research-article

Interactive Assistance in Malware Dissemination Detection and Analysis

Authors:

Dragos Gavrilut,

Gheorghita Mutu,

Dorel LucanuAuthors Info & Claims

SCID '24: Proceedings of the 1st Workshop on Security-Centric Strategies for Combating Information Disorder

Article No.: 7, Pages 1 - 6

https://doi.org/10.1145/3660512.3665526

Published: 01 July 2024 Publication History

Abstract

Analysis of a complex cyber-security attack often involves a variety of tools, for each specific payload used in the attack. The information supplied by these tools must be soundly correlated to obtain a correct verdict. We propose a tool, GView, that is designed to investigate cyber-attacks by providing guided analysis for various file types using automatic artifact identification, extraction, coherent correlation & inference, and meaningful & intuitive views at different levels of granularity w.r.t. revealed information. The concept behind GView simplifies navigation through all payloads in a complex attack, streamlining the process for security researchers, and increasing the quality of analysis. Our evaluation shows that GView improves the analysis time of an attack by up to 90% compared to conventional tools used in forensics. We show a scenario where GView is used to analyze a misleading email.

References

[1]

R. AlHarbi, A. AlZahrani, and W.A. Bhat. 2022. Forensic analysis of anti-forensic file-wiping tools on Windows. Journal of Forensic Sciences 67, 2 (2022), 562–587. https://doi.org/10.1111/1556-4029.14907

[2]

Ö. Aslan. 2017. Performance comparison of static malware analysis tools versus antivirus scanners to detect malware. In International Multidisciplinary Studies Congress (IMSC).

[3]

P. Ferrie. 2008. Malware analysis whither the harums?Virus Bulletin (2008).

[4]

D. Herity. 1998. C++ in embedded systems: Myth and reality. Embedded Systems Programming 11, 2 (1998), 48–71.

[5]

E. Hjelmvik. 2019. Intro to NetworkMiner. https://weberblog.net/intro-to-networkminer/.

[6]

J. Kävrestad. 2018. Open-Source or Freeware Tools. Springer International Publishing, Cham, 153–172. https://doi.org/10.1007/978-3-319-96319-8_14

[7]

B. Knighton and C. Delikat. 2019. GHIDRA Software Reverse Engineering Framework. Black Hat USA.

[8]

Kyle Martin. 2019. Binary Ninja Blog.

[9]

N. Miramirkhani, MP. Appini, N. Nikiforakis, and M. Polychronakis. 2017. Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts. In 2017 IEEE Symposium on Security and Privacy (SP). 1009–1024. https://doi.org/10.1109/SP.2017.42

[10]

MITRE ATT&CK. 2015. Cyber Kill Chain. https://www.mitre.org/sites/default/files/publications/active_defense_strategy.pdf

[11]

MITRE ATT&CK. 2015. Enterprise Matrix. https://attack.mitre.org/matrices/enterprise/

[12]

SU. Mostfa and R. Alsaqour. 2016. Performance evaluation of UDP based on traffic size and traffic load using NS2. ARPN Journal of Engineering and Applied Sciences 11, 9 (2016), 5551–5558.

[13]

O. Pal, V. Kumar, R. Khan, B. Alam, and M. Alam. 2023. Cyber Security Using Modern Technologies: Artificial Intelligence, Blockchain and Quantum Cryptography. CRC Press. https://books.google.ro/books?id=OgHGEAAAQBAJ

[14]

Jay Peters. 2024. How hackers took over Linus Tech Tips. https://www.theverge.com/2023/3/24/23654996/linus-tech-tips-channel-hack-session-token-elon-musk-crypto-scam. Accessed: 2024-04-14.

