César Augusto Borges de Andrade, C. Gomes de Mello, J. C. Duarte
{"title":"恶意软件自动分析","authors":"César Augusto Borges de Andrade, C. Gomes de Mello, J. C. Duarte","doi":"10.1109/BRICS-CCI-CBIC.2013.119","DOIUrl":null,"url":null,"abstract":"The malicious code analysis allows malware behavior characteristics to be identified, in other words how does it act in the operating system, what obfuscation techniques are used, which execution flows lead to the primary planned behavior, use of network operations, files downloading operations, user and system's information capture, access to records, among other activities, in order to learn how malware works, to create ways to identify new malicious softwares with similar behavior, and ways of defense. Manual scanning for signature generation becomes impractical, since it requires a lot of time compared to new malwares' dissemination and creation speed. Therefore, this paper proposes the use of sandbox techniques and machine learning techniques to automate software identification in this context. This paper, besides presenting a different and faster approach to malware detection, has achieved an accuracy rate of over 90% for the task of malware identifying.","PeriodicalId":306195,"journal":{"name":"2013 BRICS Congress on Computational Intelligence and 11th Brazilian Congress on Computational Intelligence","volume":"11 16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Malware Automatic Analysis\",\"authors\":\"César Augusto Borges de Andrade, C. Gomes de Mello, J. C. Duarte\",\"doi\":\"10.1109/BRICS-CCI-CBIC.2013.119\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The malicious code analysis allows malware behavior characteristics to be identified, in other words how does it act in the operating system, what obfuscation techniques are used, which execution flows lead to the primary planned behavior, use of network operations, files downloading operations, user and system's information capture, access to records, among other activities, in order to learn how malware works, to create ways to identify new malicious softwares with similar behavior, and ways of defense. Manual scanning for signature generation becomes impractical, since it requires a lot of time compared to new malwares' dissemination and creation speed. Therefore, this paper proposes the use of sandbox techniques and machine learning techniques to automate software identification in this context. This paper, besides presenting a different and faster approach to malware detection, has achieved an accuracy rate of over 90% for the task of malware identifying.\",\"PeriodicalId\":306195,\"journal\":{\"name\":\"2013 BRICS Congress on Computational Intelligence and 11th Brazilian Congress on Computational Intelligence\",\"volume\":\"11 16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 BRICS Congress on Computational Intelligence and 11th Brazilian Congress on Computational Intelligence\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BRICS-CCI-CBIC.2013.119\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 BRICS Congress on Computational Intelligence and 11th Brazilian Congress on Computational Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BRICS-CCI-CBIC.2013.119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The malicious code analysis allows malware behavior characteristics to be identified, in other words how does it act in the operating system, what obfuscation techniques are used, which execution flows lead to the primary planned behavior, use of network operations, files downloading operations, user and system's information capture, access to records, among other activities, in order to learn how malware works, to create ways to identify new malicious softwares with similar behavior, and ways of defense. Manual scanning for signature generation becomes impractical, since it requires a lot of time compared to new malwares' dissemination and creation speed. Therefore, this paper proposes the use of sandbox techniques and machine learning techniques to automate software identification in this context. This paper, besides presenting a different and faster approach to malware detection, has achieved an accuracy rate of over 90% for the task of malware identifying.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
