Reversing: The Hacker's Guide to Reverse Engineering
Reversing: The Hacker's Guide to Reverse Engineering
Lucene in Action (In Action series)
Lucene in Action (In Action series)
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Computer Viruses: from theory to applications (Collection IRIS)
Computer Viruses: from theory to applications (Collection IRIS)
Connections: using context to enhance file search
Proceedings of the twentieth ACM symposium on Operating systems principles
Graph Theory and Its Applications, Second Edition (Discrete Mathematics and Its Applications)
Graph Theory and Its Applications, Second Edition (Discrete Mathematics and Its Applications)
Insider attack and real-time data mining of user behavior
IBM Journal of Research and Development - Business optimization
A behavioral theory of insider-threat risks: A system dynamics approach
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Using provenance to aid in personal file search
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
New Technology Prevents Data Leakage
Computer
MalTRAK: Tracking and Eliminating Unknown Malware
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
CloudAV: N-version antivirus in the network cloud
SS'08 Proceedings of the 17th conference on Security symposium
Spyglass: fast, scalable metadata search for large-scale storage systems
FAST '09 Proccedings of the 7th conference on File and storage technologies
Hadoop: The Definitive Guide
PCI DSS: A practical guide to implementation
PCI DSS: A practical guide to implementation
SALSA: analyzing logs as state machines
WASL'08 Proceedings of the First USENIX conference on Analysis of system logs
Statistical detection of malicious PE-Executables for fast offline analysis
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
A successful data breach is often caused by malware installed by attackers. In a large-scale computer environment, it is difficult and costly for information technology managers to identify the victims and to assess the scope of the data breach when a malware attack occurs. Therefore, a quick and retrospective mechanism that can find victims is required. One such technology is Search. However, most search techniques are not designed for searching executable files; indeed, they become worse in identifying malware files because of polymorphism and/or metamorphism. In this paper, we propose a portable executable format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware-related files retrospectively. Based on these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. Furthermore, the possibly breached files also can be identified. A MalPEFinder prototype has been implemented on the hadoop platform in order to perform three functions: (i) searching retrospectively; (ii) protecting evidence against tampering; and (iii) dealing with future data growth. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous splunk tool. Copyright © 2011 John Wiley & Sons, Ltd.