<?xml version="1.0" encoding="ISO-8859-1"?>
<metadatalist>
	<metadata ReferenceType="Conference Proceedings">
		<site>plutao.sid.inpe.br 800</site>
		<holdercode>{isadg {BR SPINPE} ibi 8JMKD3MGPCW/3DT298S}</holdercode>
		<identifier>J8LNKAN8RW/3D53L44</identifier>
		<repository>dpi.inpe.br/plutao/2012/11.28.16.40.50</repository>
		<lastupdate>2015:03.18.16.07.39 dpi.inpe.br/plutao@80/2008/08.19.15.01 administrator</lastupdate>
		<metadatarepository>dpi.inpe.br/plutao/2012/11.28.16.40.51</metadatarepository>
		<metadatalastupdate>2018:06.05.00.02.05 dpi.inpe.br/plutao@80/2008/08.19.15.01 administrator {D 2012}</metadatalastupdate>
		<secondarykey>INPE--PRE/</secondarykey>
		<isbn>9783642311284</isbn>
		<isbn>03029743</isbn>
		<isbn>E-ISSN:  16113349</isbn>
		<isbn>ISBN-13:  9783642311277</isbn>
		<label>lattes: 0096913881679975 6 GregioAfFeGeJiSa:2012:PiMaAc</label>
		<citationkey>GregioAfFeGeJiSa:2012:PiMaAc</citationkey>
		<title>Pinpointing Malicious Activities through Network and System-Level Malware Execution Behavior</title>
		<format>Papel</format>
		<year>2012</year>
		<secondarytype>PRE CI</secondarytype>
		<numberoffiles>1</numberoffiles>
		<size>244 KiB</size>
		<author>Gregio, André Ricardo Abed,</author>
		<author>Afonso, Vitor M.,</author>
		<author>Fernandes Filho, Dario S.,</author>
		<author>Geus, Paulo Lício de,</author>
		<author>Jino, Mario,</author>
		<author>Santos, Rafael Duarte Coelho dos,</author>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid>8JMKD3MGP5W/3C9JJ4N</resumeid>
		<group></group>
		<group></group>
		<group></group>
		<group></group>
		<group></group>
		<group>LAC-CTE-INPE-MCTI-GOV-BR</group>
		<affiliation>CTI.MCT</affiliation>
		<affiliation>Universidade Estadual de Campinas (UNICAMP)</affiliation>
		<affiliation>Universidade Estadual de Campinas (UNICAMP)</affiliation>
		<affiliation>Universidade Estadual de Campinas (UNICAMP)</affiliation>
		<affiliation>Universidade Estadual de Campinas (UNICAMP)</affiliation>
		<affiliation>Instituto Nacional de Pesquisas Espaciais (INPE)</affiliation>
		<electronicmailaddress>argregrio@cti.gov.br</electronicmailaddress>
		<electronicmailaddress>vitor@las.ic.unicamp.br</electronicmailaddress>
		<electronicmailaddress>dario@las.ic.unicamp.br</electronicmailaddress>
		<electronicmailaddress>paulo@las.ic.unicamp.br</electronicmailaddress>
		<electronicmailaddress>jino@ldca.fee.unicamp.br</electronicmailaddress>
		<electronicmailaddress>rafael.santos@inpe.br</electronicmailaddress>
		<e-mailaddress>rafael.santos@inpe.br</e-mailaddress>
		<conferencename>International Conference on Computational Science and Its Applications, 12 (ICCSA).</conferencename>
		<conferencelocation>Salvador</conferencelocation>
		<date>2012</date>
		<publisher>Springer Verlag</publisher>
		<publisheraddress>Heidelberg</publisheraddress>
		<volume>7336</volume>
		<pages>274-285</pages>
		<booktitle>Proceedings</booktitle>
		<tertiarytype>Paper</tertiarytype>
		<organization>Universidade Federal da Bahia (UFBA); Universidade Federal do Reconcavo da Bahia (UFRB); Universidade Estadual de Feira de Santana (UEFS); University of Perugia; University of Basilicata (UB)</organization>
		<transferableflag>1</transferableflag>
		<contenttype>External Contribution</contenttype>
		<versiontype>finaldraft</versiontype>
		<abstract>Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware.</abstract>
		<area>COMP</area>
		<language>en</language>
		<targetfile>gregio_pinpointing.pdf</targetfile>
		<usergroup>lattes</usergroup>
		<usergroup>marciana</usergroup>
		<readergroup>administrator</readergroup>
		<readergroup>marciana</readergroup>
		<visibility>shown</visibility>
		<readpermission>allow from all</readpermission>
		<documentstage>not transferred</documentstage>
		<nexthigherunit>8JMKD3MGPCW/3ESGTTP</nexthigherunit>
		<citingitemlist>sid.inpe.br/mtc-m21/2012/07.13.14.58.32 1</citingitemlist>
		<hostcollection>dpi.inpe.br/plutao@80/2008/08.19.15.01</hostcollection>
		<username>marciana</username>
		<lasthostcollection>dpi.inpe.br/plutao@80/2008/08.19.15.01</lasthostcollection>
		<url>http://plutao.sid.inpe.br/rep-/dpi.inpe.br/plutao/2012/11.28.16.40.50</url>
	</metadata>
</metadatalist>