SCOPUS 정보 검색 플랫폼

Journal in Computer Virology

Volumn 8, Issue 1-2, 2012, Pages 1-13

Shadow attacks: Automatically evading system-call-behavior based malware detection

(5) Ma, Weiqin a Duan, Pu a Liu, Sanmin a Gu, Guofei a Liu, Jyh Charn a

a TEXAS A AND M UNIVERSITY (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BEHAVIOR-BASED; BEHAVIOR-BASED DETECTION; CODE OBFUSCATION; CURRENT GENERATION; DETECTION TECHNIQUE; MALICIOUS BEHAVIOR; MALWARE ANALYSIS; MALWARE DETECTION; MALWARES; MULTI CORE; POTENTIAL THREATS; PROTOTYPE TOOLS; SECURITY PROBLEMS; SOURCE CODES; SYSTEM-CALL SEQUENCE;

DETECTORS; HUMAN COMPUTER INTERACTION; MULTICORE PROGRAMMING;

COMPUTER CRIME;

EID: 84860630143 PISSN: 17729890 EISSN: 17729904 Source Type: Journal
DOI: 10.1007/s11416-011-0157-5 Document Type: Article

Times cited : (73)

References (34)

1
- 78049387622
- A Layered Architecture for Detecting Malicious Behaviors
- Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J. C.: A Layered Architecture for Detecting Malicious Behaviors. In: Proceedings of the 11th international Symposium on Recent Advances in intrusion Detection (RAID'08) (2008).
- (2008) Proceedings of the 11th International Symposium On Recent Advances In Intrusion Detection (RAID'08)
- Martignoni, L.¹ Stinson, E.² Fredrikson, M.³ Jha, S.⁴ Mitchell, J.C.⁵

2
- 3042658703
- LLVM: A compilation framework for lifelong program analysis & transformation
- Lattner, C., Adve, V.: LLVM: A compilation framework for lifelong program analysis & transformation. In: Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO'04) (2004).
- (2004) Proceedings of the 2004 International Symposium On Code Generation and Optimization (CGO'04)
- Lattner, C.¹ Adve, V.²

3
- 27544433210
- Semantics-Aware Malware Detection
- Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-Aware Malware Detection. In: Proceedings of IEEE Symposium on Security and Privacy (2005).
- (2005) Proceedings of IEEE Symposium On Security and Privacy
- Christodorescu, M.¹ Jha, S.² Seshia, S.³ Song, D.⁴ Bryant, R.⁵

4
- 84860645599
- Barford, P., Yagneswaran, V.: An Inside Look at Botnets. In: Advances in Information Security. Springer, Berlin (2006).
- An Inside Look At Botnets. In: Advances In Information Security. Springer, Berlin (2006)
- Barford, P.¹ Yagneswaran, V.²

5
- 0038011184
- Mimicry attacks on host-based intrusion detection systems
- Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM conference on Computer and communications security (CCS'02) (2002).
- (2002) Proceedings of the 9th ACM Conference On Computer and Communications Security (CCS'02)
- Wagner, D.¹ Soto, P.²

6
- 34249847782
- Formalisation and implementation aspects of k-ary (malicious) codes
- (EICAR 2007 Best Academic Papers)
- Filiol, E.: Formalisation and implementation aspects of k-ary (malicious) codes. J. Comput. Virol. 3(3), 75-86 (2007) (EICAR 2007 Best Academic Papers).
- (2007) J. Comput. Virol , vol.3 , Issue.3 , pp. 75-86
- Filiol, E.¹

7
- 84860645600
- Harbour, N.: Stealth Secrets of the Malware Ninjas. https://www. blackhat.com/presentations/bh-usa-07/Harbour/Presentation/bhusa-07-harbour.pdf.
- Stealth Secrets of the Malware Ninjas
- Harbour, N.¹

8
- 85076206522
- Effective and Efficient Malware Detection at the End Host
- Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and Efficient Malware Detection at the End Host. In: Proceedings of 18th USENIX Security Symposium (2009).
- (2009) Proceedings of 18th USENIX Security Symposium
- Kolbitsch, C.¹ Comparetti, P.M.² Kruegel, C.³ Kirda, E.⁴ Zhou, X.⁵ Wang, X.⁶

