Linhai Song
ABSTRACT
This paper calls for the attention to investigate real-world malwares in large scales by examining the largest real malware repository, VirusTotal. As a first step, we analyzed two fundamental characteristics of Windows executable malwares from VirusTotal. We designed offline and online tools for this analysis. Our results show that malwares appear in bursts and that distributions of malwares are highly skewed.
- learnbigcode. URL: http://learnbigcode.github.io/.Google Scholar
- VirusTotal. URL: https://www.virustotal.com/.Google Scholar
- AV-TEST. Malware Statistics. URL: https://www.av-test.org/en/statistics/malware/.Google Scholar
- P. Bielik, V. Raychev, and M. Vechev. Programming with "Big Code": Lessons, Techniques and Applications. In SNAPL, 2015.Google Scholar
- M. M. P. Center. Naming malware. URL: https://www.microsoft.com/security/portal/mmpc/shared/malwarenaming.aspx.Google Scholar
- D. C. D'Elia, C. Demetrescu, and I. Finocchi. Mining hot calling contexts in small space. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 516--527, New York, NY, USA, 2011. ACM. ISBN 978-1-4503-0663-8. URL http://doi.acm.org/10.1145/1993498.1993559. Google ScholarDigital Library
- M. Graziano, D. Canali, L. Bilge, A. Lanzi, and D. Balzarotti. Needles in a haystack: Mining information from public dynamic analysis sandboxes for malware intelligence. In Proceedings of the 24th USENIX Conference on Security Symposium, SEC'15, pages 1057--1072, Berkeley, CA, USA, 2015. USENIX Association. ISBN 978-1-931971-232. URL http://dl.acm.org/citation.cfm?id=2831143.2831210. Google ScholarDigital Library
- A. Gupta, P. Kuppili, A. Akella, and P. Barford. An empirical study of malware evolution. In Proceedings of the First International Conference on COMmunication Systems And NETworks, COMSNETS'09, pages 356--365, Piscataway, NJ, USA, 2009. IEEE Press. ISBN 978-1-4244-2912-7. URL http://dl.acm.org/citation.cfm?id=1702135.1702182. Google ScholarDigital Library
- S. Karaivanov, V. Raychev, and M. Vechev. Phrase-based statistical translation of programming languages. In Proceedings of the 2014 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming & Software, Onward! 2014, pages 173--184, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-3210-1. URL http://doi.acm.org/10.1145/2661136.2661148. Google ScholarDigital Library
- Kaspersky. Kaspersky Security Bulletin 2015. URL: https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015-overall-statistics-for-2015/.Google Scholar
- S. Kim, T. Zimmermann, E. J. Whitehead Jr., and A. Zeller. Predicting faults from cached history. In Proceedings of the 29th International Conference on Software Engineering, ICSE '07, pages 489--498, Washington, DC, USA, 2007. IEEE Computer Society. ISBN 0-7695-2828-7. URL http://dx.doi.org/10.1109/ICSE.2007.66. Google ScholarDigital Library
- A. Metwally, D. Agrawal, and A. E. Abbadi. An integrated efficient solution for computing frequent and top-k elements in data streams. ACM Trans. Database Syst., 31(3):1095--1133, Sept. 2006. ISSN 0362-5915. URL http://doi.acm.org/10.1145/1166074.1166084. Google ScholarDigital Library
- V. Raychev, M. Vechev, and E. Yahav. Code completion with statistical language models. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, pages 419--428, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-2784-8. URL http://doi.acm.org/10.1145/2594291.2594321. Google ScholarDigital Library
- V. Raychev, M. Vechev, and A. Krause. Predicting program properties from "big code". In Proceedings of the 42Nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '15, pages 111--124, New York, NY, USA, 2015. ACM. ISBN 978-1-4503-3300-9. URL http://doi.acm.org/10.1145/2676726.2677009. Google ScholarDigital Library
- K. ZETTER. A Google Site Meant to Protect You Is Helping Hackers Attack You. URL: https://www.wired.com/2014/09/how-hackers-use-virustotal/.Google Scholar
- Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 95--109, Washington, DC, USA, 2012. IEEE Computer Society. ISBN 978-0-7695-4681-0. URL http://dx.doi.org/10.1109/SP.2012.16. Google ScholarDigital Library
Recommendations
Detecting metamorphic malwares using code graphs
SAC '10: Proceedings of the 2010 ACM Symposium on Applied ComputingMalware writers and detectors have been running an endless battle. Self-defense is the weapon most malware writers prepare against malware detectors. Malware writers have tried to evade the improved detection techniques of anti-virus(AV) products. ...
Grouping the Executables to Detect Malwares with High Accuracy
The metamorphic malware variants with the same malicious behavior (family), can obfuscate themselves to look different from each other. This variation in structure lead to a huge signature database for traditional signature matching techniques to detect ...
A graph mining approach for detecting unknown malwares
Nowadays malware is one of the serious problems in the modern societies. Although the signature based malicious code detection is the standard technique in all commercial antivirus softwares, it can only achieve detection once the virus has already ...
Comments