BazEkon - Biblioteka Główna Uniwersytetu Ekonomicznego w Krakowie

BazEkon home page

Meny główne

Autor
Jasiul Bartosz (Military Communication Institute), Śliwa Joanna (Military Communication Institute), Gleba Kamil (Military Communication Institute), Szpyrka Marcin (AGH University of Science and Technology Kraków, Poland)
Tytuł
Identification of malware activities with rules
Źródło
Annals of Computer Science and Information Systems, 2014, vol. 2, s. 101-110, rys., bibliogr. 38 poz.
Słowa kluczowe
Szkodliwe oprogramowanie, Oprogramowanie, Informatyka, Wirusy komputerowe
Malware, Software, Information science, Computer viruses
Uwagi
summ.
Abstrakt
The article describes the method of malware activities identification using ontology and rules. The method supports detection of malware at host level by observing its behavior. It sifts through hundred thousands of regular events and allows to identify suspicious ones. They are then passed on to the second building block responsible for malware tracking and matching stored models with observed malicious actions. The presented method was implemented and verified in the infected computer environment. As opposed to signature-based antivirus mechanisms it allows to detect malware the code of which has been obfuscated.(original abstract)
Pełny tekst
Pokaż
Bibliografia
Pokaż
  1. Adair S., Deibert R., Rohozinski R., Villeneuve N., and Walton G., Shadows in the cloud: Investigating Cyber Espionage 2.0, 2010, Information Warfare Monitor Shadowserver Foundation, http://shadows-in-the-cloud.net
  2. Antoniou G. and van Harmelen F., A Semantic Web P rimer. Cambridge, England: The MIT Press, 2008.
  3. API hooking revealed, http://www.codeproject.com/Articles/2082/API-hooking-revealed
  4. ARAKIS, http://www.arakis.pl
  5. Bereziński P., Szpyrka M., Jasiul B., and Mazur M., "Network anomaly detection using parameterized entropy," in CISIM 2014, ser. LNCS, K. Saeed and V. Snášel, Eds. Springer, 2014, vol. 8838, pp. 473-486.
  6. Bobek S., Porzycki K., and Nalepa G., "Learning sensors usage patterns in mobile context-aware systems," in Proceedings of the Federated Conference on Computer Science and Information Systems - FedCSIS, IEEE, 2013, pp. 993-998.
  7. Choraś M., Kozik R., Piotrowski R., Brzostek J., and Hołubowicz W., "Network events correlation for federated networks protection system," in Towards a Service-Based Internet, LNCS, Springer, 2011, vol. 6994, pp. 100-111. http://dx.doi.org/10.1007/978-3-642-24755-2_9
  8. Conti M., Di Pietro R., Mancini L., and Mei A., "Mobility and cooperation to thwart node capture attacks in MANETs," EURASIP J. Wirel. Commun. Netw., vol. 2009, no. 1, pp. 8:1-8:13, 2009. http://dx.doi.org/10.1155/2009/945943
  9. EasyHook, http://easyhook.codeplex.com/
  10. Gostev A., Kaspersky Security Bulletin: Statistics 2008, http://www.securelist.com/en/analysis/204792052/
  11. Horrocks I., Patel-Schneider P., Boley H., Tabet S., Grosof B., and Dean M., SWRL: A Semantic Web Rule Language. Combining OWL and RuleML, http://www.w3.org/Submission/SWRL/
  12. Jasiul B., Piotrowski R., Bereziski P., Choraś M., Kozik R., and Brzostek J., "Federated Cyber Defence System - applied methods and techniques," in 2012 Military Communications and Information Systems Conference, MCC 2012, 2012, pp. 145-150.
  13. Jasiul B., Szpyrka M., and Śliwa J., "Malware behavior modeling with Colored Petri nets," in CISIM 2014, ser. LNCS, K. Saeed and V. Snášel, Eds. Springer, 2014, vol. 8838, pp. 667-679.
  14. Jensen K. and Kristensen L., Coloured Petri Nets: Modelling and Validation of Concurrent Systems, 1st ed. Springer, 2009.
  15. Maslennikov D. and Namestnikov Y., Kaspersky Security Bulletin. The overall statistics for 2012, http://www.securelist.com/en/analysis/204792255/
  16. McAfee and HB Garry Solution Brief. Extend McAfee Total Protection for Endpoint with HBGary Digital DNA and Responder, http://www.mcafee.com/us/resources/solution-briefs/sb- hbgary.pdf
