

Sahu¹,

Ahirwar²,

Shukla³

2015

2015 IEEE International Conference on Computational Intelligence &Amp; Communication Technology

View full text Add to dashboard Cite

Malware classification and detection process is a very complex process in network security. In current network security scenario various types of malware family are available, some are known family and some are unknown family. The family of knowing malware detection used some well know technique such as signature based technique and rule based technique. In case of an unknown malware family of attack detection is various challenging tasks. In the current trend of malware detection used some data mining technique such as classification and clustering. The process of classification improves the process of detection of malware. In this paper used graph based technique for malware classification and detection. The graph based technique used for a feature collection of different malware data. The proposed algorithm is very efficient in compression of pervious method.

show abstract

Section: Introductionmentioning

confidence: 99%

Improved Malware Detection Technique Using Ensemble Based Classifier and Graph Theory

Sahu¹,

Ahirwar²,

Shukla³

2015

2015 IEEE International Conference on Computational Intelligence &Amp; Communication Technology

View full text Add to dashboard Cite

show abstract

“…This is while existing security solutions (e.g. host-based intrusion detection [LZO10] [Hu10], and malware detection [ALVW10][EMO12], [SLGM12]) mostly concentrate on the security threats or vulnerability of application-level programs.…”

Section: Introductionmentioning

confidence: 99%

A Threat Modeling Framework for Evaluating Computing Platforms Against Architectural Attacks

Musavi,

Hashemi

2018

Preprint

View full text Add to dashboard Cite

Architectural attacks are kinds of hardware-involved software attacks in which a software component misuse a privileged relationship with the hardware to by pass system protections, monitors, or forensic tools. These relationships are often not illegal and exist between system components by design. Hence, even a system with secure hardware and software components, can be architecturally vulnerable. Unfortunately, the existing threat modeling schemes are not applicable for modeling architectural attacks against computing platforms. This is mostly because the existing techniques rely on an abstract representation of a software (.e.g., Data Flow Diagram) as a primary requirement which is not available for a platform as a whole (considering both hardware and software elements). In this paper, we have discussed the necessity of a hardware-software architectural view to system threat modeling. Then, we have proposed Lamellae, a framework adapts threat modeling method to be applicable for untrusted platforms by a holistic approach. Lamellae involves system security architecture for abstract modeling of the platforms. Using the Design structure matrix analysis, Lamellae helps an end-user to identify possible attack vectors against a platform. The framework is a connection point of concepts from system engineering and software security domains. We have applied the framework on a multi-purpose computer with x86-64 architecture as a case-study to show the effectiveness of our framework.

show abstract

“…Such information is specific to the analysis environment configuration and may contribute to inaccurate profiles. Thus, kernel object properties of interest -and that are considered in profiling process -are properties that affect program execution in the operating system kernel and, if tampered with, monitored program may produce unpredictable behavior [33,38]. Thus, user or host specific information is defined as a set of properties and are excluded from profiling process.…”

Section: Kernel Object Memory Profiling Formalizationmentioning

confidence: 99%

Towards Automated Malware Behavioral Analysis and Profiling for Digital Forensic Investigation Purposes

Shosha

James

Hannaway

et al. 2013

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. Digital forensic investigators commonly use dynamic malwareanalysis methods to analyze a suspect executable found during a post-mortem analysis of the victim's computer. Unfortunately, currently proposed dynamic malware analysis methods and sandbox solutions have a number of limitations that may lead the investigators to ambiguous conclusions. In this research, the limitations of the use of current dynamic malware analysis methods in digital forensic investigations are highlighted. In addition, a method to profile dynamic kernel memory to complement currently proposed dynamic profiling techniques is proposed. The proposed method will allow investigators to automate the identification of malicious kernel objects during a post-mortem analysis of the victim's acquired memory. The method is implemented in a prototype malware analysis environment to automate the process of profiling malicious kernel objects and assist malware forensic investigation. Finally, a case study is given to demonstrate the efficacy of the proposed approach.

show abstract

Evasion-resistant malware signature based on profiling kernel data structure objects

Cited by 6 publications

References 21 publications

Improved Malware Detection Technique Using Ensemble Based Classifier and Graph Theory

Improved Malware Detection Technique Using Ensemble Based Classifier and Graph Theory

A Threat Modeling Framework for Evaluating Computing Platforms Against Architectural Attacks

Towards Automated Malware Behavioral Analysis and Profiling for Digital Forensic Investigation Purposes

Contact Info

Product

Resources

About