Malware characteristics and threats on the internet ecosystem

Journal of Systems and Software

Volumn 85, Issue 7, 2012, Pages 1650-1672

  Chen, Zhongqiang ^a   Roussopoulos, Mema ^b   Liang, Zhanyan ^c   Zhang, Yuan ^d   Chen, Zhongrong ^e   Delis, Alex ^b  

^a YAHOO INC   (United States)

^b UNIVERSITY OF ATHENS   (Greece)

^c GUANGXI UNIVERSITY OF FINANCE AND ECONOMICS   (China)

^d FLORIDA STATE UNIVERSITY   (United States)

^e Shire US Inc   (United States)

Author keywords

Malware characteristics and categorization; Malware propagation mechanisms and payloads; Self organizing maps; Support vector machines

Indexed keywords

CLASSIFICATION FRAMEWORK; COMPACT CODE; FEATURE SPACE; GENERALIZATION CAPABILITY; INFORMATION GAIN; LEARNING MODELS; MALWARE PROPAGATION; MALWARES; PENETRATION RATES; PROPAGATION CHANNELS; SECURITY THREATS; SPECIES CLASSIFICATION; TOKENIZATION; TROJANS; WORD-STEMMING; ZERO DAY ATTACK;

CONFORMAL MAPPING; DECISION TREES; ECOSYSTEMS; INFORMATION DISSEMINATION; INTERNET; SUPPORT VECTOR MACHINES;

COMPUTER WORMS;

EID: 84861096936     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2012.02.015     Document Type: Article

References (56)

