A Cuckoo's Egg in the Malware Nest: On-the-fly Signature-less Malware Analysis, Detection, and Containment for Large Networks
نویسندگان
چکیده
Avatar is a new architecture devised to perform onthe-fly malware analysis and containment on ordinary hosts; that is, on hosts with no special setup. The idea behind Avatar is to inject the suspected malware with a specially crafted piece of software at the moment that it tries to download an executable. The special software can cooperate with a remote analysis engine to determine the main characteristics of the suspected malware, and choose an appropriate containment strategy, which may include process termination, in case the process under analysis turns out to be malicious, or let it continue otherwise. Augmented with additional detection heuristics we present in the paper, Avatar can also perform signature-less malware detection and containment.
منابع مشابه
DyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملDetection and Prevention of New and Unknown Malware using Honeypots
Security has become ubiquitous in every domain today as newly emerging malware pose an everincreasing perilous threat to systems. Consequently, honeypots are fast emerging as an indispensible forensic tool for the analysis of malicious network traffic. Honeypots can be considered to be traps for hackers and intruders and are generally deployed complimentary to Intrusion Detection Systems (IDS) ...
متن کاملMalware Detection using Classification of Variable-Length Sequences
In this paper, a novel method based on the graph is proposed to classify the sequence of variable length as feature extraction. The proposed method overcomes the problems of the traditional graph with variable length of data, without fixing length of sequences, by determining the most frequent instructions and insertion the rest of instructions on the set of “other”, save speed and memory. Acco...
متن کاملA Review of Malware Detection Based on Pattern Matching Technique
Malware detection developer faced a problem for a generation of new signature of malware code. A very famous and recognized technique is pattern based malware code detection technique. This leads to the evasion of signatures that are built based on the code syntax. In this paper, we discuss some well known method of malware detection based on semantic feature extraction technique. In current de...
متن کاملSuppression of Malware and Behavioral Detection in Delay Tolerant Networks
With the universal presence of short-range connectivity technologies (e.g., Bluetooth and, more recently, Wi-Fi Direct) in the consumer electronics market, the delay tolerant network (DTN) model is becoming a viable alternative to the traditional infrastructural model. In this paper, we address the proximity malware detection and containment problem with explicit consideration for the unique ch...
متن کامل