Effective and efficient malware detection at the end host

Proceedings of the 18th USENIX Security Symposium

Volumn , Issue , 2009, Pages 351-366

  Kolbitsch, Clemens ^a   Comparetti, Paolo Milani ^a   Kruegel, Christopher ^b   Kirda, Engin ^c   Zhou, Xiaoyong ^d   Wang, XiaoFeng ^d  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c EURECOM   (France)

^d INDIANA UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SYSTEM FIREWALLS; DENIAL-OF-SERVICE ATTACK; NETWORK SECURITY;

ANTIVIRUS SOFTWARES; CONTROLLED ENVIRONMENT; DETECTION APPROACH; DYNAMIC DETECTION; INFORMATION FLOWS; MALWARE DETECTION; RUNTIME BEHAVIORS; VIRTUAL MACHINE TECHNOLOGY;

COMPUTER VIRUSES;

EID: 85076206522     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (56)

1. ANUBIS. http://anubis.iseclab.org, 2009.
2. AGRAWAL, H., AND HORGAN, J. Dynamic Program Slicing. In Conference on Programming Language Design and Implementation (PLDI) (1990).
3. B. COLLINS-SUSSMAN, B. W. FITZPATRICK AND C. M. PILATO. Version Control with Subversion. http://svnbook.red-bean.com/en/1.5/svn-book.html, 2008.
4. BAECHER, P., KOETTER, M., HOLZ, T., DORNSEIF, M., AND FREILING, F. The Nepenthes Platform: An Efficient Approach To Collect Malware. In Recent Advances in Intrusion Detection (RAID) (2006).
5. BAILEY, M., OBERHEIDE, J., ANDERSEN, J., MAO, Z., JAHANIAN, F., AND NAZARIO, J. Automated Classification and Analysis of Internet Malware. In Symposium on Recent Advances in Intrusion Detection (RAID) (2007).
6. BAYER, U., KRUEGEL, C., AND KIRDA, E. TTAnalyze: A Tool for Analyzing Malware. In Annual Conference of the European Institute for Computer Antivirus Research (EICAR) (2006).
7. BAYER, U., MILANI COMPARETTI, P., HLAUSCHEK, C., KRUEGEL, C., AND KIRDA, E. Scalable, Behavior-Based Malware Clustering. In Network and Distributed System Security Symposium (NDSS) (2009).
8. BRUSCHI, D., MARTIGNONI, L., AND MONGA, M. Detecting Self-Mutating Malware Using Control Flow Graph Matching. In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) (2006).
9. CHRISTODORESCU, M., AND JHA, S. Static Analysis of Executables to Detect Malicious Patterns. In Usenix Security Symposium (2003).
10. CHRISTODORESCU, M., AND JHA, S. Testing Malware Detectors. In ACM International Symposium on Software Testing and Analysis (ISSTA) (2004).
11. CHRISTODORESCU, M., JHA, S., AND KRUEGEL, C. Mining Specifications of Malicious Behavior. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (2007).
12. CHRISTODORESCU, M., JHA, S., SESHIA, S., SONG, D., AND BRYANT, R. Semantics-Aware Malware Detection. In IEEESymposium on Security and Privacy (2005).
13. COZZIE, A., STRATTON, F., XUE, H., AND KING, S. Digging For Data Structures . In Symposium on Operating Systems Design and Implementation (OSDI) (2008).
14. DAGON, D., GU, G., LEE, C., AND LEE, W. A Taxonomy of Botnet Structures. In Annual Computer Security Applications Conference (ACSAC) (2007).
15. EGELE, M., KRUEGEL, C., KIRDA, E., YIN, H., AND SONG, D. Dynamic Spyware Analysis. In Usenix Annual Technical Conference (2007).
16. FELT, A., PAUL, N., EVANS, D., AND GURUMURTHI, S. Disk Level Malware Detection. In Poster: 15th Usenix Security Symposium (2006).
17. FOGLA, P., SHARIF, M., PERDISCI, R., KOLESNIKOV, O., AND LEE, W. Polymorphic Blending Attacks. In 15th Usenix Security Symposium (2006).
18. FORREST, S., HOFMEYR, S., SOMAYAJI, A., AND LONGSTAFF, T. A Sense of Self for Unix Processes. In IEEE Symposium on Security and Privacy (1996).
19. GU, G., PERDISCI, R., ZHANG, J., AND LEE, W. Bot-Miner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In 17th Usenix Security Symposium (2008).
20. GU, G., PORRAS, P., YEGNESWARAN, V., FONG, M., AND LEE, W. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In 16th Usenix Security Symposium (2007).
21. KINDER, J., KATZENBEISSER, S., SCHALLHART, C., AND VEITH, H. Detecting Malicious Code by Model Checking. In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) (2005).
22. KIRDA, E., KRUEGEL, C., BANKS, G., VIGNA, G., AND KEM-MERER, R. Behavior-based Spyware Detection. In 15th Usenix Security Symposium (2006).
23. KRUEGEL, C., KIRDA, E., MUTZ, D., ROBERTSON, W., AND VIGNA, G. Automating Mimicry Attacks Using Static Binary Analysis. In 14th Usenix Security Symposium (2005).
24. KRUEGEL, C., KIRDA, E., MUTZ, D., ROBERTSON, W., AND VIGNA, G. Polymorphic Worm Detection Using Structural Information of Executables. In Symposium on Recent Advances in Intrusion Detection (RAID) (2005).
25. KRUEGEL, C., ROBERTSON, W., AND VIGNA, G. Detecting Kernel-Level Rootkits Through Binary Analysis. In Annual Computer Security Applications Conference (ACSAC) (2004).