1. Allwein E.L.; Schapire R.E.; Singer Y.; and Kaelbling P. Reducing multiclass to binary: a unifying approach for margin classifiers Journal of Machine Learning Research 1 2000 113 141 (Pubitemid 33738778)
2. Bailey M.; Oberbeide J.; Andersen J.; Mao Z.M.; Jahanian F.; and Nazario J. Automated classification and analysis of internet malware The 10th Symposium on Recent Advances in Intrusion Detection (RAID'07) Gold Coast, Australia, September 2007 Springer 178 197
3. Boney, D.G.; 1999, June. The Plague: An Army of Software Agents for Information Warfare. Technical Report. Department of Computer Science, School of Engineering and Applied Science, Washington DC.
4. Bontchev, V.V.; 1998. Methodology of Computer Anti-Virus Research. Technical Report. University of Hamburg, Germany.
5. Boser B.E.; Guyon I.M.; and Vapnik V.N. A training algorithm for optimal margin classifiers Proceedings of the Fifth Annual ACM Workshop on Computational Learning Theory Pittsburgh, PA, USA, July 1992 ACM Press 144 152
6. Bredensteiner E.J.; and Bennet K.P. Multicategory classification by support vector machines Computational Optimizations and Applications 12 December 1999 53 79 (Pubitemid 129574925)
7. Brunnstein K. From antivirus to antimalware software and beyond: another approach to the protection of customers from dysfunctional system behaviour Proceedings of the 22nd National Information System Security Conference Arlington, VA, USA, October 1999 NIST 1 14
8. CERT CERT Advisory CA-2001-26 Nimda Worm 2001 http://www.cert.org/ advisories/CA-2001-26.html
9. Collobert R.; and Bengio S. SVMtorch: support vector machines for large-scale regression problems Journal of Machine Learning Research (JMLR) 1 2001 143 160 (Pubitemid 33738779)
10. Costa M.; Crowcroft J.; Castro M.; Rowstron A.; Zhou L.; Zhang L.; and Barham P. Vigilante: end-to-end containment of internet worms Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP2005) Brighton, United Kingdom, October 2005 ACM New York, NY, USA 133 147 (Pubitemid 44892209)
11. Cova M.; Kruegel C.; and Vigna G. Detection and analysis of drive-by-download attacks and malicious Javascript code Proceedings of the World Wide Web Conference Raleigh, NC, USA, April 2010 ACM 1 10
12. Crammer K.; and Singer Y. On the algorithmic implementation of multiclass kernel-based vector machines Journal of Machine Learning Research 2 December 2001 265 292
13. DeLooze L.L. Classification of computer attacks using a self-organizing map Proceedings of the Fifth Annual IEEE SMC Workshop on Information Assurance June 2004 IEEE 365 369
14. Dietterich T.G.; and Bakiri G. Solving multiclass learning problems via error-correcting output codes Journal of Artificial Intelligence Research 2 January 1995 263 286
15. Ferris M.; and Munson T. Interior-point methods for massive support vector machines SIAM Journal of Optimization 13 3 2003 783 804 (Pubitemid 36971112)
16. Forman G. An extensive empirical study of feature selection metrics for text classification Journal of Machine Learning Research 3 2003 1289 1305
17. Fox C. Lexical Analysis and Stoplist - Data Structures and Algorithms 1992 Prentice Hall
18. Fredrikson M.; Jha S.; Christodorescu M.; Sailer R.; and Yan X. Synthesizing near-optimal malware specifications from suspicious behaviors 2010 IEEE Symposium on Security and Privacy Oaklan, CA, USA, May 2010 IEEE 45 60
19. Friedman J.H. Greedy function approximation: a gradient boosting machine Annals of Statistics 29 1999 1189 1232 (Pubitemid 33405972)
20. Hastie T.; and Tibshirani R. Classification by pairwise coupling The Annals of Statistics 26 2 1998 451 471
21. Helenius M. A system to support the analysis of antivirus products' virus detection capabilities Tampereen Yliopisto 2002 ISBN 951-44-5370-0
22. Rutkowska J. Introducing Stealth Malware Taxonomy 2006 http://invisiblethings.org/papers/malware-taxonomy.pdf
23. Joachims T. Making large-scale support vector machine learning practical Schoelkopf B. Burges C. Smola A. Advances in Kernel Methods - Support Vector Learning 1999 MIT Press Cambridge, MA 169 184 (Chapter 11)
24. Kawakoya Y.; Iwamura M.; and Itoh M. Memory behavior-based automatic malware unpacking in stealth debugging environment 2010 5th International Conference on Malicious and Unwanted Software (Malware) Nacy, Lorraine, October 2010 39 46
25. Keerthi S.; and DeCoste D. A modified finite newton method for fast solution of large scale linear SVMs Journal of Machine Learning Research (JMLR) 6 2005 341 361
26. Kohonen T. Self-Organizing Maps third edition 2000 Springer Berlin
27. Krsul, I.V.; 1998, May. Software Vulnerability Analysis. Technical Report. Purdue University.
28. Landwehr C.E.; Bull A.R.; McDermott J.P.; and Choi W.S. A taxonomy of computer program security flaws, with examples ACM Computing Surveys 26 September (3) 1994
