Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 8

Proceedings of the 2016 Federated Conference on Computer Science and Information Systems

Developing malware evaluation infrastructure

, , ,

DOI: http://dx.doi.org/10.15439/2016F490

Citation: Proceedings of the 2016 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 8, pages 981989 ()

Full text

Abstract. Malware evaluation is a key factor in security. It supposed to be safe and accurate. The contemporary malware is very sophisticated. Usually it uses complex distributed infrastructure an investigation of which is a very challenging task. In the paper, the development of the testbeds toward malware and its infrastructure evaluation is presented. Based on the real-life experience with the subsequent CryptoWall generations analysis, the MESS evaluation system is introduced. A rich set of analytical results is discussed. A new methods of visualization for malware artefacts analysis are given.

References

  1. McAffe Labs, Threats Report, May 2015, http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf
  2. Symantec, Internet Threat Report, April 2015, www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_ GA-internet-security-threat-report-volume-20-2015-social_v2.pdf
  3. A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge and E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks,” DIMVA 2015, 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 9-10, 2015, Milan, Italy, http://dx.doi.org/10.1007/978-3-319-20550-2_1
  4. K. Cabaj, P. Gawkowski, K. Grochowski, and D. Osojca, “Network activity analysis of CryptoWall ransomware”, Przegląd Elektrotechniczny, Vol 91, No 11, 2015, http://dx.doi.org/10.15199/48.2015.11.48
  5. E. Skoundis and L. Zeltser, Malware. Fighting Malicious Code, Pearson Education Inc. ; 2004.
  6. U. Bayer, A. Moser, Ch. Kruegel and E. Kirda, “Dynamic analysis of malicious code,” J. in Comp. Virology, vol. 2, 2006, pp 67-77., http://dx.doi.org/10.1007/s11416-006-0012-2
  7. X. Chen, J. Andersen, Z.M. Mao, M. Bailey and J. Nazario, “Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware,” in IEEE Int’l Conf. on Dependable Systems and Networks, 2008, pp. 177-186., http://dx.doi.org/10.1109/DSN.2008. 4630086
  8. P. Ferrie, The “Ultimate” Anti-Debugging Reference, 2011 http://anti-reversing.com/Downloads/Anti-Reversing/The_Ultimate_Anti-Reversing_Reference.pdf
  9. K. Cabaj, Management System for Dynamic Analysis of Malicious Software, Information Systems In Management, 2015
  10. Cuckoo Sandbox website, https://www.cuckoosandbox.org, May, 2016
  11. Process Monitor website, https://technet.microsoft.com/pl-pl/sysinternals/bb896645.aspx, May, 2016