The impact of malware evolution on the analysis methods and infrastructure

Cabaj, Krzysztof; Gawkowski, Piotr; Grochowski, Konrad; Nowikowski, Alexis; Żórawski, Piotr

doi:10.15439/2017f415

Cited by 3 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…O cenário apresentado aponta claramente que o aumento da utilização de dispositivos de IoT e o risco associado a esse tipo de ambiente são problemas relevantes de pesquisa. Uma abordagem bastante utilizada para coleta e análise de malwares são os honeypots e honeynets ( [Sochor and Zuzcak 2014], [Koniaris et al 2014] e [Pathan 2014]), porém, esses mesmos ambientes podem não ser capazes de capturar corretamente todo ciclo de infecção de um malware ou até passar a ser um ponto de origem de ataque às outras redes caso não tomados alguns cuidados [Agnaou et al 2016] e [Cabaj et al 2017].…”

Section: Introductionunclassified

HonIoT: Arquitetura de Honeynet com Controle de Propagação de Malwares para Dispositivos de IoT

Barea

Souza

Marcondes

et al. 2019

Anais Do Workshop De Segurança Cibernética Em Dispositivos Conectados (WSCDC)

View full text Add to dashboard Cite

É indicada a utilização de honeypots e honeynets para o estudo aprofundado do comportamento dos malwares para dispositivos de IoT, porém, alguns cuidados devem ser tomados garantindo que esses ambientes sejam capazes de detalhar corretamente todo ciclo de infecção dos malwares e não se tornem um ponto de origem de ataques às outras redes. Nessa linha, este trabalho apresenta o HonIoT, uma honeynet que suporta a inclusão de honeypots reais, emuladas ou virtualizadas, criando uma internet emulada que corresponde à parte atacada da rede, possibilitando o monitoramento completo de todo ciclo de infecção e propagação do malware. Testes preliminares apontaram boa capacidade deescalabilidade do ambiente e correta execução do fluxo de ações da honeynet.

show abstract

Section: Introductionunclassified

HonIoT: Arquitetura de Honeynet com Controle de Propagação de Malwares para Dispositivos de IoT

Barea

Souza

Marcondes

et al. 2019

Anais Do Workshop De Segurança Cibernética Em Dispositivos Conectados (WSCDC)

View full text Add to dashboard Cite

show abstract

A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware

et al. 2019

View full text Add to dashboard Cite

Ransomware is a type of advanced malware that has spread rapidly in recent years, causing significant financial losses for a wide range of victims, including organizations, healthcare facilities, and individuals. Modern host-based detection methods require the host to be infected first in order to identify anomalies and detect the malware. By the time of infection, it can be too late as some of the system's assets would have been already exfiltrated or encrypted by the malware. Conversely, the network-based methods can be effective in detecting ransomware attacks, as most ransomware families try to connect to command and control servers before their harmful payloads are executed. Therefore, a careful analysis of ransomware network traffic can be one of the key means for early detection. This paper demonstrates a comprehensive behavioral analysis of crypto ransomware network activities, taking Locky, one of the most serious families, as a case study. A dedicated testbed was built, and a set of valuable and informative network features were extracted and classified into multiple types. A network-based intrusion detection system was implemented, employing two independent classifiers working in parallel on different levels: packet and flow levels. The experimental evaluation of the proposed detection system demonstrates that it offers high detection accuracy, low false positive rate, valid extracted features, and is highly effective in tracking ransomware network activities.

show abstract

Getting Prepared for the Next Botnet Attack : Detecting Algorithmically Generated Domains in Botnet Command and Control

Kelley

Furey

2018

2018 29th Irish Signals and Systems Conference (ISSC)

View full text Add to dashboard Cite

The impact of malware evolution on the analysis methods and infrastructure

Cited by 3 publications

References 12 publications

HonIoT: Arquitetura de Honeynet com Controle de Propagação de Malwares para Dispositivos de IoT

HonIoT: Arquitetura de Honeynet com Controle de Propagação de Malwares para Dispositivos de IoT

A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware

Getting Prepared for the Next Botnet Attack : Detecting Algorithmically Generated Domains in Botnet Command and Control

Contact Info

Product

Resources

About