9
- 84860614596
- HAR
- Nomenumbra: Counter Behavior Based Malware Analysis, Hacking at Random. HAR (2009).
- (2009) Nomenumbra: Counter Behavior Based Malware Analysis, Hacking At Random

10
- 84876307879
- On the power of simple branch prediction analysis
- Aciiçmez, O., Koç, Ç.K., Seifert, J.: On the power of simple branch prediction analysis. In: Proceedings of the 2nd ACM Symposium on information, Computer and Communications Security (ASIACCS' 07) (2007).
- (2007) Proceedings of the 2nd ACM Symposium On Information, Computer and Communications Security (ASIACCS' 07)
- Aciiçmez, O.¹ Koç, C.K.² Seifert, J.³

11
- 84990479742
- An efficient heuristic procedure for partition graphs
- Kernighan, B.W., Lin, S.: An efficient heuristic procedure for partition graphs. Bell Syst. Tech. J. 49, 291-307 (1970).
- (1970) Bell Syst. Tech. J , vol.49 , pp. 291-307
- Kernighan, B.W.¹ Lin, S.²

12
- 37849017546
- Mining specifications of malicious behavior
- Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 6th JointMeeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (2007).
- (2007) Proceedings of the 6th JointMeeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium On The Foundations of Software Engineering
- Christodorescu, M.¹ Jha, S.² Kruegel, C.³

13
- 84860614597
- Anubis
- Anubis. http://anubis.iseclab.org/.

14
- 0017996760
- Time, clocks, and the ordering of events in a distributed system
- Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558-565 (1978).
- (1978) Commun. ACM , vol.21 , Issue.7 , pp. 558-565
- Lamport, L.¹

15
- 33947629208
- Provenance-Aware Tracing ofWorm Break-in and Contaminations: A Process Coloring Approach
- Jiang, X., Walters, A., Buchholz, F., Xu, D., Wang, Y.M., Spafford, E.H.: Provenance-Aware Tracing ofWorm Break-in and Contaminations: A Process Coloring Approach. In: Proceedings of 26th IEEE Int'lConf.Distributed Computing Systems (ICDCS'06) (2006).
- (2006) Proceedings of 26th IEEE Int'lConf.Distributed Computing Systems (ICDCS'06)
- Jiang, X.¹ Walters, A.² Buchholz, F.³ Xu, D.⁴ Wang, Y.M.⁵ Spafford, E.H.⁶

16
- 84860645595
- Fletcher, T.: Sharing a File Descriptor Between Processes. http://www.qnx.com/developers/articles/article_913_1.html.
- Sharing a File Descriptor Between Processes
- Fletcher, T.¹

17
- 77950788046
- Panorama: Capturing system-wide information flowformalware detection and analysis
- Yin, H., Song, D., Manuel, E., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flowformalware detection and analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (2007).
- (2007) Proceedings of the 14th ACM Conferences On Computer and Communication Security
- Yin, H.¹ Song, D.² Manuel, E.³ Kruegel, C.⁴ Kirda, E.⁵

18
- 21644490164
- Backtracking Intrusions
- King, S.T., Chen, P.M.: Backtracking Intrusions. In: Proceedings of the 2003 Symposium on Operating Systems Principles, pp. 223-236 (2003).
- (2003) Proceedings of the 2003 Symposium On Operating Systems Principles , pp. 223-236
- King, S.T.¹ Chen, P.M.²

19
- 85077680022
- Behavior- based Spyware Detection
- Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior- based Spyware Detection. In: Proceedings of the USENIX Security Symposium (2006).
- (2006) Proceedings of the USENIX Security Symposium
- Kirda, E.¹ Kruegel, C.² Banks, G.³ Vigna, G.⁴ Kemmerer, R.⁵

20
- 0023294949
- Computer viruses: Theory and experiments
- Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22-35 (1987).
- (1987) Comput. Secur , vol.6 , Issue.1 , pp. 22-35
- Cohen, F.¹

21
- 84860615754
- Phoenix
- Phoenix. https://connect.microsoft.com/Phoenix.

