BazEkon - Biblioteka Główna Uniwersytetu Ekonomicznego w Krakowie

BazEkon home page

Meny główne

Jasiul Bartosz (Military Communication Institute), Śliwa Joanna (Military Communication Institute), Gleba Kamil (Military Communication Institute), Szpyrka Marcin (AGH University of Science and Technology Kraków, Poland)
Identification of malware activities with rules
Annals of Computer Science and Information Systems, 2014, vol. 2, s. 101-110, rys., bibliogr. 38 poz.
Słowa kluczowe
Szkodliwe oprogramowanie, Oprogramowanie, Informatyka, Wirusy komputerowe
Malware, Software, Information science, Computer viruses
The article describes the method of malware activities identification using ontology and rules. The method supports detection of malware at host level by observing its behavior. It sifts through hundred thousands of regular events and allows to identify suspicious ones. They are then passed on to the second building block responsible for malware tracking and matching stored models with observed malicious actions. The presented method was implemented and verified in the infected computer environment. As opposed to signature-based antivirus mechanisms it allows to detect malware the code of which has been obfuscated.(original abstract)
Pełny tekst
  1. Adair S., Deibert R., Rohozinski R., Villeneuve N., and Walton G., Shadows in the cloud: Investigating Cyber Espionage 2.0, 2010, Information Warfare Monitor Shadowserver Foundation,
  2. Antoniou G. and van Harmelen F., A Semantic Web P rimer. Cambridge, England: The MIT Press, 2008.
  3. API hooking revealed,
  4. ARAKIS,
  5. Bereziński P., Szpyrka M., Jasiul B., and Mazur M., "Network anomaly detection using parameterized entropy," in CISIM 2014, ser. LNCS, K. Saeed and V. Snášel, Eds. Springer, 2014, vol. 8838, pp. 473-486.
  6. Bobek S., Porzycki K., and Nalepa G., "Learning sensors usage patterns in mobile context-aware systems," in Proceedings of the Federated Conference on Computer Science and Information Systems - FedCSIS, IEEE, 2013, pp. 993-998.
  7. Choraś M., Kozik R., Piotrowski R., Brzostek J., and Hołubowicz W., "Network events correlation for federated networks protection system," in Towards a Service-Based Internet, LNCS, Springer, 2011, vol. 6994, pp. 100-111.
  8. Conti M., Di Pietro R., Mancini L., and Mei A., "Mobility and cooperation to thwart node capture attacks in MANETs," EURASIP J. Wirel. Commun. Netw., vol. 2009, no. 1, pp. 8:1-8:13, 2009.
  9. EasyHook,
  10. Gostev A., Kaspersky Security Bulletin: Statistics 2008,
  11. Horrocks I., Patel-Schneider P., Boley H., Tabet S., Grosof B., and Dean M., SWRL: A Semantic Web Rule Language. Combining OWL and RuleML,
  12. Jasiul B., Piotrowski R., Bereziski P., Choraś M., Kozik R., and Brzostek J., "Federated Cyber Defence System - applied methods and techniques," in 2012 Military Communications and Information Systems Conference, MCC 2012, 2012, pp. 145-150.
  13. Jasiul B., Szpyrka M., and Śliwa J., "Malware behavior modeling with Colored Petri nets," in CISIM 2014, ser. LNCS, K. Saeed and V. Snášel, Eds. Springer, 2014, vol. 8838, pp. 667-679.
  14. Jensen K. and Kristensen L., Coloured Petri Nets: Modelling and Validation of Concurrent Systems, 1st ed. Springer, 2009.
  15. Maslennikov D. and Namestnikov Y., Kaspersky Security Bulletin. The overall statistics for 2012,
  16. McAfee and HB Garry Solution Brief. Extend McAfee Total Protection for Endpoint with HBGary Digital DNA and Responder, hbgary.pdf
  17. Microsoft Technet - Sysinternals,
  18. Nalepa G. and Bobek S., "Rule-based solution for context-aware reasoning on mobile devices," Computer Science and Information Systems, vol. 11, no. 1, pp. 171-193, 2014.
  19. Netfilter,
  20. Protégé - ontology editor and knowledge-base framework,
  21. Raiu C., Virus News: 2012 by the numbers,
  22. Russinovich M. and Cogswell B., Process Monitor v3.05,
  23. Russinovich M. and Margosis A., Windows Sysinternals Administrator's Reference. Redmond, Washington, USA: Microsoft Press, 2011.
  24. Sirin E., Parsia B., Cuenca Grau B., Kalyanpur A., and Katz Y., "Pellet: A practical OWL-DL reasoner," in Web Semantics: Science, Services and Agents on the World Wide Web, vol. 5, 2007, pp. 51 - 53.
  25. SNORT,
  26. Szpyrka M. and Szmuc T., "Decision tables in Petri net models," in Rough Sets and Intelligent Systems Paradigms, LNCS, Springer, 2007, vol. 4585, pp. 648-657.
  27. Szpyrka M., "Analysis of VME-Bus communication protocol - RTCPnet approach," Real-Time Systems, vol. 35, no. 1, pp. 91- 108, 2007.
  28. Szpyrka M., "Exclusion rule-based systems - case study," in Computer Science and Information Technology, IMCSIT, 2008, pp. 237-242.
  29. Szpyrka M., Jasiul B., Wrona K., and Dziedzic F., "Telecommunications networks risk assessment with Bayesian networks," in Computer Information Systems and Industrial Management, LNCS, Springer, 2013, vol. 8104, pp. 277-288.
  30. Szwed P. and Skrzyński P., "A new lightweight method for security risk assessment based on fuzzy cognitive maps," Applied Mathematics and Computer Science, vol. 24, no. 1, pp. 213-225, 2014.
  31. Śliwa J. and Amanowicz M., "A mediation service for web services provision in tactical disadvatnaged environment," in IEEE Military Communications Conference, MILCOM, 2008, pp. 1-7.
  32. Śliwa J. and Jasiul B., "Efficiency of dynamic content adaptation based on semantic description of web service call context," in Proceedings - IEEE Military Communications Conference MILCOM 2012, Orlando, USA, 2012, pp. 1-6.
  33. Śliwa J., Gleba K., Chmiel W., Szwed P., and Głowacz A., " IOEM - Ontology engineering methodology for large systems," in Computational Collective Intelligence. Technologies and Applications, LNCS, Springer, 2011, vol. 6922, pp. 602-611.
  34. Takeshi A., Masaki K., and Murakami T., Cyber Security Trend - Annual Review 2012, _security_trend_report_en.pdf
  35. Tarapata Z., Chmielewski M., and Kasprzyk R., "An algorithmic approach to social knowledge processing and reasoning based on graph representation - a case study," in Intelligent Information and Database Systems, LNCS, Springer, 2010, vol. 5991, pp. 93-104.
  36. Tarski A., Introduction to Logic and to the Methodology of Deductive Sciences, Second Edition. New York: Dover Publications, Inc., 1946.
  37. Tibbs H., Ambler-Edwards S., and Corcoran M., The Global Cyber Game: Achieving strategic resilience in the global knowledge society, 2013, Defence Academy of The United Kingdom.
  38. Verizone. 2012 Data Breach Investigations Report,
Cytowane przez
Udostępnij na Facebooku Udostępnij na Twitterze Udostępnij na Google+ Udostępnij na Pinterest Udostępnij na LinkedIn Wyślij znajomemu