Lens on the Endpoint: Hunting for Malicious Software Through Endpoint Data Analysis

نویسندگان

  • Ahmet Salih Buyukkayhan
  • Alina Oprea
  • Zhou Li
  • William K. Robertson
چکیده

Organizations are facing an increasing number of criminal threats ranging from opportunistic malware to more advanced targeted attacks. While various security technologies are available to protect organizations’ perimeters, still many breaches lead to undesired consequences such as loss of proprietary information, financial burden, and reputation defacing. Recently, endpoint monitoring agents that inspect system-level activities on user machines started to gain traction and be deployed in the industry as an additional defense layer. Their application, though, in most cases is only for forensic investigation to determine the root cause of an incident. In this paper, we demonstrate how endpoint monitoring can be proactively used for detecting and prioritizing suspicious software modules overlooked by other defenses. Compared to other environments in which host-based detection proved successful, our setting of a large enterprise introduces unique challenges, including the heterogeneous environment (users installing software of their choice), limited ground truth (small number of malicious software available for training), and coarse-grained data collection (strict requirements are imposed on agents’ performance overhead). Through applications of clustering and outlier detection algorithms, we develop techniques to identify modules with known malicious behavior, as well as modules impersonating popular benign applications. We leverage a large number of static, behavioral and contextual features in our algorithms, and new feature weighting methods that are resilient against missing attributes. The large majority of our findings are confirmed as malicious by anti-virus tools and manual investigation by experienced security analysts.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Endpoint in plasma etch process using new modified w-multivariate charts and windowed regression

Endpoint detection is very important undertaking on the side of getting a good understanding and figuring out if a plasma etching process is done in the right way, especially if the etched area is very small (0.1%). It truly is a crucial part of supplying repeatable effects in every single wafer. When the film being etched has been completely cleared, the endpoint is reached. To ensure the desi...

متن کامل

Early Stage Malware Prediction Using Recurrent Neural Networks

Static malware analysis is well-suited to endpoint anti-virus systems as it can be conducted quickly by examining the features of an executable piece of code and matching it to previously observed malicious code. However, static code analysis can be vulnerable to code obfuscation techniques. Behavioural data collected during file execution is more difficult to obfuscate, but takes a relatively ...

متن کامل

Endpoints of multi-valued cyclic contraction mappings

Endpoint results are presented for multi-valued cyclic contraction mappings on complete metric spaces (X, d). Our results extend previous results given by Nadler (1969), Daffer-Kaneko (1995), Harandi (2010), Moradi and Kojasteh (2012) and Karapinar (2011).

متن کامل

Mitigating the Lying-Endpoint Problem in Virtualized Network Access Frameworks

Malicious root-kits modify the in-memory state of programs executing on an endpoint to hide themselves from security software. Such attacks negatively affect network-based security frameworks that depend on the trustworthiness of endpoint software. In network access control frameworks this issue is called the lying-endpoint problem, where a compromised endpoint spoofs software integrity reports...

متن کامل

The Zurich Trusted Information Channel - An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks

This paper introduces the Zurich Trusted Information Channel (ZTIC, for short), a cost-efficient and easy-to-use approach to defend online services from man-in-themiddle and malicious software attacks. A small, cheap to manufacture and zero-installation USB device with a display runs a highly efficient security software stack providing the communications endpoint between server and customer. Th...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017