Malware target recognition of unknown threats

IEEE Systems Journal

Volumn 7, Issue 3, 2013, Pages 467-477

  Dube, Thomas E ^a   Raines, Richard A ^a   Grimaila, Michael R ^a   Bauer, Kenneth W ^a   Rogers, Steven K ^a  

^a Air Force Institute of Technology   (United States)

Author keywords

Advanced persistent threat; antivirus; intrusion detection; malware detection; situation awareness

Indexed keywords

ADVANCED PERSISTENT THREAT; ANTI VIRUS; ANTI-VIRUS SYSTEMS; ARCHITECTURAL COMPONENTS; MALWARE DETECTION; OPERATIONAL ENVIRONMENTS; SENSITIVE INFORMATIONS; SITUATION AWARENESS;

ARCHITECTURE; INTRUSION DETECTION; SOCIETIES AND INSTITUTIONS;

COMPUTER CRIME;

EID: 84880570808     PISSN: 19328184     EISSN: 19379234     Source Type: Journal    
DOI: 10.1109/JSYST.2012.2221913     Document Type: Article

References (32)

1. M. Christodorescu and S. Jha, "Testing malware detectors," in Proc. ACM SIGSOFT Int. Symp. Softw. Testing Analysis, Jul. 2004, pp. 34-44. (Pubitemid 41121375)
2. R. Bejtlich, "What APT is (and what it isn't)," Inform. Security, vol. 12, no. 6, pp. 20-24, 2010.
3. P. Szor, The Art of Computer Virus Research and Defense. Indianapolis, IN: Addison-Wesley, 2005.
4. D. Kong, Y. Jhi, T. Gong, S. Zhu, P. Liu, and H. Xi, "SAS: Semantics aware signature generation for polymorphic worm detection," Int. J. Inform. Security, vol. 10, no. 5, pp. 269-283, 2011.
5. T. Abou-Assaleh, N. Cercone, V. Keselj, and R. Sweidan, "N-grambased detection of new malicious code," in Proc. 28th Ann. Int. Comput. Softw. Appl. Conf., Sep. 2004, pp. 41-42. (Pubitemid 40680776)
6. O. Henchiri and N. Japkowicz, "A feature selection and evaluation scheme for computer virus detection," in Proc. IEEE 6th Int. Conf. Data Mining, Dec. 2006, pp. 891-895.
7. J. Kolter and M. Maloof, "Learning to detect malicious executables in the wild," in Proc. 10th ACM SIGKDD Int. Conf. Knowledge Discovery Data Mining, 2004, pp. 470-478. (Pubitemid 40114957)
8. J. Kolter and M. Maloof, "Learning to detect and classify malicious executables in the wild," J. Mach. Learning Res., vol. 7, pp. 2721-2744, Dec. 2006. (Pubitemid 46011490)
9. M. Schultz, E. Eskin, E. Zadok, and S. Stolfo, "Data mining methods for detection of new malicious executables," in Proc. IEEE Symp. Security Privacy, May 2001, pp. 38-49. (Pubitemid 32882625)
10. Norman ASA. (2009, Sep. 18). Norman Sandbox [Online]. Available: www.norman.com/technology/norman?sandbox/en-us
11. Sunbelt Software. (2009, Sep. 18). Sunbelt cwsandbox [Online]. Available: www.sunbeltsoftware.com/Developer/Sunbelt-CWSandbox/
12. ThreatExpert Ltd. (2009, Feb. 18). Automated Threat Analysis [Online]. Available: www.threatexpert.com/
13. M. Bailey, J. Oberheide, J. Andersen, and Z. Mao, "Automated classification and analysis of Internet malware," in Proc. 10th Int. Symp. Recent Adv. Intrusion Detection, 2007, pp. 178-197.
14. M. Christodorescu, S. Jha, and C. Kruegel, "Mining specifications of malicious behavior," in Proc. 6th Joint Meeting Eur. Softw. Eng. Conf. ACM SIGSOFT Symp. Found. Softw. Eng., Sep. 2007, pp. 5-14.
15. A. Dinaburg, P. Royal, M. Sharif, and W. Lee, "Ether: Malware analysis via hardware virtualization extensions," in Proc. 15th ACM Conf. Comput. Commun. Security, Apr. 2008, pp. 51-62.
16. T. Lee and J. J. Mody, "Behavioral classification," in Proc. EICAR, Apr. 2006, pp. 159-174.
17. A. Moser, C. Kruegel, and E. Kirda, "Limits of static analysis for malware detection," in Proc. ACSAC, 2007, pp. 421-430.
18. Symantec Corporation, "Understanding heuristics: Symantec's bloodhound technology," Symantec White Paper Series, vol. XXXIV, no. 1, pp. 1-14, 1997.
19. T. Dube, R. Raines, G. Peterson, K. Bauer, M. Grimaila, and S. Rogers, "Malware target recognition via static heuristics," J. Comput. Security, vol. 31, no. 1, pp. 137-147, 2011.
20. M. Christodorescu, N. Kidd, and W.-H. Goh, "String analysis for x86 binaries," ACM SIGSOFT Softw. Eng. Notes, vol. 31, no. 1, p. 95, 2006.
21. N. Rafiq and Y. Mao, "Improving heuristics," Virus Bull., pp. 9-12, Aug. 2008.
22. S. Treadwell and M. Zhou, "A heuristic approach for detection of obfuscated malware," in Proc. Intell. Security Inform., Jun. 2009, pp. 291-299.
23. J. O. Kephart and B. Arnold, "Automatic extraction of computer virus signatures," in Proc. 4th Virus Bull. Int. Conf., 1994, pp. 178-184.
24. W. Arnold and G. Tesauro, "Automatically generated Win32 heuristic virus detection," in Proc. Virus Bull. Conf., Sep. 2000, pp. 51-60.
25. G. Tesauro, J. Kephart, and G. Sorkin, "Neural networks for computer virus recognition," IEEE Expert, vol. 11, no. 4, pp. 5-6, Aug. 1996. (Pubitemid 126796873)
26. W. W. Cohen, "Fast effective rule induction," in Proc. 12th Int. Conf. Mach. Learning, 1995, pp. 115-123.
27. M. Christodorescu and S. Jha, "Static analysis of executables to detect malicious patterns," in Proc. 12th USENIX Security Symp., 2003, pp. 169-186.
28. C. Collberg, C. Thomborson, and D. Low, "A taxonomy of obfuscating transformations," Dept. Comput. Sci., Univ. Auckland, Auckland, New Zealand, Tech. Rep. 148, Jul. 1997.
29. U.S. Government. (2006, Jan.). Department of Defense (DOD) Information Operations Condition (INFOCON) System Procedures [Online]. Available: http://info.publicintelligence.net/StrategicCommandDirective527-1? 27JAN2006InformationOperations Condition-INFOCON-System.pdf
30. MathWorks, Inc. (2010, May 12). TreeBagger [Online]. Available: www. mathworks.com/help/toolbox/stats/treebagger.html
31. Microsoft Corporation. (2009, Dec. 23). Microsoft Portable Executable and Common Object File Format Specification [Online]. Available: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
32. VX Heavens. (2010, Apr. 15). Virus Collection [Online]. Available: vx. netlux.org/vl.php