ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences

Lu, Huabiao; Zhao, Baokang; Wang, Fei; Su, Jinshu

doi:10.1016/j.mcm.2013.03.008

Cited by 17 publications

(9 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If a malware presents a new behavior (by new functionalities or by combining the features of existing malware), it is called a zero day malware. Malware variants refer to all new malware that are produced manually or automatically from any existing malware [4,5].…”

Section: Malwarementioning

confidence: 99%

See 1 more Smart Citation

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

Tajoddin

Jalili

2018

Applied Sciences

View full text Add to dashboard Cite

Abstract:Malware have been tremendously growing in recent years. Most malware use obfuscation techniques for evasion and hiding purposes, but they preserve the functionality and malicious behavior of original code. Although most research work has been mainly focused on program static analysis, some recent contributions have used program behavior analysis to detect malware at run-time. Extracting the behavior of polymorphic malware is one of the major issues that affects the detection result. In this paper, we propose HM 3 alD, a novel program behavior-aware hidden Markov model for polymorphic malware detection. The main idea is to use an effective clustering scheme to partition the program behavior of malware instances and then apply a novel hidden Markov model (called program behavior-aware HMM) on each cluster to train the corresponding behavior. Low-level program behavior, OS-level system call sequence, is mapped to high-level action sequence and used as transition triggers across states in program behavior-aware HMM topology. Experimental results show that HM 3 alD outperforms all current dynamic and static malware detection methods, especially in term of FAR, while using a large dataset of 6349 malware.

show abstract

Section: Malwarementioning

confidence: 99%

“…In this regard, many methods have been proposed that focus on detecting and classifying malware [1]. Due to the increasing growth of malware, anti-viruses are usually unable to completely detect them, because malware programs usually attempt to hide themselves using obfuscation methods so they are hard to detect by static analysis [4].…”

Section: Introductionmentioning

confidence: 99%

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

Tajoddin

Jalili

2018

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…ENDMal [31] is an anti-obfuscation, scalable and collaborative malware detection system. It consists of multiple monitors where each monitor takes charge of a network area and receives suspicious programs from endhost.…”

Section: Related Workmentioning

confidence: 99%

A Hybrid Real-time Zero-day Attack Detection and Analysis System

Kaur

Singh²

2015

IJCNIS

View full text Add to dashboard Cite

Abstract-A zero-day attack poses a serious threat to the Internet security as it exploits zero-day vulnerabilities in the computer systems. Attackers take advantage of the unknown nature of zero-day exploits and use them in conjunction with highly sophisticated and targeted attacks to achieve stealthiness with respect to standard intrusion detection techniques. Thus, it's difficult to defend against such attacks. Present research exhibits various issues and is not able to provide complete solution for the detection and analysis of zero-day attacks. This paper presents a novel hybrid system that integrates anomaly, behavior and signature based techniques for detecting and analyzing zero-day attacks in real-time. It has layered and modular design which helps to achieve high performance, flexibility and scalability. The system is implemented and evaluated against various standard metrics like True Positive Rate (TPR), False Positive Rate (FPR), FMeasure, Total Accuracy (ACC) and Receiver Operating Characteristic (ROC) curve. The result shows high detection rate with nearly zero false positives. Additionally, the proposed system is compared with Honeynet system.

show abstract

“…Some APT attacks contain Rootkit and acquire the root authority of a system. In addition, they hide the malware using Rootkit [8].…”

Section: Steps Followed By An Apt Attackmentioning

confidence: 99%

MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats

Moon

Lee

et al. 2014

Symmetry

View full text Add to dashboard Cite

Abstract:Here we report on the issue of Advanced Persistent Threats (APT), which use malware for the purpose of leaking the data of large corporations and government agencies. APT attacks target systems continuously by utilizing intelligent and complex technologies. To overthrow the elaborate security network of target systems, it conducts an attack after undergoing a pre-reconnaissance phase. An APT attack causes financial loss, information leakage, etc. They can easily bypass the antivirus system of a target system. In this paper, we propose a Multi-Layer Defense System (MLDS) that can defend against APT. This system applies a reinforced defense system by collecting and analyzing log information and various information from devices, by installing the agent on the network appliance, server and end-user. It also discusses how to detect an APT attack when one cannot block the initial intrusion while continuing to conduct other activities. Thus, this system is able to minimize the possibility of initial intrusion and damages of the system by promptly responding through rapid detection of an attack when the target system is attacked.

show abstract

ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences

Cited by 17 publications

References 16 publications

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

A Hybrid Real-time Zero-day Attack Detection and Analysis System

MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats

Contact Info

Product

Resources

About