2012 IEEE/IPSJ 12 th International Symposium on Applications and the Internet 102062596 陳盈妤 1/10.

Slides:

Advertisements

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Advertisements

By Hiranmayi Pai Neeraj Jain

KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware Stefano Ortolani 1, Cristiano Giuffrida 1, and Bruno Crispo 2 1 Vrije Universiteit.

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Effective and Efficient Malware Detection at the End Host Clemens Kolbitsch, Paolo Milani TU Vienna Christopher UCSB Engin Kirda.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra.

Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.

Bayesian Bot Detection Based on DNS Traffic Similarity Ricardo Villamarín-Salomón, José Carlos Brustoloni Department of Computer Science University of.

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Automated malware classification based on network behavior

Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.

A Hybrid Model to Detect Malicious Executables Mohammad M. Masud Latifur Khan Bhavani Thuraisingham Department of Computer Science The University of Texas.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

CISC Machine Learning for Solving Systems Problems Presented by: Akanksha Kaul Dept of Computer & Information Sciences University of Delaware SBMDS:

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E. In Proc. of the 14th ACM conference on Computer and communications security, October /9/31.

Dr. XiaoFeng Wang AGIS: Towards Automatic Generation of Infection Signatures Zhuowei Li 1,3, XiaoFeng Wang 1, Zhenkai Liang 4 and Mike Reiter 2 1 Indiana.

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Speaker ： Hong-Ren Jiang A Novel Testbed for Detection of Malicious Software Functionality 1.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

Signature Based and Anomaly Based Network Intrusion Detection

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

Data Analysis in YouTube. Introduction Social network + a video sharing media – Potential environment to propagate an influence. Friendship network and.

Cloud-based Antivirus Project Proposal By Yuli Deng, Guofu Xiong.

Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.

AccessMiner Using System- Centric Models for Malware Protection Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu and Engin Kirda.

Automated Classification and Analysis of Internet Malware M. Bailey J. Oberheide J. Andersen Z. M. Mao F. Jahanian J. Nazario RAID 2007 Presented by Mike.

KAIST Internet Security Lab. CS710 Behavioral Detection of Malware on Mobile Handsets MobiSys 2008, Abhijit Bose et al 이 승 민.

Roberto Paleari,Università degli Studi di Milano Lorenzo Martignoni,Università degli Studi di Udine Emanuele Passerini,Università degli Studi di Milano.

Identification of Bot Commands By Run-time Execution Monitoring Younghee Park, Douglas S. Reeves North Carolina State University ACSAC

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.

MICHALIS POLYCHRONAKIS(COLUMBIA UNIVERSITY,USA), KOSTAS G. ANAGNOSTAKIS(NIOMETRICS, SINGAPORE), EVANGELOS P. MARKATOS(FORTH-ICS, GREECE) ACSAC,2010 Comprehensive.

Lexical Feature Based Phishing URL Detection Using Online Learning Reporter: Jing Chiu Advisor: Yuh-Jye Lee /3/17Data.

Copyright © 2012, Malware Detection Based on Malicious Behaviors Using Artificial Neural Network Student: Hsun-Yi Tsai Advisor: Dr. Kuo-Chen.

Data Mining BS/MS Project Anomaly Detection for Cyber Security Presentation by Mike Calder.

DETECTING TARGETED ATTACKS USING SHADOW HONEYPOTS AUTHORS: K. G. Anagnostakisy, S. Sidiroglouz, P. Akritidis, K. Xinidis, E. Markatos, A. D. Keromytisz.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.

CISC Machine Learning for Solving Systems Problems Presented by: Satyajeet Dept of Computer & Information Sciences University of Delaware Automatic.

Antivirus software.

Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.

Copyright © 2011, A Behavior-based Methodology for Malware Detection Student: Hsun-Yi Tsai Advisor: Dr. Kuo-Chen Wang 2012/04/30.

11 Shades of Grey: On the effectiveness of reputation- based “blacklists” Reporter: 林佳宜 /8/16.

Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.

Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.

October 20-23rd, 2015 FEEBO: A Framework for Empirical Evaluation of Malware Detection Resilience Against Behavior Obfuscation Sebastian Banescu Tobias.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Some Great Open Source Intrusion Detection Systems (IDSs)

TriggerScope: Towards Detecting Logic Bombs in Android Applications

Techniques, Tools, and Research Issues

V. A. Memos and K. E. Psannis*

Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques Presented by Vikraman Mohan.

Presented by Xiaohui (Amy) Lin

Author: Ragalatha P, Manoj Challa, Sundeep Kumar. K

Techniques, Tools, and Research Issues

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Software-Defined Secure Networks in Action

Basic Dynamic Analysis VMs and Sandboxes

When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.

Presentation transcript:

2012 IEEE/IPSJ 12 th International Symposium on Applications and the Internet 陳盈妤 1/10

Outline  Introduction of proposed method  Previous works by catching random behavior  Procedure of proposed method  Results  Conclusion 2/10

Introduction of proposed method  Random Behavior - change filename - random domain name  Static Software Analysis vs. Dynamic Software Analysis  Packing and code obfuscation 3/10

Previous works by catching random behavior  Balzarotti – difference of emulated analysis environment and reference host  Kolbitsch – compare if malware’s essential information flow match suspect program  Sakai – repetitive behavior in propagation  Matsuki – execute decoy processes to find malwares which will kill process of anti-virus software and firewall 4/10

Start Sample, i = Number of Executions i = i -1 Compare the lists Conduct dynamic analysis on the sample i > 0 Generate lists of parameters from each execution Benign Malicious End Yes No Exactly match or Inclusion relation Difference 5/10

Procedure of proposed method  5697 malware samples, 819 benign samples.  Execute each sample for 60 seconds and collect the API call log  Isolated from the real Internet  In this experiment, each sample will only be executed twice.  Symantec and McAfee 6/10

Procedure of proposed method API RegSetValueEx RegSetValue CreateFile LZOpenFile _lcreat CopyFile Lzcopy MoveFile DNSQuery HttpOpenRequest InternetConnect HKEY_LOCAL_MACHINE\Software\M icrosoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\S\M\Window s\CurrentVersion\Run 7/10

Result True PositiveFalse NegativeTP Rate All Registry File Network False PositiveTrue NegativeFP Rate All Registry File Network It could detect 117 malware samples out of 273 malware samples which could not be detected by the antivirus software(Symantec and McAfee) 8/10

Conclusion  Advantage ： won’t be disturbed by packing and code obfuscation techniques  Disadvantage ： Slow, sandbox may be detected  The proposed method may be able to improve the accuracy of malware detection utilizing in combination with other existing methods 9/10

Thanks for listening 10/10