Malware Detection from a Virtual Machine Correlating Unusual Keystrokes, Network Traffic, and Suspicious Registry Access

نویسندگان

  • Nathaniel Amsden
  • Cihan Varol
چکیده

Current anti-virus malware detection methods focus on signature-based methods. Recent research has introduced new, effective methods of malware detection. First, recent research including cloud-based monitoring and analysis, joint network-host based methods, feature ranking, machine learning and kernel data structure invariant monitoring are reviewed. Second, virtual machine based malware detection is proposed. This method combines network traffic analysis through keystroke analysis and registry anomaly detection to detect malware. It correlates suspicious network activity with suspicious registry accesses in order to detect malware with a higher confidence and lower false positives. Keywords-keystroke analysis; malware detection; registry analysis; traffic analysis; virtual machine

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Malyzer: Defeating Anti-detection for Application-Level Malware Analysis

Malware analysis is critical for malware detection and prevention. To defeat malware analysis and detection, today malware commonly adopts various sophisticated anti-detection techniques, such as performing debugger, emulator, and virtual machine fingerprinting, and camouflaging its traffic as normal legitimate traffic. These mechanisms produce more and more stealthy malware that greatly challe...

متن کامل

Malware Detection In Mobile Through Analysis of Application Network Behavior By Web Application

This system detects the mobile malware by analyzing suspicious network activities through the traffic analysis. In our system, the detection algorithms which we are using are works as modules inside the Open Flow controller, and the security rules can be imposed in real time. Here, we are using new behavior-based anomaly detection system which is used for identifying meaningful deviations in a ...

متن کامل

MAGMA network behavior classifier for malware traffic

Malware is a major threat to security and privacy of network users. A large variety of malware is typically spread over the Internet, hiding in benign traffic. New types of malware appear every day, challenging both the research community and security companies to improve malware identification techniques. In this paper we present MAGMA, MultilAyer Graphs for MAlware detection, a novel malware ...

متن کامل

Communication-Aware Traffic Stream Optimization for Virtual Machine Placement in Cloud Datacenters with VL2 Topology

By pervasiveness of cloud computing, a colossal amount of applications from gigantic organizations increasingly tend to rely on cloud services. These demands caused a great number of applications in form of couple of virtual machines (VMs) requests to be executed on data centers’ servers. Some of applications are as big as not possible to be processed upon a single VM. Also, there exists severa...

متن کامل

Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic

The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an att...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2013