Presentation is loading. Please wait.

Presentation is loading. Please wait.

2012 IEEE/IPSJ 12 th International Symposium on Applications and the Internet 102062596 陳盈妤 1/10.

Published bySylvia Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "2012 IEEE/IPSJ 12 th International Symposium on Applications and the Internet 102062596 陳盈妤 1/10."— Presentation transcript:

1 2012 IEEE/IPSJ 12 th International Symposium on Applications and the Internet 102062596 陳盈妤 1/10

2 Outline  Introduction of proposed method  Previous works by catching random behavior  Procedure of proposed method  Results  Conclusion 2/10

3 Introduction of proposed method  Random Behavior - change filename - random domain name  Static Software Analysis vs. Dynamic Software Analysis  Packing and code obfuscation 3/10

4 Previous works by catching random behavior  Balzarotti – difference of emulated analysis environment and reference host  Kolbitsch – compare if malware’s essential information flow match suspect program  Sakai – repetitive behavior in propagation  Matsuki – execute decoy processes to find malwares which will kill process of anti-virus software and firewall 4/10

5 Start Sample, i = Number of Executions i = i -1 Compare the lists Conduct dynamic analysis on the sample i > 0 Generate lists of parameters from each execution Benign Malicious End Yes No Exactly match or Inclusion relation Difference 5/10

6 Procedure of proposed method  5697 malware samples, 819 benign samples.  Execute each sample for 60 seconds and collect the API call log  Isolated from the real Internet  In this experiment, each sample will only be executed twice.  Symantec and McAfee 6/10

7 Procedure of proposed method API RegSetValueEx RegSetValue CreateFile LZOpenFile _lcreat CopyFile Lzcopy MoveFile DNSQuery HttpOpenRequest InternetConnect HKEY_LOCAL_MACHINE\Software\M icrosoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\S\M\Window s\CurrentVersion\Run 7/10

8 Result True PositiveFalse NegativeTP Rate All3864183367.83 Registry47852198.39 File3799189866.68 Network2018367935.42 False PositiveTrue NegativeFP Rate All138061.59 Registry08190.00 File128071.47 Network18180.12 It could detect 117 malware samples out of 273 malware samples which could not be detected by the antivirus software(Symantec and McAfee) 8/10

9 Conclusion  Advantage : won’t be disturbed by packing and code obfuscation techniques  Disadvantage : Slow, sandbox may be detected  The proposed method may be able to improve the accuracy of malware detection utilizing in combination with other existing methods 9/10

10 Thanks for listening 10/10

Download ppt "2012 IEEE/IPSJ 12 th International Symposium on Applications and the Internet 102062596 陳盈妤 1/10."

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware Stefano Ortolani 1, Cristiano Giuffrida 1, and Bruno Crispo 2 1 Vrije Universiteit.

KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware Stefano Ortolani 1, Cristiano Giuffrida 1, and Bruno Crispo 2 1 Vrije Universiteit.
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Effective and Efficient Malware Detection at the End Host Clemens Kolbitsch, Paolo Milani TU Vienna Christopher UCSB Engin Kirda.

Effective and Efficient Malware Detection at the End Host Clemens Kolbitsch, Paolo Milani TU Vienna Christopher UCSB Engin Kirda.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra.

Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra.
Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.

Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.
Bayesian Bot Detection Based on DNS Traffic Similarity Ricardo Villamarín-Salomón, José Carlos Brustoloni Department of Computer Science University of.

Bayesian Bot Detection Based on DNS Traffic Similarity Ricardo Villamarín-Salomón, José Carlos Brustoloni Department of Computer Science University of.
Beyond Anti-Virus by Dan Keller 1987- Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.
Automated malware classification based on network behavior

Automated malware classification based on network behavior
Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.

Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.
A Hybrid Model to Detect Malicious Executables Mohammad M. Masud Latifur Khan Bhavani Thuraisingham Department of Computer Science The University of Texas.

A Hybrid Model to Detect Malicious Executables Mohammad M. Masud Latifur Khan Bhavani Thuraisingham Department of Computer Science The University of Texas.

Similar presentations

Ads by Google