Growing grapes in your computer to defend against malware

IEEE Transactions on Information Forensics and Security

Volumn 9, Issue 2, 2014, Pages 196-207

  Shan, Zhiyong ^a   Wang, Xin ^b  

^a RENMIN UNIVERSITY OF CHINA   (China)

^b Stony Brook University   (United States)

Author keywords

behavior; Malware detection; OS level information flow

Indexed keywords

BEHAVIOR; BEHAVIOR TEMPLATES; BEHAVIOR-BASED DETECTION; COMBINATORIAL OPTIMIZATION ALGORITHM; FALSE POSITIVE RATES; INFORMATION FLOWS; MALWARE DETECTION; PERFORMANCE IMPACT;

ALGORITHMS; ENGINES; TEMPLATE MATCHING;

COMPUTER CRIME;

EID: 84893366993     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2013.2291066     Document Type: Article

References (35)

1. M. Fredrikson, S. Jha, M. Christodorescu, R. Sailer, and X. Yan, "Synthesizing near-optimal malware specifications from suspicious behaviors," in Proc. IEEE Symp. Sec. Privacy, Berkeley, CA, USA, Apr. 2010, pp. 45-60.
2. A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda, "AccessMiner: Using system-centric models for malware protection," in Proc. 17th ACM CCS, Chicago, IL, USA, Oct. 2010, pp. 399-412.
3. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes," in Proc. IEEE Symp. Sec. Privacy, Oakland, CA, USA, May 1996, pp. 120-128.
4. P. Szor, The Art of Computer Virus Research and Defense. Reading, MA, USA: Addison-Wesley, 2005.
5. M. Howard. (2003). Fending Off Future Attacks by Reducing Attack Surface [Online]. Available: http://msdn.microsoft.com/enus/library/ms972812.aspx
6. (2013, Dec. 10). Microsoft Security Bulletins [Online]. Available: http://www.microsoft.com/technet/security/current.aspx
7. Symantec, Inc., Mountain View, CA, USA. (2012, Aug.). Threats List [Online]. Available: http://www.symantec.com/business/security-response/ threatexplorer/threats.jsp
8. Y.-M. Wang, R. Roussev, C. Verbowski, A. Johnson, M.-W. Wu, Y. Huang, et al., "Gatekeeper: Monitoring auto-start extensibility points (ASEPs) for spyware management," in Proc. 18th LISA Syst. Admin. Conf., vol. 4. Nov. 2004, pp. 33-46.
9. C. C. Michael and A. Ghosh, "Simple, state based approaches to program-based anomaly detection," ACM Trans. Inf. Syst. Sec., vol. 5, no. 3, pp. 203-237, Aug. 2002.
10. S. T. King and P. M. Chen, "Backtracking intrusions," in Proc. ACM Symp. Oper. Syst. Principles, 2003, pp. 223-236. (Pubitemid 40929699)
11. J. Xu, A. H. Sung, P. Chavez, and S. Mukkamala, "Polymorphic malicious executable scanner by API sequence analysis," in Proc. 4th Int. Conf. HIS, Dec. 2004, pp. 378-383. (Pubitemid 41718815)
12. S. A. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls," J. Comput. Sec., vol. 6, no. 3, pp. 151-180, Jan. 1998.
13. W. Lee and S. J. Stolfo, "Data mining approaches for intrusion detection," in Proc. 7th USENIX Sec. Symp., vol. 7. 1998, pp. 1-6.
14. S. Mukkamala, A. Sung, D. Xu, and P. Chavez, "Static analyzer for vicious executables (SAVE)," in Proc. 20th ACSAC, 2004, pp. 326-334. (Pubitemid 40931087)
15. D. Kang, D. Fuller, and V. Honavar, "Learning classifiers for isuse and anomaly detection using a bag of system calls representation," in Proc. 6th IEEE Syst. Man Cybern. IAW, Jan. 2005, pp. 1-8.
16. E. Larkin, Top Internet Security Suites: Paying for Protection. NewYork, NY, USA: PC Mag., Jan. 2009.