  17. Microsoft Technet - Sysinternals, http://technet.microsoft.com/en-us/sysinternals/
  18. Nalepa G. and Bobek S., "Rule-based solution for context-aware reasoning on mobile devices," Computer Science and Information Systems, vol. 11, no. 1, pp. 171-193, 2014.
  19. Netfilter, http://www.netfilter.org/
  20. Protégé - ontology editor and knowledge-base framework, http://protege.stanford.edu/
  21. Raiu C., Virus News: 2012 by the numbers, http://www.kaspersky.com/
  22. Russinovich M. and Cogswell B., Process Monitor v3.05, http://technet.microsoft.com/pl-pl/sysinternals/bb896645.aspx
  23. Russinovich M. and Margosis A., Windows Sysinternals Administrator's Reference. Redmond, Washington, USA: Microsoft Press, 2011.
  24. Sirin E., Parsia B., Cuenca Grau B., Kalyanpur A., and Katz Y., "Pellet: A practical OWL-DL reasoner," in Web Semantics: Science, Services and Agents on the World Wide Web, vol. 5, 2007, pp. 51 - 53. http://dx.doi.org/10.1016/j.websem.2007.03.004
  25. SNORT, http://www.snort.org/
  26. Szpyrka M. and Szmuc T., "Decision tables in Petri net models," in Rough Sets and Intelligent Systems Paradigms, LNCS, Springer, 2007, vol. 4585, pp. 648-657. http://dx.doi.org/10.1007/978-3-540-73451-2_68
  27. Szpyrka M., "Analysis of VME-Bus communication protocol - RTCPnet approach," Real-Time Systems, vol. 35, no. 1, pp. 91- 108, 2007. http://dx.doi.org/10.1007/s11241-006-9003-0
  28. Szpyrka M., "Exclusion rule-based systems - case study," in Computer Science and Information Technology, IMCSIT, 2008, pp. 237-242. http://dx.doi.org/10.1109/IMCSIT.2008.4747245
  29. Szpyrka M., Jasiul B., Wrona K., and Dziedzic F., "Telecommunications networks risk assessment with Bayesian networks," in Computer Information Systems and Industrial Management, LNCS, Springer, 2013, vol. 8104, pp. 277-288. http://dx.doi.org/10.1007/978-3-642-40925-7_26
  30. Szwed P. and Skrzyński P., "A new lightweight method for security risk assessment based on fuzzy cognitive maps," Applied Mathematics and Computer Science, vol. 24, no. 1, pp. 213-225, 2014. http://dx.doi.org/10.2478/amcs-2014-0016
  31. Śliwa J. and Amanowicz M., "A mediation service for web services provision in tactical disadvatnaged environment," in IEEE Military Communications Conference, MILCOM, 2008, pp. 1-7. http://dx.doi.org/10.1109/MILCOM.2008.4753323
  32. Śliwa J. and Jasiul B., "Efficiency of dynamic content adaptation based on semantic description of web service call context," in Proceedings - IEEE Military Communications Conference MILCOM 2012, Orlando, USA, 2012, pp. 1-6. http://dx.doi.org/10.1109/MILCOM.2012.6415810
  33. Śliwa J., Gleba K., Chmiel W., Szwed P., and Głowacz A., " IOEM - Ontology engineering methodology for large systems," in Computational Collective Intelligence. Technologies and Applications, LNCS, Springer, 2011, vol. 6922, pp. 602-611. http://dx.doi.org/10.1007/978-3-642-23935-9_59
  34. Takeshi A., Masaki K., and Murakami T., Cyber Security Trend - Annual Review 2012, http://www.nri-secure.co.jp/news/2012/pdf/cyber _security_trend_report_en.pdf
  35. Tarapata Z., Chmielewski M., and Kasprzyk R., "An algorithmic approach to social knowledge processing and reasoning based on graph representation - a case study," in Intelligent Information and Database Systems, LNCS, Springer, 2010, vol. 5991, pp. 93-104. http://dx.doi.org/10.1007/978-3-642-12101-2_11
  36. Tarski A., Introduction to Logic and to the Methodology of Deductive Sciences, Second Edition. New York: Dover Publications, Inc., 1946.
  37. Tibbs H., Ambler-Edwards S., and Corcoran M., The Global Cyber Game: Achieving strategic resilience in the global knowledge society, 2013, Defence Academy of The United Kingdom.
  38. Verizone. 2012 Data Breach Investigations Report, http://www.verizonenterprise.com/DBIR/2012/.
Cytowane przez
Pokaż
ISSN
2300-5963
Język
eng
Udostępnij na Facebooku Udostępnij na Twitterze Udostępnij na Google+ Udostępnij na Pinterest Udostępnij na LinkedIn Wyślij znajomemu