Abstract
Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware. © 2012 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Grégio, A. R. A., Afonso, V. M., Filho, D. S. F., De Geus, P. L., Jino, M., & Dos Santos, R. D. C. (2012). Pinpointing malicious activities through network and system-level malware execution behavior. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7336 LNCS, pp. 274–285). https://doi.org/10.1007/978-3-642-31128-4_20
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
