Introduction to algorithms
Linux Journal
SODA '03 Proceedings of the fourteenth annual ACM-SIAM symposium on Discrete algorithms
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Finding diversity in remote code injection exploits
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Learning to Detect and Classify Malicious Executables in the Wild
The Journal of Machine Learning Research
An architecture for generating semantics-aware signatures
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Behavioral distance measurement using hidden markov models
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Rethinking antivirus: executable analysis in the network cloud
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
SS'08 Proceedings of the 17th conference on Security symposium
Studying spamming botnets using Botlab
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Large-scale malware indexing using function-call graphs
Proceedings of the 16th ACM conference on Computer and communications security
A parameter-free hybrid clustering algorithm used for malware categorization
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Improving the efficiency of dynamic malware analysis
Proceedings of the 2010 ACM Symposium on Applied Computing
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
CIMDS: adapting postprocessing techniques of associative classification for malware detection
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Automatic malware categorization using cluster ensemble
Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining
Fast malware classification by automated behavioral graph matching
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Malware characterization through alert pattern discovery
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Effective and efficient malware detection at the end host
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Malware detection using assembly code and control flow graph optimization
Proceedings of the 1st Amrita ACM-W Celebration on Women in Computing in India
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
Towards early warning systems: challenges, technologies and architecture
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
dAnubis: dynamic device driver analysis based on virtual machine introspection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
On challenges in evaluating malware clustering
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A case study in ethical decision making regarding remote mitigation of botnets
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Evidential structures and metrics for network forensics
International Journal of Internet Technology and Secured Transactions
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
ARROW: GenerAting SignatuRes to Detect DRive-By DOWnloads
Proceedings of the 20th international conference on World wide web
Deriving common malware behavior through graph clustering
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Finding software license violations through binary code clone detection
Proceedings of the 8th Working Conference on Mining Software Repositories
Malware images: visualization and automatic classification
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Combining file content and file relations for cloud based malware detection
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
DepSim: a dependency-based malware similarity comparison system
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Hunting for undetectable metamorphic viruses
Journal in Computer Virology
Proceedings of the 4th ACM workshop on Security and artificial intelligence
BitShred: feature hashing malware for scalable triage and semantic analysis
Proceedings of the 18th ACM conference on Computer and communications security
Malware classification based on call graph clustering
Journal in Computer Virology
FORECAST: skimming off the malware cream
Proceedings of the 27th Annual Computer Security Applications Conference
deRop: removing return-oriented programming from malware
Proceedings of the 27th Annual Computer Security Applications Conference
Malware classification using instruction frequencies
Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Finding non-trivial malware naming inconsistencies
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Supporting velocity of investigation with behavior analysis of malware
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Banksafe information stealer detection inside the web browser
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Detecting environment-sensitive malware
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Malware characteristics and threats on the internet ecosystem
Journal of Systems and Software
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Active malware analysis using stochastic games
Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems - Volume 1
Tracking concept drift in malware families
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Manufacturing compromise: the emergence of exploit-as-a-service
Proceedings of the 2012 ACM conference on Computer and communications security
Scalable malware clustering through coarse-grained behavior modeling
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Malware classification based on extracted API sequences using static analysis
Proceedings of the Asian Internet Engineeering Conference
VAMO: towards a fully automated malware clustering validity analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Lines of malicious code: insights into the malicious software industry
Proceedings of the 28th Annual Computer Security Applications Conference
A comparative study of malware family classification
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Review: Classification of malware based on integrated static and dynamic features
Journal of Network and Computer Applications
Evaluation of malware clustering based on its dynamic behaviour
AusDM '08 Proceedings of the 7th Australasian Data Mining Conference - Volume 87
Scalable fine-grained behavioral clustering of HTTP-based malware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Tracking memory writes for malware classification and code reuse identification
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
On the feasibility of online malware detection with performance counters
Proceedings of the 40th Annual International Symposium on Computer Architecture
Unveiling Zeus: automated classification of malware samples
Proceedings of the 22nd international conference on World Wide Web companion
Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Security analysis of online centroid anomaly detection
The Journal of Machine Learning Research
VILO: a rapid learning nearest-neighbor classifier for malware triage
Journal in Computer Virology
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles
Proceedings of the 29th Annual Computer Security Applications Conference
Driving in the cloud: an analysis of drive-by download operations and abuse reporting
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Exploring discriminatory features for automated malware classification
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Towards automatic software lineage inference
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Numerous attacks, such as worms, phishing, and botnets, threaten the availability of the Internet, the integrity of its hosts, and the privacy of its users. A core element of defense against these attacks is anti-virus (AV) software--a service that detects, removes, and characterizes these threats. The ability of these products to successfully characterize these threats has far-reaching effects--from facilitating sharing across organizations, to detecting the emergence of new threats, and assessing risk in quarantine and cleanup. In this paper, we examine the ability of existing host-based anti-virus products to provide semantically meaningful information about the malicious software and tools (or malware) used by attackers. Using a large, recent collection of malware that spans a variety of attack vectors (e.g., spyware, worms, spam), we show that different AV products characterize malware in ways that are inconsistent across AV products, incomplete across malware, and that fail to be concise in their semantics. To address these limitations, we propose a new classification technique that describes malware behavior in terms of system state changes (e.g., files written, processes created) rather than in sequences or patterns of system calls. To address the sheer volume of malware and diversity of its behavior, we provide a method for automatically categorizing these profiles of malware into groups that reflect similar classes of behaviors and demonstrate how behavior-based clustering provides a more direct and effective way of classifying and analyzing Internet malware.