A. Arrott, Arun Lakhotia, F. Leitold, Charles LeDoux
{"title":"在勒索软件攻击期间对恶意软件变体进行解混淆的聚类分析","authors":"A. Arrott, Arun Lakhotia, F. Leitold, Charles LeDoux","doi":"10.1109/CyberSA.2018.8551432","DOIUrl":null,"url":null,"abstract":"Risk managers attempting to reduce cyber-security vulnerability in enterprise IT networks rely on the \"malware detection rate\" as a primary measure at each layer of protection (e.g., network firewalls, breach detection systems, secure mail-servers, endpoint security suites). However, to be directly usable in risk assessments, separate malware detection rates are required for different malware categories that are quantitatively related to specific impacts of infection. A three-tier hierarchy of malware classification is formulated to assist cyber-risk decision-making. Malware is first categorized by victim impact (e.g., adware, data exfiltration, ransomware); second by malware technique (e.g., malware families), and third by evasion and obfuscation variants within individual malware families (e.g., polymorphs, metamorphs). The three-tier hierarchy is applied to a specific vertical: ransomware (impact); ransomware family (technique); and malware binary variants within one family, WannaCry (obfuscation and evasion).","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Cluster analysis for deobfuscation of malware variants during ransomware attacks\",\"authors\":\"A. Arrott, Arun Lakhotia, F. Leitold, Charles LeDoux\",\"doi\":\"10.1109/CyberSA.2018.8551432\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Risk managers attempting to reduce cyber-security vulnerability in enterprise IT networks rely on the \\\"malware detection rate\\\" as a primary measure at each layer of protection (e.g., network firewalls, breach detection systems, secure mail-servers, endpoint security suites). However, to be directly usable in risk assessments, separate malware detection rates are required for different malware categories that are quantitatively related to specific impacts of infection. A three-tier hierarchy of malware classification is formulated to assist cyber-risk decision-making. Malware is first categorized by victim impact (e.g., adware, data exfiltration, ransomware); second by malware technique (e.g., malware families), and third by evasion and obfuscation variants within individual malware families (e.g., polymorphs, metamorphs). The three-tier hierarchy is applied to a specific vertical: ransomware (impact); ransomware family (technique); and malware binary variants within one family, WannaCry (obfuscation and evasion).\",\"PeriodicalId\":352813,\"journal\":{\"name\":\"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":\"67 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2018.8551432\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2018.8551432","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cluster analysis for deobfuscation of malware variants during ransomware attacks
Risk managers attempting to reduce cyber-security vulnerability in enterprise IT networks rely on the "malware detection rate" as a primary measure at each layer of protection (e.g., network firewalls, breach detection systems, secure mail-servers, endpoint security suites). However, to be directly usable in risk assessments, separate malware detection rates are required for different malware categories that are quantitatively related to specific impacts of infection. A three-tier hierarchy of malware classification is formulated to assist cyber-risk decision-making. Malware is first categorized by victim impact (e.g., adware, data exfiltration, ransomware); second by malware technique (e.g., malware families), and third by evasion and obfuscation variants within individual malware families (e.g., polymorphs, metamorphs). The three-tier hierarchy is applied to a specific vertical: ransomware (impact); ransomware family (technique); and malware binary variants within one family, WannaCry (obfuscation and evasion).
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
