FORECAST - Skimming off the malware cream

ACM International Conference Proceeding Series

Volumn , Issue , 2011, Pages 11-20

  Neugschwandtner, Matthias ^a   Comparetti, Paolo Milani ^a   Jacob, Gregoire ^b   Kruegel, Christopher ^b  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATED TOOLS; CLASS A; COMMAND AND CONTROL; CONTROLLED ENVIRONMENT; LARGE-SCALE DYNAMICS; MALICIOUS CODES; MALICIOUS SOFTWARE; MALWARE ANALYSIS; MALWARES; RANDOM SELECTION; REANALYSIS; SAMPLE SELECTION; SCORING FUNCTIONS; TOTAL VALUES;

COMPUTER CRIME; DYNAMIC ANALYSIS; FORECASTING; SECURITY OF DATA; SECURITY SYSTEMS;

STATIC ANALYSIS;

EID: 84855671047     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2076732.2076735     Document Type: Conference Paper

References (41)

1. Adblock List. Retrieved September 2010 from https://secure.fanboy.co.nz/ fanboy-adblock.txt.
2. Anubis. http://anubis.iseclab.org.
3. CWSandbox. http://www.cwsandbox.org.
4. Joebox: A Secure Sandbox Application for Windows. http://www.joebox.org/.
5. Norman Sandbox. http://sandbox.norman.com.
6. ThreatExpert. http://www.threatexpert.com.
7. Virustotal. http://www.virustotal.com.
8. Zeus Tracker. https://zeustracker.abuse.ch.
9. Panda Labs Annual Report, 2010.
10. E. L. Allwein, R. E. Schapire, and Y. Singer. Reducing Multiclass to Binary: A Unifying Approach for Margin Classifiers. In International Conference on Machine Learning, 2000.
11. M. Bailey, J. Oberheide, J. Andersen, Z. Mao, F. Jahanian, and J. Nazario. Automated Classification and Analysis of Internet Malware. In Symposium on Recent Advances in Intrusion Detection (RAID), 2007.
12. U. Bayer, E. Kirda, and C. Kruegel. Improving the Efficiency of Dynamic Malware Analysis. In Symposium On Applied Computing (SAC), 2010.
13. U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A Tool for Analyzing Malware. In Annual Conf. of the European Institute for Computer Antivirus Research (EICAR), 2006.
14. U. Bayer, P. Milani Comparetti, C. Kruegel, and E. Kirda. Scalable, Behavior-Based Malware Clustering. In Network and Distributed System Security (NDSS), 2009.
15. H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. Youssef, M. Debbabi, and L. Wang. On the analysis of the zeus botnet crimeware toolkit. In International Conference on Privacy, Security and Trust, 2010.
16. J. Canto. VirusTotal Timing Information. Hispasec Systemas. Private communication, 2011.
17. A. Decker, D. Sancho, L. Kharouni, M. Goncharov, and R. McArdle. A study of the Pushdo / Cutwail Botnet. http://us.trendmicro.com/imperia/md/content/us/ pdf/threats/securitylibrary/Study-of-pushdo.pdf, 2009.
18. M. Dredze and K. Crammer. Confidence-Weighted Linear Classification. In International conference on Machine learning, 2008.
19. R.-E. Fan, K.-W. Chang, C.-J. Hsieh, X.-R. Wang, and C.-J. Lin. LIBLINEAR: A Library for Large Linear Classification. Journal of Machine Learning Research, 9, 2008.
20. T. Hastie and R. Tibshirani. Classification by Pairwise Coupling. In Advances in neural information processing systems, 1997.
21. T.-K. Huang, R. C. Weng, and C.-J. Lin. Generalized Bradley-Terry Models and Multi-Class Probability Estimates. Journal of Machine Learning Research, 7, 2006.
22. G. Jacob, R. Hund, T. Holz, and C. Kruegel. JACKSTRAWS: Picking Command and Control Connections from Bot Traffic. In USENIX Security Symposium, 2011.
23. G. Jacob, M. Neugschwandtner, P. Milani Comparetti, C. Kruegel, and G. Vigna. A static, packer-agnostic filter to detect similar malware samples. Technical Report 2010-26, UC Santa Barbara, 2010.
24. M. G. Kang, P. Poosankam, and H. Yin. Renovo: A Hidden Code Extractor for Packed Executables. In ACM Workshop on Recurring malcode (WORM), 2007.
25. A. Karnik, S. Goswami, and R. Guha. Detecting Obfuscated Viruses Using Cosine Similarity Analysis. In Asia International Conference on Modelling & Simulation, 2007.
26. J. Kolter and M. Maloof. Learning to Detect Malicious Executables in the Wild. Journal of Machine Learning Research, 7, 2006.
27. B. Krebs. Takedowns: The Shuns and Stuns That Take the Fight to the Enemy. McAfee Security Journal, (6), 2010.
28. L. Martignoni, M. Christodorescu, and S. Jha. Omniunpack: Fast, generic, and safe unpacking of malware. In Annual Computer Security Applications Conf. (ACSAC), 2007.
29. A. Mushtaq. Smashing the Mega-d/Ozdok botnet in 24 hours. http://blog.fireeye.com/research/2009/11/smashing-the-ozdok.html, 2009.
30. M. Neugschwandtner, P. Milani Comparetti, G. Jacob, and C. Kruegel. FORECAST - Skimming off the Malware Cream (extended version). Technical Report TR-iSecLab-0911-001, Vienna University of Technology, 2011.
31. R. Paleari, L. Martignoni, E. Passerini, D. Davidson, M. Fredrikson, J. Giffin, and S. Jha. Automatic Generation of Remediation Procedures for Malware Infections. In USENIX Security Symposium, 2010.
32. V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In USENIX Security Symposium, 1998.
33. R. Perdisci, A. Lanzi, and W. Lee. McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. In Annual Computer Security Applications Conference (ACSAC), 2008.
34. R. Perdisci, W. Lee, and N. Feamster. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In USENIX conference on Networked Systems Design and Implementation, 2010.
35. K. Reddy, S. Dash, and A. Pujari. New Malicious Code Detection Using Variable Length n-grams. In Information Systems Security Conference, 2006.
36. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov. Learning and Classification of Malware Behavior. In Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2008.
37. P. Royal, M. Halpin, D. Dagon, R. Edmonds, and W. Lee. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. In 22nd Annual Computer Security Applications Conf. (ACSAC), 2006.
38. D. Sancho. You Scratch My Back... Bredolab's Sudden Rise in Prominence. http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/ bredolab-final.pdf, 2009.
39. B. Stone-Gross, A. Moser, C. Kruegel, K. Almaroth, and E. Kirda. FIRE: FInding Rogue nEtworks. In Annual Computer Security Applications Conference (ACSAC), 2009.
40. S. Tabish, M. Shafiq, and M. Farooq. Malware Detection Using Statistical Analysis of Byte-Level File Content. In ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, 2009.
41. G. Wicherski. peHash: A Novel Approach to Fast Malware Clustering. In 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2009.