Monitoring User Actions for Better Malware Specifications
نویسندگان
چکیده
We propose incorporating user actions to improve the precision of malware specifications and introduce a system to create effective application security policies based on the relationships between user interaction, GUI events, and run-time operations of both benign and malicious applications. Graphical malware such as Trojan:Win32/Fakeinit prevent us from simply allowing all user initiated actions. Malware often modifies system folders and registry entries, but benign applications generally only perform such actions in conjunction with a graphical installer combined with user input
منابع مشابه
Efficient Monitoring of Untrusted Kernel-Mode Execution
Recent malware instances execute completely in the kernel as drivers; they do not contain any user-level malicious processes. This design evades the system call monitoring used by many software security solutions, including malware analyzers and host-based intrusion detectors that track only user-level processes. To trace the behavior of kernel malware instances, we design and implement a hyper...
متن کاملEMMA: A New Platform to Evaluate Hardware-based Mobile Malware Analyses
Hardware-based malware detectors (HMDs) are a key emerging technology to build trustworthy computing platforms, especially mobile platforms. Quantifying the efficacy of HMDs against malicious adversaries is thus an important problem. The challenge lies in that real-world malware typically adapts to defenses, evades being run in experimental settings, and hides behind benign applications. Thus, ...
متن کاملA Layered Architecture for Detecting Malicious Behaviors
We address the semantic gap problem in behavioral monitoring by using hierarchical behavior graphs to infer high-level behaviors from myriad low-level events. Our experimental system traces the execution of a process, performing data-flow analysis to identify meaningful actions such as “proxying”, “keystroke logging”, “data leaking”, and “downloading and executing a program” from complex combin...
متن کاملThe Cause of All Evils: Assessing Causality Between User Actions and Malware Activity
Malware samples are created at a pace that makes it difficult for analysis to keep up. When analyzing an unknown malware sample, it is important to assess its capabilities to determine how much damage it can make to its victims, and perform prioritization decisions on which threats should be dealt with first. In a corporate environment, for example, a malware infection that is able to steal fin...
متن کاملReplacement Attacks: Automatically Impeding Behavior-Based Malware Specifications
As the underground market of malware flourishes, there is an exponential increase in the number and diversity of malware. A crucial question in malware analysis research is how to define malware specifications or signatures that faithfully describe similar malicious intent and clearly stand out from other programs. It is evident that the classical syntactic signatures are insufficient to defeat...
متن کامل