[15]

J. Saxe and H. Sanders. 2018. Malware data science: attack detection and attribution. No Starch Press.

[16]

P. Vanparia, Y. Ghodasara, and H. Donga. 2015. Network Protocol Analyzer with Wireshark. developeriq.in (03 2015). https://www.researchgate.net/publication/282385189_Network_Protocol_Analyzer_with_Wireshark

[17]

H. Wen, Z. Lin, and Y. Zhang. 2020. FirmXRay: Detecting Bluetooth Link Layer Vulnerabilities From Bare-Metal Firmware. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, USA) (CCS ’20). Association for Computing Machinery, New York, NY, USA, 167–180. https://doi.org/10.1145/3372297.3423344

Digital Library

[18]

R. Wong. 2018. Mastering Reverse Engineering: Re-engineer your ethical hacking skills. Packt Publishing. https://books.google.ro/books?id=Q-l1DwAAQBAJ

[19]

A. Yokoyama, K. Ishii, R. Tanabe, Y. Papa, K. Yoshioka, T. Matsumoto, T. Kasama, D. Inoue, M. Brengel, M. Backes, and C. Rossow. 2016. SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion. In Research in Attacks, Intrusions, and Defenses, F. Monrose, M. Dacier, G. Blanc, and J. Garcia-Alfaro (Eds.). Springer International Publishing, Cham, 165–187.

[20]

Raul Zaharia, Dragoş Gavriluţ, Gheorghiţă Mutu, and Dorel Lucanu. 2024. GView: A Versatile Assistant for Security Researchers. arxiv:2404.09058 [cs.CR]

[21]

Raul Zaharia, Dragoș Gavriluț, Gheorghiță Mutu, and Dorel Lucanu. 2023. GView: email sponsorship scenario. https://youtu.be/LpsvcgCkII8.

Cited By

Turtureanu CMutu GGavriluţ D(2024)A Software Engineering Approach into Analyzing Microsoft Office-Based Email Attacks2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC65383.2024.00031(113-117)Online publication date: 16-Sep-2024
https://doi.org/10.1109/SYNASC65383.2024.00031
Zaharia R(2024)Concepts Involved in Creating an Interactive Viewer for Disassembly2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC65383.2024.00029(107-110)Online publication date: 16-Sep-2024
https://doi.org/10.1109/SYNASC65383.2024.00029
Antoneac AMutu GGavriluţ D(2024)Entropy-Driven Visualization in GView: Unveiling the Unknown in Binary File Formats2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC65383.2024.00025(74-81)Online publication date: 16-Sep-2024
https://doi.org/10.1109/SYNASC65383.2024.00025

Index Terms

Interactive Assistance in Malware Dissemination Detection and Analysis
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
      1. Artificial immune systems
    2. Malware and its mitigation

Recommendations

Malware Analysis: Tools and Techniques
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

Malicious code is a serious issue which regularly threatens the security of computer systems and act as a challenging task for cyber security& Information security personals. Malicious code is named differently according to their specification such as ...
The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using ...
Malware Detection by Static Checking and Dynamic Analysis of Executables

The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SCID '24: Proceedings of the 1st Workshop on Security-Centric Strategies for Combating Information Disorder

July 2024

68 pages

ISBN:9798400706509

DOI:10.1145/3660512

Editors:
Duc-Tien Dang-Nguyen
University of Bergen, Norway
,
Anh-Duy Tran
KU Leuven, Belgium
,
Minh-Triet Tran
University of Science, VNU HCM, Ho Chi Minh City, Vietnam

Copyright © 2024 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2024

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ASIA CCS '24

Sponsor:

SIGSAC

ASIA CCS '24: ACM Asia Conference on Computer and Communications Security

July 1 - 5, 2024

Singapore, Singapore

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
70
Total Downloads

Downloads (Last 12 months)70
Downloads (Last 6 weeks)6

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Turtureanu CMutu GGavriluţ D(2024)A Software Engineering Approach into Analyzing Microsoft Office-Based Email Attacks2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC65383.2024.00031(113-117)Online publication date: 16-Sep-2024
https://doi.org/10.1109/SYNASC65383.2024.00031
Zaharia R(2024)Concepts Involved in Creating an Interactive Viewer for Disassembly2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC65383.2024.00029(107-110)Online publication date: 16-Sep-2024
https://doi.org/10.1109/SYNASC65383.2024.00029
Antoneac AMutu GGavriluţ D(2024)Entropy-Driven Visualization in GView: Unveiling the Unknown in Binary File Formats2024 26th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)10.1109/SYNASC65383.2024.00025(74-81)Online publication date: 16-Sep-2024
https://doi.org/10.1109/SYNASC65383.2024.00025

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten