Detecting unknown massive mailing viruses using proactive methods

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3224, Issue , 2004, Pages 82-101

  Hu, Ruiqi ^a   Mok, Aloysius K ^a  

^a University of Texas at Austin   (United States)

Author keywords

Intrusion detection; Malicious executable detection; Virus detection

Indexed keywords

COMPUTER VIRUSES; MERCURY (METAL); VIRUSES;

DETECTION RATES; MALICIOUS EXECUTABLES; PROTOTYPE SYSTEM; SYSTEM BEHAVIORS; VIRUS DETECTION;

INTRUSION DETECTION;

EID: 35048880908     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30143-1_5     Document Type: Article

References (56)

1. Blakley, B.: The Emperor's Old Armor. In: Proceedings of the ACM New Security Paradigms Workshop, Lake Arrowhead, California (1996)
2. Cohen, F.: Computer Viruses: Theory and Experiments. Computers and Security 6 (1987) 22-35
3. Chess, D.M., White, S.R.: An Undetectable Computer Virus. In: Proceedings of the 2000 Virus Bulletin International Conference, Orlando, Florida (2000)
4. Gryaznov, D.: Scanners of the Year 2000: Heuristics. In: Proceedings of the 5th Virus Bulletin International Conference, Boston, Massachusetts (1999) 225-234
5. Kephart, J.O., Arnold, W.C.: Automatic Extraction of Computer Virus Signatures. In: Proceedings of the 4th Virus Bulletin International Conference, Abingdon, England (1994) 178-184
6. Arnold, W., Tesauro, G.: Automatically Generated Win32 Heuristic Virus Detection. In: Proceedings of the 2000 Virus Bulletin International Conference, Orlando, Florida (2000)
7. Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data Mining Methods for Detection of New Malicious Executables. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California (2001) 38-49
8. Schultz, M.G., Eskin, E., Zadok, E., Bhattacharyya, M., Stolfo, S.J.: MEF: Malicious Email Filter - A UNIX Mail Filter that Detects Malicious Windows Executables. In: Proceedings of the Annual USENIX Technical Conference, FREENIX Track, Boston, Massechusetts (2001) 245-252
9. Bishop, M., Dilger, M.: Checking for Race Conditions in File Accesses. Computing Systems 9 (1996) 131-152
10. Tesauro, G., Kephart, J., Sorkin, G.: Neural Networks for Computer Virus Recognition. IEEE Expert 11 (1996) 5-6
11. Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: A Malicious Code Filter. Computers and Security 14 (1995) 541-566
12. Anderson, J.P.: Computer Security Technology Planning Study. Technical report, ESD-TR-73-51, U.S. Air Force Electronic Systems Division, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), Bedford, Massachusetts (1972)
13. Viswanathan, M.: Foundations for the Run-time Analysis of Software Systems. PhD thesis, University of Pennsylvania (2000)
14. Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability Classes for Enforcement Mechanisms. Technical report, TR 2003-1908, Cornell University, Dept. of Computer Science (2003)
15. Bauer, L., Ligatti, J., Walker, D.: More Enforceable Security Policies. In: Foundations of Computer Security, Copenhagen, Denmark (2002)
16. Berman, A., Bourassa, V., Selberg, E.: TRON: Process-Specific File Protection for the UNIX Operating System. In: Proceedings of the 1995 Annual USENIX Technical Conference, New Orleans, Lousianna (1995) 165-175
17. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A Secure Environment for Untrusted Helper Applications. In: Proceedings of the 6th USENIX Security Symposium, San Jose, California (1996)
18. Alexandrov, A., Kmiec, P., Schauser, K.: Consh: A Confined Execution Environment for Internet Computations. In: Proceedinges of the Annual USENIX Technical Conference, New Orleans, Louisianna (1998)
19. Acharya, A., Raje, M.: MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Application. In: Proceedings of the 9th USENIX Security Symposium, Denver, Colorado (2000)
20. Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P., Gligor, V.: Subdomain: Parsimonious Server Security. In: Proceedings of the 14th Systems Administration Conference, New Orleans, Louisianna (2000)
21. Provos, N.: Improving Host Security with System Call Policies. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (2003) 257-272
22. Honeypots, Intrusion Detection, Incident Response: http://www.honeypots. net/.
23. The Honeynet Project: http://project.honeynet.org/.
24. Provos, N.: A Virtual Honeypot Framework. In: Proceedings of the 13th USENIX Security Symposium, San Diego, California (2004)
