@InProceedings{GregioAfFeGeJiSa:2012:PiMaAc,
               author = "Gregio, Andr{\'e} Ricardo Abed and Afonso, Vitor M. and Fernandes 
                         Filho, Dario S. and Geus, Paulo L{\'{\i}}cio de and Jino, Mario 
                         and Santos, Rafael Duarte Coelho dos",
          affiliation = "CTI.MCT and {Universidade Estadual de Campinas (UNICAMP)} and 
                         {Universidade Estadual de Campinas (UNICAMP)} and {Universidade 
                         Estadual de Campinas (UNICAMP)} and {Universidade Estadual de 
                         Campinas (UNICAMP)} and {Instituto Nacional de Pesquisas Espaciais 
                         (INPE)}",
                title = "Pinpointing Malicious Activities through Network and System-Level 
                         Malware Execution Behavior",
            booktitle = "Proceedings...",
                 year = "2012",
                pages = "274--285",
         organization = "International Conference on Computational Science and Its 
                         Applications, 12. (ICCSA).",
            publisher = "Springer Verlag",
              address = "Heidelberg",
             abstract = "Malicious programs pose a major threat to Internet-connected 
                         systems, increasing the importance of studying their behavior in 
                         order to fight against them. In this paper, we propose definitions 
                         to the different types of behavior that a program can present 
                         during its execution. Based on those definitions, we define 
                         suspicious behavior as the group of actions that change the state 
                         of a target system. We also propose a set of network and 
                         system-level dangerous activities that can be used to denote the 
                         malignity in suspicious behaviors, which were extracted from a 
                         large set of malware samples. In addition, we evaluate the malware 
                         samples according to their suspicious behavior. Moreover, we 
                         developed filters to translate from lower-level execution traces 
                         to the observed dangerous activities and evaluated them in the 
                         context of actual malware.",
  conference-location = "Salvador",
      conference-year = "2012",
                 isbn = "9783642311284 and 03029743 and {E-ISSN: 16113349} and {ISBN-13: 
                         9783642311277}",
                label = "lattes: 0096913881679975 6 GregioAfFeGeJiSa:2012:PiMaAc",
             language = "en",
         organisation = "Universidade Federal da Bahia (UFBA); Universidade Federal do 
                         Reconcavo da Bahia (UFRB); Universidade Estadual de Feira de 
                         Santana (UEFS); University of Perugia; University of Basilicata 
                         (UB)",
           targetfile = "gregio_pinpointing.pdf",
               volume = "7336",
        urlaccessdate = "30 abr. 2024"
}