HoneyAgent: Detecting malicious Java applets by using dynamic analysis

Gassen, Jan; Chapman, Jonathan P.

doi:10.1109/malware.2014.6999402

Cited by 8 publications

(19 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to the paper [12], if we want to detect the malware which possess obfuscation of its source code, the approach that gives significant results is obtained when performed the dynamic analysis of those samples.…”

Section: Chapter 4 Code Obfuscationmentioning

confidence: 99%

“…With this into considerations we can say that static analysis is more practical and thus more efficient. Hence we have chosen static analysis as the method to detect malicious java applets and compared the results with dynamic analysis in [12].…”

Section: Primary Advantage Of Static Analysismentioning

confidence: 99%

“…According to previous research [12] HoneyAgent has been introduced which performs dynamic analysis of Java applets by overcoming the common obfuscation techniques used. This allows for faster detection of malicious behavior.…”

Section: Dynamic Analysis Of Java Appletsmentioning

confidence: 99%

“…The features of HoneyAgent [12] are as follows. It is intended to investigate the run-time behavior of Java applets.…”

Section: Features Of Honeyagentmentioning

confidence: 99%

“…We will compare our results to those obtained using a dynamic analysis techniques similar to that in [12] on the same test set.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Static Analysis of Malicious Java Applets

Ganesh

Troia

Visaggio

et al. 2016

Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics

View full text Add to dashboard Cite

Static Analysis of Malicious Java Applets by Nikitha GaneshIn this research, we consider the problem of detecting malicious Java applets, based on static analysis. In general, dynamic analysis is more informative, but static analysis is more efficient, and hence more practical. Consequently, static analysis is preferred, provided we can obtain results comparable to those obtained using dynamic analysis. We conducted experiments with the machine learning technique, Hidden Markov Model (HMM). We show that in some cases a static technique can detect malicious Java applets with greater accuracy than previously published research that relied on dynamic analysis. ACKNOWLEDGMENTSI would like to thank my project advisor Dr. Mark Stamp for his continuous guidance and for also believing in me. Without his guidance, mentoring and support, this project would not have been completed. Also I would want to thank him for his patience throughout the process.

show abstract

Section: Chapter 4 Code Obfuscationmentioning

confidence: 99%

Section: Primary Advantage Of Static Analysismentioning

confidence: 99%

Section: Dynamic Analysis Of Java Appletsmentioning

confidence: 99%

“…The features of HoneyAgent [12] are as follows. It is intended to investigate the run-time behavior of Java applets.…”

Section: Features Of Honeyagentmentioning

confidence: 99%

“…We will compare our results to those obtained using a dynamic analysis techniques similar to that in [12] on the same test set.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Static Analysis of Malicious Java Applets

Ganesh

Troia

Visaggio

et al. 2016

Proceedings of the 2016 ACM on International Workshop on Security and Privacy Analytics

View full text Add to dashboard Cite

show abstract

BejaGNN: behavior-based Java malware detection via graph neural network

Feng

Yang

et al. 2023

J Supercomput

View full text Add to dashboard Cite

As a popular platform-independent language, Java is widely used in enterprise applications. In the past few years, language vulnerabilities exploited by Java malware have become increasingly prevalent, which cause threats for multi-platform. Security researchers continuously propose various approaches for fighting against Java malware programs. The low code path coverage and poor execution efficiency of dynamic analysis limit the large-scale application of dynamic Java malware detection methods. Therefore, researchers turn to extracting abundant static features to implement efficient malware detection. In this paper, we explore the direction of capturing malware semantic information by using graph learning algorithms and present BejaGNN (Behavior-based Java malware detection via Graph Neural Network), a novel behavior-based Java malware detection method using static analysis, word embedding technique, and graph neural network. Specifically, BejaGNN leverages static analysis techniques to extract ICFGs (Inter-procedural Control Flow Graph) from Java program files and then prunes these ICFGs to remove noisy instructions. Then, word embedding techniques are adopted to learn semantic representations for Java bytecode instructions. Finally, BejaGNN builds a graph neural network classifier to determine the maliciousness of Java programs. Experimental results on a public Java bytecode benchmark demonstrate that BejaGNN achieves high F 1 98.8% and is superior to existing Java malware detection approaches, which verifies the promise of graph neural network in Java malware detection.

show abstract

SBI Model for the Detection of Advanced Persistent Threat Based on Strange Behavior of Using Credential Dumping Technique

Mohamed

Belaton

2021

IEEE Access

View full text Add to dashboard Cite

This study investigated the shift from the manual approach of processing data to the digitized method making organizational data prone to attack by cybercriminals. The latest threat Advanced Persistent Threats (APT) was originated by the United States Air Force in 2006 by Colonel Greg Rattray. APT is constantly ravaging industries and governments, which causes severe damages including data loss, espionage, sabotage, leak, or forceful pay of ransom money to the attackers. This study introduces a new model built on Adversarial Tactics Techniques and Common Knowledge (ATT&CK) matrix for detecting APT attack. This is to identify the APT on the first potential victim when the attackers use credential dumping technique. Strange Behavior Inspection Model incorporating several models investigates and monitors APT behavioral features in the CPU, RAM, windows registry, and file systems proposed to detect APT Attack at the first potential victim machine. The Strange Behavior Inspection (SBI) Model proposed in this paper is designed to detect the attack before being developed to more advanced phases. The results of this study are presented at four levels:1-random access memory, 2-central processing unit, 3-windows registry, and 4-file systems. This study proposes a unique model as evidence to detect APT attacks before any other techniques are used. The proposed model reduces the detection time from nine-months to 2.7 minutes.

show abstract

HoneyAgent: Detecting malicious Java applets by using dynamic analysis

Cited by 8 publications

References 9 publications

Static Analysis of Malicious Java Applets

Static Analysis of Malicious Java Applets

BejaGNN: behavior-based Java malware detection via graph neural network

SBI Model for the Detection of Advanced Persistent Threat Based on Strange Behavior of Using Credential Dumping Technique

Contact Info

Product

Resources

About