Malware Behavior Modeling with Colored Petri Nets

Jasiul, Bartosz; Szpyrka, Marcin; Śliwa, Joanna

doi:10.1007/978-3-662-45237-0_60

Cited by 14 publications

(9 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This implementation allows on-line detection and classification an anomalies based on NetFlow reports coming from probes deployed in network. SECOR is not limited to network anomaly detection, e.g., PRONTO module [101,102] developed by another team of the project detects obfuscated malware at infected hosts.…”

Section: Methodsmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

Self Cite

163

View full text Add to dashboard Cite

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.

show abstract

Section: Methodsmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

Self Cite

163

View full text Add to dashboard Cite

show abstract

“…CPN Tools [15] is a modeling environment for editing, simulating, and analyzing colored Petri nets [14], [12]. Due to syntax differences CPN Tools cannot be use to simulate or verify RTCP-nets.…”

Section: Design Of Rtcp-nets With Cpn Toolsmentioning

confidence: 99%

Tools and Methods for RTCP-Nets Modeling and Verification

Szpyrka¹,

Biernacki²,

Biernacka³

2016

Archives of Control Sciences

Self Cite

View full text Add to dashboard Cite

RTCP-nets are high level Petri nets similar to timed colored Petri nets, but with different time model and some structural restrictions. The paper deals with practical aspects of using RTCP-nets for modeling and verification of real-time systems. It contains a survey of software tools developed to support RTCP-nets. Verification of RTCP-nets is based on coverability graphs which represent the set of reachable states in the form of directed graph. Two approaches to verification of RTCP-nets are considered in the paper. The former one is oriented towards states and is based on translation of a coverability graph into nuXmv (NuSMV) finite state model. The later approach is oriented towards transitions and uses the CADP toolkit to check whether requirements given as µ-calculus formulae hold for a given coverability graph. All presented concepts are discussed using illustrative examples

show abstract

“…The malware detection takes as an input a set of suspicious events received from the process' hooking engine, so-called PRONTOlogy, developed by the authors of this article [28,29]. This engine is based on ontology reasoning [30] used for the purpose of filtering single malicious incidents among hundred of thousands of regular ones.…”

Section: Cp-net Malware Modelsmentioning

confidence: 99%

Detection and Modeling of Cyber Attacks with Petri Nets

Jasiul

Szpyrka

Śliwa

2014

Entropy

Self Cite

View full text Add to dashboard Cite

The aim of this article is to present an approach to develop and verify a method of formal modeling of cyber threats directed at computer systems. Moreover, the goal is to prove that the method enables one to create models resembling the behavior of malware that support the detection process of selected cyber attacks and facilitate the application of countermeasures. The most common cyber threats targeting end users and terminals are caused by malicious software, called malware. The malware detection process can be performed either by matching their digital signatures or analyzing their behavioral models. As the obfuscation techniques make the malware almost undetectable, the classic signature-based anti-virus tools must be supported with behavioral analysis. The proposed approach to modeling of malware behavior is based on colored Petri nets. This article is addressed to cyber defense researchers, security architects and developers solving up-to-date problems regarding the detection and prevention of advanced persistent threats.

show abstract

Malware Behavior Modeling with Colored Petri Nets

Cited by 14 publications

References 28 publications

An Entropy-Based Network Anomaly Detection Method

An Entropy-Based Network Anomaly Detection Method

Tools and Methods for RTCP-Nets Modeling and Verification

Detection and Modeling of Cyber Attacks with Petri Nets

Contact Info

Product

Resources

About