17. K. Farhadi, Z. Li, A. Goel, K. Po, and E. Lara, "The taser intrusion recovery system," in Proc. 20th ACM SOSP, Dec. 2005, pp. 163-176. (Pubitemid 44892211)
18. N. Zhu and T. Chiueh. "Design, implementation, and evaluation of repairable file service," in Proc. 21st ICDE, 2003, pp. 1024-1035.
19. (2013, Nov. 13). Offensive Computing [Online]. Available: http://www.offensivecomputing.net/
20. Z. Shan, X. Wang, T. Chiueh, and X. Meng, "Safe side effects commitment for OS-level virtualization," in Proc. 8th ACM Int. Conf. Auto. Comput., 2011, pp. 111-120.
21. D. Gao, M. K. Reiter, and D. Song, "Gray-box extraction of execution graphs for anomaly detection,"in Proc. 11thACMCCS, 2004, pp. 318-329. (Pubitemid 40338213)
22. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, "Panorama: Capturing system-wide information flow for malware detection and analysis," in Proc. 14th ACM Conf. CCS, Oct. 2007, pp. 116-127.
23. R. Sekar, M. Bendre, P. Bollineni, and D. Dhurjati, "A fast automatonbased approach for detecting anomalous program behaviors," in Proc. IEEE Symp. Sec. Privacy, Jan. 2001, pp. 144-155. (Pubitemid 32882633)
24. T. Holz, C. Willems, K. Rieck, P. Duessel, and P. Laskov, "Learning and classification of malware behavior," in Proc. 5th Conf. DIMVA, Jun. 2008, pp. 108-125.
25. L. Martignoni, E. Stinson, M. Fredrikson, S. Jha, and J. C. Mitchell, "A layered architecture for detecting malicious behaviors," in Proc. 11th Int. Symp. Recent Adv. Intrusion Detection, Cambridge, MA, USA, Sep. 2008, pp. 1-20.
26. H. Feng, O. Kolesnikov, P. Folga, W. Lee, and W. Gong, "Anomaly detection using call stack information," in Proc. IEEE Symp. Sec. Privacy, May 2003, pp. 62-75.
27. M. Egele, P. Wurzinger, C. Kruegel, and E. Kirda, "Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks," in Proc. 6th Int. Conf. Detection Intrusions Malware, Vulnerabil. Assessment, Como, Italy, Jul. 2009, pp. 88-106.
28. O. Sukwong, H. Kim, and J. Hoe, "An empirical study of commercial antivirus software effectiveness," Ph.D. dissertation, Dept. Electr. Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA, USA, Jun. 2010.
29. M. Christodorescu, S. Jha, and C. Kruegel, "Mining specifications of malicious behavior," in Proc. 6th Eur. Softw. Eng. Conf. ACM SIGSOFT Symp. Found. Softw. Eng., 2007, pp. 5-14.
30. C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Zhou, and X. Wang, "Effective and efficient malware detection at the end host," in Proc. USENIX Sec. Symp., 2009, pp. 351-366.
31. N. Li, Z. Mao, and H. Chen, "Usable mandatory integrity protection for operating systems," in Proc. IEEE Symp. Sec. Privacy, 2007, pp. 1-15.
32. E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. Kemmerer, "Behaviorbased spyware detection," in Proc. USENIX Sec. Symp., San Diego, CA, USA, Feb. 2006, pp. 1-19.
33. A. Bose, X. Hu, K. G. Shin, and T. Park, "Behavioral detection of malware on mobile handsets," in Proc. 6th Int. Conf. Mobile Syst., Appl., Services, Breckenridge, CO, USA, Jun. 2008, pp. 225-238.
34. I. Burguera, U. Zurutuza, and S. N. Tehrani, "Crowdroid: Behaviorbased malware detection system for Android," in Proc. 1st ACM Workshop Sec. SPSMD, 2011, pp. 15-26.
35. PC Magazine, New York, NY, USA. (2013). PC Magazine Benchmarks [Online]. Available: http://www.pcmag.com/encyclopedia-term/0,2542,t=WebBenchi=48947,00. asp