22
- 70349141059
- On the limits of information flowtechniques for malware analysis and containment
- Cavallaro, L., Saxena, P., Sekar, R.: On the limits of information flowtechniques for malware analysis and containment. In: Proceedings of 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment (2008).
- (2008) Proceedings of 5th International Conference On Detection of Intrusions and Malware, and Vulnerability Assessment
- Cavallaro, L.¹ Saxena, P.² Sekar, R.³

23
- 33646414637
- Addison-Wesley Professional, Reading
- Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional, Reading (2005).
- (2005) The Art of Computer Virus Research and Defense
- Szor, P.¹

24
- 0027961889
- Self-Nonself Discrimination in a Computer
- Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R., Self-Nonself Discrimination in a Computer. In: Proceedings of IEEE Symposium on Security & Privacy (1994).
- (1994) Proceedings of IEEE Symposium On Security & Privacy
- Forrest, S.¹ Perelson, A.S.² Allen, L.³ Cherukuri, R.⁴

25
- 49949108365
- Characterizing Bots' Remote Control Behavior
- Stinson, E., Mitchell, J.C.: Characterizing Bots' Remote Control Behavior. In: Detection of Intrusions&Malware, andVulnerability Assessment (2007).
- (2007) Detection of Intrusions&Malware, AndVulnerability Assessment
- Stinson, E.¹ Mitchell, J.C.²

26
- 34047110218
- Toward Automated Dynamic Malware Analysis Using CWSandbox
- Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. In: Proceedings of IEEE Security and Privacy (2007).
- (2007) Proceedings of IEEE Security and Privacy
- Willems, C.¹ Holz, T.² Freiling, F.³

27
- 85077528077
- Automating mimicry attacks using static binary analysis
- Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: Proceedings of the 14th conference on USENIX Security Symposium (2005).
- (2005) Proceedings of the 14th Conference On USENIX Security Symposium
- Kruegel, C.¹ Kirda, E.² Mutz, D.³ Robertson, W.⁴ Vigna, G.⁵

28
- 84860620384
- Norman Sandbox Whitepaper
- Norman Sandbox Whitepaper. http://www.norman.com.

29
- 84860614589
- System Call API Obfuscation
- Srivastava, A., Lanzi, A., Giffin, J.: System Call API Obfuscation. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (2008).
- (2008) Proceedings of the 11th International Symposium On Recent Advances In Intrusion Detection
- Srivastava, A.¹ Lanzi, A.² Giffin, J.³

30
- 70450279044
- Learning and Classification of Malware Behavior
- Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and Classification of Malware Behavior. In: Proceedings of Detection of Intrusions and Malware, and Vulnerability Assessment (2008).
- (2008) Proceedings of Detection of Intrusions and Malware, and Vulnerability Assessment
- Rieck, K.¹ Holz, T.² Willems, C.³ Düssel, P.⁴ Laskov, P.⁵

31
- 33646805500
- Cache missing for fun and profit
- Percival, C.: Cache missing for fun and profit. BSDCan (2005). http://www.daemonology.net/hyperthreading-consideredharmful/.
- (2005) BSDCan
- Percival, C.¹

32
- 0347215214
- UNIX Network Programming
- 2nd edn, Prentice Hall, Englewood Cliffs
- Stevens, R.: UNIX Network Programming, 2nd edn. Interprocess Communications, vol. 2. Prentice Hall, Englewood Cliffs (1999).
- (1999) Interprocess Communications , vol.2
- Stevens, R.¹

33
- 84860623726
- Dyshlevoi, K.V., Kamensky, V.E., Solovskaya, L.B.: Marshalling In Distributed Systems: Two Approaches (1997). http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.26.9781.
- (1997) Marshalling In Distributed Systems: Two Approaches
- Dyshlevoi, K.V.¹ Kamensky, V.E.² Solovskaya, L.B.³

34
- 48349087890
- Code obfuscation techniques for metamorphic viruses
- doi:10.1007/s11416-008-0084-2
- Borello, J., Mé, L.: Code obfuscation techniques for metamorphic viruses. J. Comput.Virol. 4, 211-220 (2008). doi:10.1007/s11416-008-0084-2.
- (2008) J. Comput.Virol , vol.4 , pp. 211-220
- Borello, J.¹ Mé, L.²

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.