{"title":"过程挖掘与恶意软件演化:恶意代码行为的研究","authors":"M. Bernardi, Marta Cimitile, F. Mercaldo","doi":"10.1109/CANDAR.2016.0111","DOIUrl":null,"url":null,"abstract":"Mobile phones are more and more used for sensitive resources exchange and access, becoming target for possible malware attacks. These attacks are still increasing with the birth of new and sophisticated malware that make the existing malware detection approaches often inadequate. Since the majority of new malware are generated using existing malicious code, it becomes very important tracking the mobile malware phylogeny. In this work, a Process Mining (PM) approach for building a malware phylogeny model using information contained in system calls traces, is proposed. The adoption of a declarative Process Mining technique allows to mine a constraint-based model that can be effectively used as a malware fingerprint expressing relationships and recurring execution patterns among system calls in the execution flows. The model characterizes the behavior of malware applications allowing the identification of similarities across malware families and among malware variants belonging to the same family. The proposed approach is evaluated using a dataset of more than 700 infected applications across seven malware families obtaining very encouraging results.","PeriodicalId":322499,"journal":{"name":"2016 Fourth International Symposium on Computing and Networking (CANDAR)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Process Mining Meets Malware Evolution: A Study of the Behavior of Malicious Code\",\"authors\":\"M. Bernardi, Marta Cimitile, F. Mercaldo\",\"doi\":\"10.1109/CANDAR.2016.0111\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile phones are more and more used for sensitive resources exchange and access, becoming target for possible malware attacks. These attacks are still increasing with the birth of new and sophisticated malware that make the existing malware detection approaches often inadequate. Since the majority of new malware are generated using existing malicious code, it becomes very important tracking the mobile malware phylogeny. In this work, a Process Mining (PM) approach for building a malware phylogeny model using information contained in system calls traces, is proposed. The adoption of a declarative Process Mining technique allows to mine a constraint-based model that can be effectively used as a malware fingerprint expressing relationships and recurring execution patterns among system calls in the execution flows. The model characterizes the behavior of malware applications allowing the identification of similarities across malware families and among malware variants belonging to the same family. The proposed approach is evaluated using a dataset of more than 700 infected applications across seven malware families obtaining very encouraging results.\",\"PeriodicalId\":322499,\"journal\":{\"name\":\"2016 Fourth International Symposium on Computing and Networking (CANDAR)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 Fourth International Symposium on Computing and Networking (CANDAR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CANDAR.2016.0111\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Fourth International Symposium on Computing and Networking (CANDAR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CANDAR.2016.0111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Process Mining Meets Malware Evolution: A Study of the Behavior of Malicious Code
Mobile phones are more and more used for sensitive resources exchange and access, becoming target for possible malware attacks. These attacks are still increasing with the birth of new and sophisticated malware that make the existing malware detection approaches often inadequate. Since the majority of new malware are generated using existing malicious code, it becomes very important tracking the mobile malware phylogeny. In this work, a Process Mining (PM) approach for building a malware phylogeny model using information contained in system calls traces, is proposed. The adoption of a declarative Process Mining technique allows to mine a constraint-based model that can be effectively used as a malware fingerprint expressing relationships and recurring execution patterns among system calls in the execution flows. The model characterizes the behavior of malware applications allowing the identification of similarities across malware families and among malware variants belonging to the same family. The proposed approach is evaluated using a dataset of more than 700 infected applications across seven malware families obtaining very encouraging results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
