Automatic generation of remediation procedures for malware infections

Proceedings of the 19th USENIX Security Symposium

Volumn , Issue , 2010, Pages 419-434

  Paleari, Roberto ^a   Martignoni, Lorenzo ^b   Passerini, Emanuele ^a   Davidson, Drew ^c   Fredrikson, Matt ^c   Giffin, Jon ^d   Jha, Somesh ^c  

^a UNIVERSITY OF MILAN   (Italy)

^b UNIVERSITY OF UDINE   (Italy)

^c Department of Zoology   (United States)

^d GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK SECURITY; REMEDIATION;

AUTOMATIC GENERATION; HIGH COSTS; INFECTED SYSTEMS; LARGE GROUPS; MALWARE DETECTION; REINSTALLATION; REMEDIATION PROCEDURES; UNSTABLE STATE;

MALWARE;

EID: 84875853858     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (21)

1. U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A tool for analyzing malware. In 15th European Institute for Computer Antivirus Research (EICAR) Annual Conference, Hamburg, Germany, Apr. 2006.
2. U. Bayer, P. Milani, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior-based malware clustering. In 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.
3. F. Bellard. QEMU, a fast and portable dynamic translator. http://fabrice.bellard.free.fr/qemu/.
4. M. Christodorescu, C. Kruegel, and S. Jha. Mining specifications of malicious behavior. In 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ES-EC/FSE), Dubrovnik, Croatia, 2007.
5. M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado. Bouncer: Securing software by blocking bad input. In 21st ACM Symposium on Operating Systems Principles (SOSP), 2007.
6. P. Foggia. The vflib graph matching library, version 2.0. http://amalfi.dis.unina.it/graph/db/vflib-2.0/.
7. F. Hsu, H. Chen, T. Ristenpart, J. Li, and Z. Su. Back to the future: A framework for automatic malware removal and system repair. In 22nd Annual Computer Security Applications Conference (ACSAC), 2006.
8. C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang. Effective and efficient malware detection at the end host. In USENIX Security Symposium, 2009.
9. Z. Li, M. Sanghi, Y. Chen, M.-Y. Kao, and B. Chavez. Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In IEEE Symposium on Security and Privacy, Oakland, California, 2006.
10. Z. Liang, V. N. Venkatakrishnan, and R. Sekar. Isolated program execution: An application transparent approach for executing untrusted programs. In 19th Annual Computer Security Applications Conference (ACSAC), 2003.
11. L. Martignoni, E. Stinson, M. Fredrikson, S. Jha, and J. C. Mitchell. A layered architecture for detecting malicious behaviors. In International Symposium on Recent Advances in Intrusion Detection (RAID), Sept. 2008.
12. A. Moser, C. Kruegel, and E. Kirda. Exploring multiple execution paths for malware analysis. In IEEE Symposium on Security and Privacy, Oakland, California, 2007.
13. A. Moser, C. Kruegel, and E. Kirda. Limits of static analysis for malware detection. In 23rd Annual Computer Security Applications Conference (ACSAC), 2007.
14. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In IEEE Symposium on Security and Privacy, Oakland, California, 2005.
15. E. Passerini, R. Paleari, and L. Martignoni. How good are malware detectors at remediating infected systems? In 6th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Como, Italy, July 2009.
16. M. D. Preda, M. Christodorescu, S. Jha, and S. Debray. A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems, 30(5):25.1–25.54, Aug. 2008.
17. A. Raman, P. Andreae, and J. Patrick. A beam search algorithm for PFSA inference. Pattern Analysis and Applications, 1(2):121–129, 1998.
18. K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov. Learning and classification of malware behavior. In 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2008.
19. W. Sun, Z. Liang, R. Sekar, and V. N. Venkatakrishnan. One-way isolation: An effective approach for realizing safe execution environments. In 12th Symposium on Network and Distributed Systems Security (NDSS), 2005.
20. V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An architecture for generating semantics-aware signatures. In 14th USENIX Security Symposium, Baltimore, MD, 2005.
21. H. Yin, D. Song, M. Egele, E. Kirda, and C. Kruegel. Panorama: Capturing system-wide information flow for malware detection and analysis. In 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, 2007.