A Novel Information Fusion Model for Assessment of Malware Threat
نویسندگان
چکیده
It is not only important for security analysts to judge some binary code is malicious or not, but also to understand the malware “what to do” and “what’s the impact it posed on our information system”. In this paper, we proposed a novel information fusion model to quantitate the threat of malware. The model consists of three levels: the decision making level information fusion, the attribute level information fusion and the behavior level information fusion. These three levels portray special characteristics of malware threat distributed in the assessment model. Combined with the static analysis technology and real-time monitor technology, we implemented a framework of malware threat assessment. The experiment demonstrates that our information fusion model for malware threat assessment is effective to quantitate the threat of malware in accuracy and differentiation degree. In the end, we discussed several issues that could improve the performance of the model. Keyword: information fusion, malware analysis, threat assessment, static analysis, real-time monitor
منابع مشابه
A novel ranking method for intuitionistic fuzzy set based on information fusion and application to threat assessment
A novel ranking method based on multi-time information fusion is proposed for intuitionistic fuzzy sets (IFSs) and applied to the threat assessment problem, a multi-attribute decision making (MADM) one. This method integrates a designed intuitionistic fuzzy entropy (IFE), the closeness degree of technique for order preference by similarity to ideal solution (TOPSIS), the decision maker¡¯s (DM¡¯...
متن کاملDyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملMalware Risk Analysis on the Campus Network with Bayesian Belief Network
A security network management system is for providing clear guidelines on risk evaluation and assessment for enterprise networks. The threat and risk assessment is conducted to safeguard enterprise network services to maintain system confidentiality, integrity, and availability through effective control strategies. In this paper, based on our previous work in analyzing integrated information se...
متن کاملAn Ontology for Insider Threat Indicators: Development and Application
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of ...
متن کاملA Novel Hybrid Approach for Email Spam Detection based on Scatter Search Algorithm and K-Nearest Neighbors
Because cyberspace and Internet predominate in the life of users, in addition to business opportunities and time reductions, threats like information theft, penetration into systems, etc. are included in the field of hardware and software. Security is the top priority to prevent a cyber-attack that users should initially be detecting the type of attacks because virtual environments are not moni...
متن کامل