Pinpointing Malicious Activities through Network and System-Level Malware Execution Behavior

Grégio, André; Afonso, Vitor Monte; Filho, Dario Simões Fernandes; Geus, Paulo Lício de; Jino, Mário; Santos, Rafael

doi:10.1007/978-3-642-31128-4_20

Cited by 4 publications

(2 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The behavior of any program can be considered as the set of actions it performs during execution; in case of malware, the entire behavior is suspicious, since each of the performed actions may be a step of an infection procedure [8]. Thus, we propose that a given program behaves suspiciously if it presents one or more of the six "events" described below.…”

Section: A Suspicious Behaviormentioning

confidence: 99%

Ontology for malware behavior: A core model proposal

Grecio

Bonacin

Nabuco

et al. 2014

2014 IEEE 23rd International WETICE Conference

Self Cite

View full text Add to dashboard Cite

The ubiquity of Internet-connected devices motivates attackers to create malicious programs (malware) to exploit users and their systems. Malware detection requires a deep understanding of their possible behaviors, one that is detailed enough to tell apart suspicious programs from benign, legitimate ones. A step to effectively address the malware problem leans toward the development of an ontology. Current efforts are based on an obsolete hierarchy of malware classes that defines a malware family by one single prevalent behavior (e.g., viruses infect other files, worms spread and exploit remote systems autonomously, Trojan horses disguise themselves as benign programs, and so on). In order to address the detection of modern, complex malware families whose infections involve sets of multiple exploit methods, we need an ontology broader enough to deal with these suspicious activities performed on the victim's system. In this paper, we propose a core model for a novel malware ontology that is based on their exhibited behavior, filling a gap in the field.

show abstract

Section: A Suspicious Behaviormentioning

confidence: 99%

Ontology for malware behavior: A core model proposal

Grecio

Bonacin

Nabuco

et al. 2014

2014 IEEE 23rd International WETICE Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…We based our inference rules and risk values on already defined behaviors extracted from malware captured in the wild. Most of these behaviors (and the associated rules derived from them) were described by [3], where the authors evaluated over 10 thousand malware samples to pinpoint malicious activities.…”

Section: Risks and Inference Rulesmentioning

confidence: 99%

An ontology of suspicious software behavior

Grégio

Bonacin

Marchi

et al. 2016

Self Cite

View full text Add to dashboard Cite

Malicious programs have been the main actors in complex, sophisticated attacks against nations, governments, diplomatic agencies, private institutions and people. Knowledge about malicious program behavior forms the basis for constructing more secure information systems. In this article, we introduce MBO, a Malicious Behavior Ontology that represents complex behaviors of suspicious executions, and through inference rules calculates their associated threat level for analytical proposals. We evaluate MBO using over two thousand unique known malware and 385 unique known benign software. Results highlight the representativeness of the MBO for expressing typical malicious activities.

show abstract