Skip to main content
SpringerLink
Log in

Fighting Malicious Software

  • Conference paper
Information Systems Security (ICISS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7671))

Included in the following conference series:

  • 1033 Accesses

Abstract

Malicious software, or malware, has evolved into one of the most severe security threats on today’s Internet. Despite many years of research and development from both academia and industry, the problem is still poorly contained. In this paper, we make the case for a malware defense approach that uses expressive behavior specifications that are general enough to characterize and detect a wide variety of malicious programs. Moreover, our approach can quickly react to new malware families. To this end, the system automatically generates specifications based on the observation of the execution of malware programs. That is, the system executes and monitors new malware programs in a controlled analysis environment. Based on these observations, the system identifies behavior that reflects malicious activity. This program behavior is then automatically translated into specifications that can be used for malware detection.

The work discussed in this paper would not have been possible without the tireless efforts of many graduate students and the collaboration with my colleges. I would like to especially thank Clemens Kolbitsch, Paolo Milani Comparetti, Andreas Moser and Engin Kirda, who have made major contributions to those techniques that are described in more detail in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: Annual Conference of the European Institute for Computer Antivirus Research, EICAR (2006)

    Google Scholar 

  2. Christodorescu, M., Jha, S., Kruegel, C.: Mining Specifications of Malicious Behavior. In: 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE (2007)

    Google Scholar 

  3. Crandall, J., Chong, F.: Minos: Control Data Attack Prevention Orthogonal to Memory Model. In: 37th International Symposium on Microarchitecture, MICRO (2004)

    Google Scholar 

  4. Crandall, J., Wassermann, G., de Oliveira, D., Su, Z., Wu, F., Chong, F.: Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines. In: Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS (2006)

    Google Scholar 

  5. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android Permissions: User Attention, Comprehension, and Behavior. In: Symposium on Usable Privacy and Security, SOUPS (2012)

    Google Scholar 

  6. Florencio, D., Herley, C.: Sex, Lies and Cyber-crime Surveys. In: 10th Workshop on the Economics of Information Security, WEIS (2011)

    Google Scholar 

  7. Kanich, C., Weaver, N., McCoy, D., Halvorson, T., Kreibich, C., Levchenko, K., Paxson, V., Voelker, G., Savage, S.: Show Me the Money: Characterizing Spam-advertised Revenue. In: Usenix Security Symposium (2011)

    Google Scholar 

  8. Kolbitsch, C., Holz, T., Kruegel, C., Kirda, E.: Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries. In: IEEE Symposium on Security and Privacy (2010)

    Google Scholar 

  9. Kolbitsch, C., Kirda, E., Kruegel, C.: The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code. In: 18th ACM Conference on Computer and Communications Security, CCS (2011)

    Google Scholar 

  10. Kolbitsch, C., Milani Comparetti, P., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and Efficient Malware Detection at the End Host. In: 18th Usenix Security Symposium (2009)

    Google Scholar 

  11. Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic Worm Detection Using Structural Information of Executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. McAfee, Inc.: Businesses Lose More Than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime (2009), http://www.bloomberg.com/apps/news?pid=newsarchive&sid=ae9ZFdLMXDrM

  13. Milani Comparetti, P., Salvaneschi, G., Kirda, E., Kolbitsch, C., Kruegel, C., Zanero, S.: Identifying Dormant Functionality in Malware Programs. In: IEEE Symposium on Security and Privacy (2010)

    Google Scholar 

  14. Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: IEEE Symposium on Security and Privacy (2007)

    Google Scholar 

  15. Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: 23rd Annual Computer Security Applications Conference, ACSAC (2007)

    Google Scholar 

  16. Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Network and Distributed System Security Symposium, NDSS (2005)

    Google Scholar 

  17. Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: 11th Usenix Security Symposium (2002)

    Google Scholar 

  18. Stone-Gross, B., Abman, R., Kemmerer, R., Kruegel, C., Steigerwald, D., Vigna, G.: The Underground Economy of Fake Antivirus Software. In: 10th Workshop on the Economics of Information Security, WEIS (2011)

    Google Scholar 

  19. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is My Botnet: Analysis of a Botnet Takeover. In: 16th ACM Conference on Computer and Communications Security, CCS (2009)

    Google Scholar 

  20. Weber, T.: Criminals ’may overwhelm the web’ (2009), http://news.bbc.co.uk/2/hi/business/6298641.stm

  21. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In: ACM Conference on Computer and Communication Security, CCS (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of California, Santa Barbara, USA

    Christopher Kruegel

Authors
  1. Christopher Kruegel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Illinois at Chicago, 60607-7053, Chicago, IL, USA

    Venkat Venkatakrishnan

  2. Department of Computer Science and Engineering, Indian Institute of Technology, 781039, Guwahati, Assam, India

    Diganta Goswami

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kruegel, C. (2012). Fighting Malicious Software. In: Venkatakrishnan, V., Goswami, D. (eds) Information Systems Security. ICISS 2012. Lecture Notes in Computer Science, vol 7671. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35130-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35130-3_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35129-7

  • Online ISBN: 978-3-642-35130-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation