A study of malcode-bearing documents

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4579 LNCS, Issue , 2007, Pages 231-250

  Li, Wei Jen ^a   Stolfo, Salvatore ^a   Stavrou, Angelos ^a   Androulaki, Elli ^a   Keromytis, Angelos D ^a  

^a Columbia University ^*

Author keywords

Intrusion detection; N gram; Sandbox diversity

Indexed keywords

CODES (SYMBOLS); COMPUTATIONAL COMPLEXITY; COMPUTER CRIME; INTRUSION DETECTION; PROBLEM SOLVING;

EMBEDDED MALCODES; SANDBOX DIVERSITY; WORD DOCUMENTS;

OBJECT ORIENTED PROGRAMMING;

EID: 38049030703     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-73614-1_14     Document Type: Conference Paper

References (35)

1. Leyden, J.: Trojan exploits unpatched Word vulnerability. The Register (May 2006)
2. Evers, J.: Zero-day attacks continue to hit Microsoft. News.com (September 2006)
3. Kierznowski, D.: Backdooring PDF Files (September 2006)
4. Broersma, M.: Wikipedia hijacked by malware. Techworld (November 2006) http://www.techworld.com/news/index.cfm?RSS&NewsID=7254
5. Bontchev, V.: Possible Virus Attacks Against Integrity Programs and How to Prevent Them. In: Proc. 2nd Int. Virus Bull. Conf. pp. 131-141 (1992)
6. Bontchev, V.: Macro Virus Identification Problems. In: Proc. 7th Int. Virus Bull. Conf. pp. 175-196 (1997)
7. Filiol, E., Helenius, M., Zanero, S.: Open Problems in Computer Virology. Journal in Computer Virology, pp. 55-66 (2006)
8. Wang, K., Parekh, J., Stolfo, S.J.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, Springer, Heidelberg (2006)
9. Li, W.-J., Wang, K., Stolfo, S.J., Herzog, B.: Fileprints: Identifying File Types by n-gram Analysis. In: 2005 IEEE Information Assurance Workshop (2005)
10. Stolfo, S.J., Wang, K., Li, W.-J.: Towards Stealthy Malware Detection. In: Jha, Christodorescu, Wang (eds.) Malware Detection Book, Springer, Heidelberg (2006)
11. Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data Mining Methods for Detection of New Malicious Executables. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2001)
12. Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: Detection of New Malicious Code Using N-grams Signatures. In: Proceedings of Second Annual Conference on Privacy, Security and Trust, October 13-15, 2004 (2004)
13. Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based Detection of New Malicious Code. In: Proceedings of the 28th IEEE Annual International Computer Software and Applications Conference, COMPSAC 2004. Hong Kong. September 28-30,2004 (2004)
14. Karim, M.E., Walenstein, A., Lakhotia, A.: Malware Phylogeny Generation using Permutations of Code. Journal in Computer Virology (2005)
15. McDaniel, M., Heydari, M.H.: Content Based File Type Detection Algorithms. In: 6th Annual Hawaii International Conference on System Sciences (HICSS'03) (2003)
16. Noga, A.J.: A Visual Data Hash Method. Air Force Research report (October 2004)
17. Goel, S.: Kolmogorov Complexity Estimates for Detection of Viruses. Complexity Journal 9(2) (2003)
18. Steganalysis http://niels.xtdnet.nl/stego/
19. K2. ADMmutate (2001) Available from http://www.ktwo.ca/security.html
20. Detristan, T., Ulenspiegel, T., Malcom, Y., Underduk, M.: Polymorphic Shellcode Engine Using Spectrum Analysis. Phrack (2003)
21. Kolesnikov, O., Lee, W.: Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic. USENIX Security Symposium, Georgia Tech: Vancouver, BC, Canada (2006)
22. Shaner: US Patent No. 5,991,714 (November 1999)
23. Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the Infeasibility of Modeling Polymorphic Shellcode for Signature Detection Tech. report cucs-00707, Columbia University (February 2007)
24. Natvig, K.: SandboxII: Internet Norman SandBox Whitepaper (2002)
25. Willems, C., Freiling, F., Holz, T.: Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy Magazine 5(2), 32-39 (2007)
26. Bellard, F.: QEMU, a Fast and Portable Dynamic Translator. In: proceedings of the USENIX 2005 Annual Technical Conference, pp. 41-46 (2005)
27. Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML. OSDI, Seattle, WA (2006)
28. POIFS: http://jakarta.apache.org/
29. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Communications of the ACM 13(7), 422-426 (1970)
30. Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-based Worm Detection and Signature Generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, Springer, Heidelberg (2006)
31. Broder, A., Mitzenmacher, M.: Network Applications of Bloom Filters: A Survey. In: Allerton Conference (2002)
32. http://vx.netlux.org/
33. Totel, E., Majorczyk, F., Me, L.: COTS: Diversity Intrusion Detection and Application to Web Servers. RAID 2005 (2005)
34. Reynolds, J.C., Just, J., Clough, L., Maglich, R.: On-line intrusion detection and attack prevention using diversity, generate-and-test, and generalization. In: Proceedings of the 36th Hawaii International Conference on System Sciences (2003)
35. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R.: Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In: NDSS 2006