Mining Malware Specifications through Static Reachability Analysis

Macedo, Hugo Daniel; Touili, Tayssir

doi:10.1007/978-3-642-40203-6_29

Cited by 25 publications

(15 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, Beaucamps et al addressed this problem in their work [13] and proposed a method for static analysis of execution traces acquired from control-flow graphs. Macedo and Touili also discuss the issue in their work [14].…”

Section: Discussionmentioning

confidence: 99%

Malicious and Harmless Software in the Domain of System Utilities

Stastna

2019

Proceedings of the 2019 Federated Conference on Computer Science and Information Systems

View full text Add to dashboard Cite

The focus of malware research is often directed on behaviour and features of malicious samples that stand out the most. However, our previous research led us to see that some features typical for malware may occur in harmless software as well. That finding guided us to direct more attention towards harmless samples and more detailed comparisons of malware and harmless software properties. To eliminate variables that may influence the results, we narrowed down our research study to specific software domain-system maintenance and utility tools. We analysed 100 malicious and 100 harmless samples from this domain and statistically evaluated how they differ regarding packing, program sections and their entropies, amount of code outside common sections and we also looked at differences in behaviour from the high-level view. This work has been supported by the Slovak Research and Development Agency under the contract No. APVV-15-0055 and by project KEGA no. 079TUKE-4/2017. software which may play important role in exhibited behaviour and properties. In this way we can better compare malicious and harmless samples and look for features that may help in distinguishing them.

show abstract

Section: Discussionmentioning

confidence: 99%

Malicious and Harmless Software in the Domain of System Utilities

Stastna

2019

Proceedings of the 2019 Federated Conference on Computer Science and Information Systems

View full text Add to dashboard Cite

show abstract

“…On the other hand comparing graphs to find the existing similarities between them, is time and space consuming because some of problems are NP-complete (Elhadi et al, 2012;Skaletsky et al, 2010;Macedo and Touili, 2013).…”

Section: Related Workmentioning

confidence: 98%

“…Model-checking is time consuming and it is not a suitable real-time detector. (Macedo and Touili, 2013) constructed trees statically to find which data flows between functions are only malicious. The trees constructed with system function and parameters that pass to them as nodes.…”

Section: Related Workmentioning

confidence: 99%

Dynamic VSA: a framework for malware detection based on register contents

Ghiasi

Sami

Salehi

2015

Engineering Applications of Artificial Intelligence

View full text Add to dashboard Cite

“…Moreover, the components of the sandbox kernel are open source, e.g. Hypervisor, NFS server, and the security will be based on Data-Service Sovereignty principles, in order to enhance trust among beneficiaries of the HUBCAP Platform (exchanging data and services), but also intended to provide protection mechanisms to prevent the infiltration of malware into the collaboration platform by applying known malware detection techniques, for instance (Macedo and Touili, 2013), which will systematically check the collaboration platform FMUs for malicious behaviour. Furthermore, secure isolation (Suciu et al, 2018) and security information and event management (SIEM) can ensure that aggregated data and log records can be automatically analysed giving a clear picture of what is happening on the platform.…”

Section: Securitymentioning

confidence: 99%

A Cloud-Based Collaboration Platform for Model-Based Design of Cyber-Physical Systems

Larsen,

Macedo,

Fitzgerald

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Businesses, particularly small and medium-sized enterprises, aiming to start up in Model-Based Design (MBD) face difficult choices from a wide range of methods, notations and tools before making the significant investments in planning, procurement and training necessary to deploy new approaches successfully. In the development of Cyber-Physical Systems (CPSs) this is exacerbated by the diversity of formalisms covering computation, physical and human processes. In this paper, we propose the use of a cloud-enabled and open collaboration platform that allows businesses to offer models, tools and other assets, and permits others to access these on a pay-per-use basis as a means of lowering barriers to the adoption of MBD technology, and to promote experimentation in a sandbox environment.

show abstract

Mining Malware Specifications through Static Reachability Analysis

Cited by 25 publications

References 26 publications

Malicious and Harmless Software in the Domain of System Utilities

Malicious and Harmless Software in the Domain of System Utilities

Dynamic VSA: a framework for malware detection based on register contents

A Cloud-Based Collaboration Platform for Model-Based Design of Cyber-Physical Systems

Contact Info

Product

Resources

About