Two Methods for Detecting Malware
نویسندگان
چکیده
In this paper, we present two ways of detecting malware. The first one takes advantage of a platform that we have developed. The platform includes tools for capturing malware, running code in a controlled environment, and analyzing its interactions with external entities. The platform enables us to detect malware based on the observation of its communication behavior. The second approach uses a method for detecting encrypted Skype traffic and classifying Skype service flows such as voice calls, skypeOut, video conferencing, chat, file upload and download in Skype traffic. The method is based on the Statistical Protocol IDentification (SPID) that analyzes statistical values of some traffic attributes. We apply the method to identify malicious traffic—we have successfully detected the propagation of Worm.Win32.Skipi.b that spreads over the Skype messenger by sending infected messages to all Skype contacts on a victim machine.
منابع مشابه
Fake Emulation Environment to Prevent Malware from Executing
Today’s malware contains sophisticated analysis countermeasures to protect itself against reverse engineering. Countermeasures fall into two categories: offline and runtime. Encryption and obfuscation of binaries are widely used offline protections. Therefore today, most analysis is done during runtime and so malware authors implement runtime countermeasures. Runtime countermeasures include ant...
متن کاملRandom Forest for Malware Classification
The challenge in engaging malware activities involves the correct identification and classification of different malware variants. Various malwares incorporate code obfuscation methods that alters their code signatures effectively countering antimalware detection techniques utilizing static methods and signature database. In this study, we utilized an approach of converting a malware binary int...
متن کاملAnalysis and Prevention of Malware in P2P
Peer-to-Peer (P2P) Networks continue to be popular means of trading content. However the files exchanged in these networks are not malicious, making them an ideal medium for spreading Malware. Some existing studies have shown that Malware proliferation can pose significant threats to P2P Networks, defending against such an attack are largely an open problem. This paper aims to develop the count...
متن کاملMalware Detection using Classification of Variable-Length Sequences
In this paper, a novel method based on the graph is proposed to classify the sequence of variable length as feature extraction. The proposed method overcomes the problems of the traditional graph with variable length of data, without fixing length of sequences, by determining the most frequent instructions and insertion the rest of instructions on the set of “other”, save speed and memory. Acco...
متن کاملExperimental Challenges in Cyber Security: A Story of Provenance and Lineage for Malware
Rigorous experiments and empirical studies hold the promise of empowering researchers and practitioners to develop better approaches for cyber security. For example, understanding the provenance and lineage of polymorphic malware strains can lead to new techniques for detecting and classifying unknown attacks. Unfortunately, many challenges stand in the way: the lack of sufficient field data (e...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013