A Toolkit for Detecting and Analyzing Malicious Software
نویسندگان
چکیده
In this paper we present PEAT: The Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan horse program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT’s practical effec-
منابع مشابه
Analyzing new features of infected web content in detection of malicious web pages
Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery...
متن کاملDetecting Malicious Behaviors of Software through Analysis of API Sequence k-gramsi
Nowadays, software is widely applied to increase accuracy, efficiency, and convenience in various areas in our life. So, it is essential to use software in our recent computing environments. Despite of the valuable applications of software, malicious behaviors caused by vulnerability of software threaten our secure computing environments. So, it is important to identify and detect malicious beh...
متن کاملIdentifying the software and their families using the exploration techniques of sequential patterns in dynamic analysis
Nowadays, crypto-ransomware is considered as one of the most threats in cybersecurity. Crypto ransomware removes data access by encrypting valuable data and requests a ransom payment to allow data decryption. As ransomware is still new in the field of cybersecurity, there are few pieces of research focusing on detecting ransomware samples. Most published works considered System File and process...
متن کاملTechniques in Detection and Analyzing Malware Executables: A Review
Today computer field has gained a lot of importance in our day to day life to deal with many aspects like education, entertainment purpose etc. System security is warned by weapons named as malicious software to fulfill malicious intention of its authors. Malicious software known as malware is one of the common problem faced by the internet today. The key to detect these threats are also availa...
متن کاملDetecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کامل