Proceedings Article10.1109/ICSSE.2010.5551719
Malware analysis using reverse engineering and data mining tools
Supreeth Jagadish Burji,Kathy J. Liszka,Chien-Chung Chan +2 more
- 01 Jul 2010
- pp 619-624
20
TL;DR: A case study of the well-known Nugache worm is presented using existing reverse engineering tools to collect data from malwares running in a closed-lab environment and the proposed approach can be used for the study of malware behaviors in a safe and pedagogical environment.
read more
Abstract: One challenge in malware analysis involves collecting useful data without risking experimenters' machines or systems. Static analysis of malware codebases is valuable in providing insights on malware development mechanisms, however, it cannot provide understanding in dynamic profiling of executable codes. In this paper, we present a case study of the well-known Nugache worm using existing reverse engineering tools to collect data from malwares running in a closed-lab environment. Useful dynamic patterns of malwares are generated by using a rough set based machine learning tool. The proposed approach can be used for the study of malware behaviors in a safe and pedagogical environment. The dynamic patterns generated by data mining tools may provide insights for specifying similarity measures used by network level Intrusion Detection Systems.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Learning Attack Features from Static and Dynamic Analysis of Malware
Ravinder R. Ravula,Kathy J. Liszka,Chien-Chung Chan +2 more
- 26 Oct 2011
TL;DR: A reverse engineering process to extract static and behavioral features from malware based on an assumption that behavior of a malware can be revealed by executing it and observing its effects on the operating environment and preliminary results indicate that BLEM2 rules may provide interesting insights for essential feature identification.
6
•Dissertation
Behavior-based Classification of Botnet Malware
Peter Ekstrand Berg
- 01 Jan 2011
TL;DR: This thesis will analyze malware behavior that employs obfuscation techniques in the context of botnets to solve a two-class classification problem.
6
Detecting forensically relevant information from PE executables
Shany Jophin,Meera Vijayan,S Dija +2 more
- 25 Jul 2013
TL;DR: This paper proposes an advanced and resource friendly malware forensics analysis procedure which uses the principles of static analysis to figure out the exact purpose of an executable file.
3
•Proceedings Article
Dynamic analysis of malware using decision trees
Ravinder R. Ravula,Chien-Chung Chan,Kathy J. Liszka +2 more
- 31 Jul 2018
TL;DR: This work applied a reversed engineering process to extract static and behavioural features from malware to identify essential features and shows that Naïve Bayes classifier has better performance on the data set created from the API Call data set with 141 features.
3
Anticipating Dormant Functionality in Malware: A Semantics Based Approach
Muzzamil Noor,Haider Abbas +1 more
- 02 Jul 2013
TL;DR: This paper presents a review of all efforts at adopting semantics based models for automated malware analysis and defines future work directions of the research.
3
References
•Book
Rough Sets: Theoretical Aspects of Reasoning about Data
Zdzisław Pawlak
- 31 Oct 1991
TL;DR: Theoretical Foundations.
8.8K
•Proceedings Article
BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection
Guofei Gu,Roberto Perdisci,Junjie Zhang,Wenke Lee +3 more
- 28 Jul 2008
TL;DR: This paper presents a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C &C server names/addresses).
Understanding the network-level behavior of spammers
Anirudh Ramachandran,Nick Feamster +1 more
- 11 Aug 2006
TL;DR: It is found that most spam is being sent from a few regions of IP address space, and that spammers appear to be using transient "bots" that send only a few pieces of email over very short periods of time.
Related Papers (5)
Mahmoud Abdelsalam,Maanak Gupta,Sudip Mittal +2 more
- 28 Apr 2021
Peidai Xie,Xicheng Lu,Jinshu Su,Yongjun Wang,Meijian Li +4 more
- 28 Jan 2013
Omer Aslan,Refik Samet +1 more
- 01 Oct 2017