Detection of privacy threat by peculiar feature extraction in malwares to combat targeted cyber attacks

Abstract

Targeted cyber-threats are topmost concern of organizations and technologies of today. Malwares having similar objectives bear common artifacts. Thus defining a detection mechanism based on such peculiar artifacts will not only help in detecting existing risks but also gives a considerable defense against unknown malicious attacks. About 903 known malware samples related to espionage were analyzed statically and a data set comprising related artifacts is established and also checked against the benign software. Weightage is given to each artifact on the difference of its existence in malicious and benign code and artifact’s relation to the expected targeted organization or technology thus catering for targeted attacks. Designed algorithm for detection of espionage attack has given 99.16 % of authentication and 99.33 % of precision. Real time alarm generation is also incorporated by API hooking using Detour library for latter detailed analysis of suspicious program or application by proposed algorithm.