The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity
نویسندگان
چکیده
Malware samples are created at a pace that makes it difficult for analysis to keep up. When analyzing an unknown malware sample, it is important to assess its capabilities to determine how much damage it can make to its victims, and perform prioritization decisions on which threats should be dealt with first. In a corporate environment, for example, a malware infection that is able to steal financial information is much more critical than one that is sending email spam, and should be dealt with the highest priority. In this paper we present a statistical approach able to determine causality relations between a specific trigger action (e.g., a user visiting a certain website in the browser) and a malware sample. We show that we can learn the typology of a malware sample by presenting it with a number of trigger actions commonly performed by users, and studying to which events the malware reacts. We show that our approach is able to correctly infer causality relations between information stealing malware and login events on websites, as well as between adware and websites containing adver-
منابع مشابه
Problem of Evil in Taoism
This paper attempts to present the Taoist understanding of evil. In the Taoist tradition, especially in Tao Te Ching, evil is divided into two categories: causal evil and consequential evil. Causal evils are those evils that are said to be the causes of other evils; consequential evils are those that are said to be the consequences of the causal evils. Causal evils originate from human will, an...
متن کاملA Methodology To Assess Malware Causality In Network Activities
The current malware analysis methods cannot stand the pace the creation of new malware samples has. When analyzing an unknown malware sample, it is important to determine its capabilities of damaging its victims. In a company, for example, a malware infection from an information stealer sample is much more critical than one from a spambot sample, and have to be dealt with the highest priority. ...
متن کاملMonitoring User Actions for Better Malware Specifications
We propose incorporating user actions to improve the precision of malware specifications and introduce a system to create effective application security policies based on the relationships between user interaction, GUI events, and run-time operations of both benign and malicious applications. Graphical malware such as Trojan:Win32/Fakeinit prevent us from simply allowing all user initiated acti...
متن کاملNeural Signatures of User-Centered Security: An fMRI Study of Phishing, and Malware Warnings
The security of computer systems often relies upon decisions and actions of end users. In this paper, we set out to investigate user-centered security by concentrating at the most fundamental component governing user behavior – the human brain. We introduce a novel neuroscience-based study methodology to inform the design of user-centered security systems. Specifically, we report on an fMRI stu...
متن کاملAll Your iFRAMEs Point to Us
As the web continues to play an ever increasing role in information exchange, so too is it becoming the prevailing platform for infecting vulnerable hosts. In this paper, we provide a detailed study of the pervasiveness of so-called drive-by downloads on the Internet. Driveby downloads are caused by URLs that attempt to exploit their visitors and cause malware to be installed and run automatica...
متن کامل