25. Jiang, X., Xu, D.: Collapsar: A VM-Based Architecture for Network Attack Detention Center. In: Proceedings of the 13th USENIX Security Symposium, San Diego, California (2004)
26. Spitzner, L.: Honeytokens: The Other Honeypot (2003) http://www. securityfocus.com/infocus/1713.
27. Pontz, B.: Honeytoken. CERT Honeypot Archive (2004) http://cert.uni- stuttgart.de/archive/honeypots/2004/01/msg00059.html.
28. Somayaji, A., Forrest, S.: Automated Response Using System-Call Delays. In: Proceedings of the 9th USENIX Security Symposium, Denver, Colorado (2000)
29. LaBrea Sentry IPS: Next Generation Intrusion Prevention System: http://www.labreatechnologies.com/.
30. Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada (2002)
31. Twycross, J., Williamson, M.M.: Implementing and Testing a Virus Throttle. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (2003)
32. Williamson, M.M.: Design, Implementation and Test of an Email Virus Throttle. In: Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, Nevada (2003)
33. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)
34. Denning, D.E.: An Intrusion-Detection Model. In: IEEE Transactions on Software Engineering. Volume SE-13:(2). (1987) 222-232
35. Porras, P.A., Kemmerer, R.A.: Penetration State Transition Analysis - A Rule-Based Intrusion Detection Approach. In: 8th Annual Computer Security Applications Conference, San Antonio, Texas (1992) 220-229
36. Kumar, S.: Classification and Detection of Computer Intrusions. PhD thesis, Purdue University (1995)
37. Lunt, T.F.: Detecting Intruders in Computer Systems. In: Proceedings of the Conference on Auditing and Computer Technology. (1993)
38. Javitz, H.S., Valdes, A.: The NIDES Statistical Component: Description and Justification. Technical report, SRI International, Computer Science Laboratory, Menlo Park, California (1993)
39. Anderson, D., Lunt, T.F., Javitz, H., Tamaru, A., Valdes, A.: Detecting Unusual Program Behavior Using the Statistical Components of NIDES. Technical report, SRI-CSL-95-06, SRI International, Computer Science Laboratory, Menlo Park, California (1995)
40. Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California (2001) 156-169
41. Neumann, P.G., Porras, P.A.: Experience with EMERALD to Date. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California (1999) 73-80
42. Giffin, J.T., Jha, S-, Miller, B.P.: Detecting Manipulated Remote Call Streams. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, California (2002)
43. Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (2003)
44. McHugh, J., Gates, C.: Locality: A New Paradigm for Thinking about Normal Behavior and Outsider Threat. In: Proceedings of the ACM New Security Paradigms Workshop, Ascona, Switzerland (2003)
45. Jain, K., Sekar, R.: User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, California (2000) 19-34
46. Ghormley, D.P., Petrou, D., Rodrigues, S.H., Anderson, T.E.: SLIC: An Extensibility System for Commodity Operating Systems. In: Proceedinges of the Annual USENIX Technical Conference, New Orleans, Louisianna (1998) 39-52
47. Fraser, T., Badger, L., Feldman, M.: Hardening COTS Software with Generic Software Wrappers. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California (1999) 2-16
48. Ko, C., Fraser, T., Badger, L., Kilpatrick, D.: Detecting and Countering System Intrusions Using Software Wrappers. In: Proceedings of the 9th USENIX Security Symposium, Denver, Colorado (2000)
49. Nebbett, G.: Windows NT/2000 Native API Reference. 1st edn. MacMillan Technical Publishing (2000)
50. Solomon, D.A., Russinovich, M.E.: Inside Microsoft Windows 2000. 3rd edn. Microsoft Press (2000)
51. Postel, J.B.: Simple Mail Transfer Protocol (1982) http://www.ietf.org/ rfc/rfc0821.txt.
52. Russell, D.L.: State Restoration in Systems of Communicating Processes. IEEE Transactions on Software Engineering SE6 (1980) 133-144
53. Liu, Y., Sevcenco, S.: W32.bugbear@mm. Symantec Security Response (2003) http://securityresponse.symantec.com/avcenter/venc/data/ w32.bugbear@mm.html.
54. Sevcenco, S.: Vbs.haptime.a@mm. Symantec Security Response (2004) http://securityresponse.symantec.com/avcenter/venc/data/ vbs.haptime.a@mm.html.
55. Gudmundsson, A., Chien, E.: W32.klez.e@mm. Symantec Security Response (2003) http://securityresponse.symantec.com/avcenter/venc/data/ w32.klez.e@mm.html.
56. Ferrie, P., Lee, T.: W32.mydoom.a@mm. Symantec Security Response (2004) http://securityresponse.symantec.com/avcenter/venc/data/ w32.novarg.a@mm.html.