29. Leder F.; Steinbock B.; and Martini P. Classification and detection of metamorphic malware using value set analysis 2009 4th International Conference on Malicious and Unwanted Software (Malware) Montreal, QC, October 2009 39 46
30. Lee T.; and Mody J. Behavioral classification Proceedings of the EICAR Conference Hamburg, Germany, April/May 2006 European Expert Group for IT Security 1 17
31. Lindqvist, U, 1999. On the Fundamentals of Analysis and Detection of Computer Misuse. Technical Report. Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden.
32. Lindqvist U.; and Jonsson E. How to systematically classify computer security intrusions Proceedings of the 1997 IEEE Symposium on Security & Privacy Oakland, CA, November 1997 IEEE Computer Society Press 154 163
33. Moore D.; Paxson V.; Savage S.; Shannon C.; Staniford S.; and Weaver N. Inside the slammer worm IEEE Magazine of Security and Privacy 1 July/August (4) 2003 33 39
34. Moser A.; Kruegel C.; and Kirda E. Limits of static analysis for malware detection 23rd Annual Computer Security Applications Conference (ACSAC) 2007
35. Paxson V.; Staniford S.; and Weaver N. How to own the internet in your spare time Proceedings of the 11th USENIX Security Symposium (Security'02) San Francisco, CA, USA, August 2002 1 19
36. Platt J.C.; Cristianini N.; and Shawe-Taylor J. Large margin DAGs for multiclass classification Advances in Neural Information Processing Systems 12 2000 547 553
37. Porter M.F. An algorithm for suffix stripping Program 14 3 1980 130 137
38. Rieck K.; Holz T.; Willems C.; Dussel P.; and Laskov P. Learning and classification of malware behavior The 5th International Conference on Detection of Intrusion Detections and Malware, and Vulnerability Assessment (DIMVA'08) Paris, France, July 2008 Springer 108 125
39. Salton G.; and Buckley C. Term-weighting approaches in automatic text retrieval Information Processing and Management 24 5 1988 513 523
40. Scheidl, G.; 1999, July. Virus Naming Convention 1999 (VNC99). Technical Report. http://members.chello.at/erikajo/vnc99b2.txt.
41. Schoelkopf B.; and Smola A.J. Learning with Kernels 2002 The MIT Press Cambridge, MA
42. Shieh S.-P.; and Gligor V.D. On a pattern-oriented model for intrusion detection IEEE Transactions on Knowledge and Data Engineering 9 4 1997 661 667 (Pubitemid 127776411)
43. Sidiroglou S.; and Keromytis A.D. Countering network worms through automatic patch generation Security & Privacy 3 November-December (6) 2005 41 49 (Pubitemid 43060393)
44. Skoudis E.; and Zeltser L. Malware: Fighting Malicious Code 2003, November Prentce Hall PTR ISBN 0131014056
45. Symantec Virus Encyclopedia of Symantec 2009 http://www.symantec.com/ business/security-response
46. Thomas K.; and Nicol D.M. The Koobface Botnet and the rise of social malware 2010 5th International Conference on Malicious and Unwanted Software (Malware) Nacy, Lorraine, October 2010 63 70
47. Trend Micro Virus Encyclopedia of Trend Micro 2011 http://threatinfo. trendmicro.com/vinfo/virusencyclo
48. Tyree S.; Weinberger K.Q.; and Agrawal K. Parallel boosted regression trees for web search ranking International World Wide Web Conference 2011 Hyderabad, India, March/April 2011 ACM 387 396
49. Vapnik V.N. The Nature of Statistical Learning Theory: Information Science and Statistics 1999 Springer New York
50. Venter H.S.; Eloff J.H.P.; and Li Y.L. Standardizing vulnerability categories Computers and Security 27 May-June (3) 2008 71 83
51. Wagner C.; Wagener G.; State R.; and Engel T. Malware analysis with graph kernels and support vector machines 2009 4th International Conference on Malicious and Unwanted Software (Malware) Montreal, QC, October 2009 63 68
52. Walenstein A.; Hefner D.J.; and Wichers J. Header information in malware families and impact on automated classifiers 2010 5th International Conference on Malicious and Unwanted Software (Malware) Nacy, Lorraine, October 2010 15 22
53. Weaver N.; Paxson V.; Staniford S.; and Cunningham R. A taxonomy of computer worms Proceedings of The First ACM Workshop on Rapid Malcode (WORM'03) Washington, DC, USA, October 2003 ACM 11 18 (Pubitemid 40681805)
54. Willems C.; Holz T.; and Freiling F. CWSandbox: towards automated dynamic binary analysis Security and Privacy 5 March-April (2) 2007 32 39 (Pubitemid 46527386)
55. Williamson M.M. Throttling viruses: restricting propagation to defeat mobile malicious code Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC) Las Vegas, NV, December 2002 1 8
56. Ye J.; Chow J.H.; Chen J.; and Zheng Z.H. Stochastic gradient boosted distributed decision trees Proceeding of the 18th ACM Conference on Information and Knowledge Managment 2009 ACM 2061 2064