26. LI, W., STOLFO, S., STAVROU, A., ANDROULAKI, E., AND KEROMYTIS, A. A Study of Malcode-Bearing Documents. In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) (2007).
27. LI, W., WANG, K., STOLFO, S., AND HERZOG, B. Fileprints: Identifying File Types by N-Gram Analysis. In IEEEInformation Assurance Workshop (2005).
28. LI, Z., WANG, X., LIANG, Z., AND REITER, M. AGIS: Automatic Generation of Infection Signatures. In Conference on Dependable Systems and Networks (DSN) (2008).
29. MARTIGNONI, L., STINSON, E., FREDRIKSON, M., JHA, S., AND MITCHELL, J. C. A Layered Architecture for Detecting Malicious Behaviors. In Symposium on Recent Advances in Intrusion Detection (RAID) (2008).
30. MOSER, A., KRUEGEL, C., AND KIRDA, E. Limits of Static Analysis for Malware Detection . In 23rd Annual Computer Security Applications Conference (ACSAC) (2007).
31. MOSHCHUK, A., BRAGIN, T., GRIBBLE, S., AND LEVY, H. A Crawler-based Study of Spyware on the Web. In Network and Distributed Systems Security Symposium (NDSS) (2006).
32. NEWSOME, J., KARP, B., AND SONG, D. Polygraph: Automatically Generating Signatures for Polymorphic Worms. In IEEE Symposium on Security and Privacy (2005).
33. PAXSON, V. Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31 (1999).
34. POLYCHRONAKIS, M., MAVROMMATIS, P., AND PROVOS, N. Ghost turns Zombie: Exploring the Life Cycle of Web-based Malware. In Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008).
35. PROVOS, N., MAVROMMATIS, P., RAJAB, M., AND MONROSE, F. All Your iFrames Point to Us. In 17th Usenix Security Symposium (2008).
36. RAFFETSEDER, T., KRUEGEL, C., AND KIRDA, E. Detecting System Emulators. In Information Security Conference (ISC) (2007).
37. RAJAB, M., ZARFOSS, J., MONROSE, F., AND TERZIS, A. A Multifaceted Approach to Understanding the Botnet Phenomenon. In Internet Measurement Conference (IMC) (2006).
38. REITER, M., AND YEN, T. Traffic aggregation for malware detection. In Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) (2008).
39. RIECK, K., HOLZ, T., WILLEMS, C., DUESSEL, P., AND LASKOV, P. Learning and classification of malware behavior. In Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) (2008).
40. ROYAL, P., HALPIN, M., DAGON, D., EDMONDS, R., AND LEE, W. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. In Annual Computer Security Application Conference (ACSAC) (2006).
41. SINGH, S., ESTAN, C., VARGHESE, G., AND SAVAGE, S. Automated Worm Fingerprinting. In Symposium on Operating Systems Design and Implementation (OSDI) (2004).
42. SMALL, S., MASON, J., MONROSE, F., PROVOS, N., AND STUBBLEFIELD, A. To Catch A Predator: A Natural Language Approach for Eliciting Malicious Payloads. In 17th Usenix Security Symposium (2008).
43. SPITZNER, L. Honeypots: Tracking Hackers. Addison-Wesley, 2002.
44. STINSON, E., AND MITCHELL, J. C. Characterizing bots’ remote control behavior. In Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (2007).
45. SUN, W., LIANG, Z., VENKATAKRISHNAN, V., AND SEKAR, R. One-way Isolation: An Effective Approach for Realizing Safe Execution Environments. In Network and Distributed Systems Symposium (NDSS) (2005).
46. SZOR, P. The Art of Computer Virus Research and Defense. Addison Wesley, 2005.
47. VASUDEVAN, A., AND YERRABALLI, R. Cobra: Fine-grained Malware Analysis using Stealth Localized-Executions. In IEEE Symposium on Security and Privacy (2006).
48. WAGNER, D., AND DEAN, D. Intrusion Detection via Static Analysis. In IEEE Symposium on Security and Privacy (2001).
49. WANG, H., JHA, S., AND GANAPATHY, V. NetSpy: Automatic Generation of Spyware Signatures for NIDS. In Annual Computer Security Applications Conference (ACSAC) (2006).
50. WANG, K., AND STOLFO, S. Anomalous Payload-based Network Intrusion Detection. In Symposium on Recent Advances in Intrusion Detection (RAID) (2005).
51. WANG, Y., BECK, D., JIANG, X., ROUSSEV, R., VERBOWSKI, C., CHEN, S., AND KING, S. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In Network and Distributed System Security Symposium (NDSS) (2006).
52. WANG, Y., BECK, D., VO, B., ROUSSEV, R., AND VERBOWSKI, C. Detecting Stealth Software with Strider Ghost-buster. In Conference on Dependable Systems and Networks (DSN) (2005).
53. WEISER, M. Program Slicing. In International Conference on Software Engineering (ICSE) (1981).
54. WILLEMS, C., HOLZ, T., AND FREILING, F. Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy 2, 2007 (5).
55. YIN, H., SONG, D., EGELE, M., KRUEGEL, C., AND KIRDA, E. Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In ACM Conference on Computer and Communication Security (CCS) (2007).
56. ZHANG, X., GUPTA, R., AND ZHANG, Y. Precise dynamic slicing algorithms. In International Conference on Software Engineering (ICSE) (2003).