%0 Conference Proceedings
%4 dpi.inpe.br/plutao/2012/11.28.16.40.50
%2 dpi.inpe.br/plutao/2012/11.28.16.40.51
%@isbn 9783642311284
%@isbn 03029743
%@isbn E-ISSN: 16113349
%@isbn ISBN-13: 9783642311277
%F lattes: 0096913881679975 6 GregioAfFeGeJiSa:2012:PiMaAc
%T Pinpointing Malicious Activities through Network and System-Level Malware Execution Behavior
%D 2012
%A Gregio, André Ricardo Abed,
%A Afonso, Vitor M.,
%A Fernandes Filho, Dario S.,
%A Geus, Paulo Lício de,
%A Jino, Mario,
%A Santos, Rafael Duarte Coelho dos,
%@affiliation CTI.MCT
%@affiliation Universidade Estadual de Campinas (UNICAMP)
%@affiliation Universidade Estadual de Campinas (UNICAMP)
%@affiliation Universidade Estadual de Campinas (UNICAMP)
%@affiliation Universidade Estadual de Campinas (UNICAMP)
%@affiliation Instituto Nacional de Pesquisas Espaciais (INPE)
%@electronicmailaddress argregrio@cti.gov.br
%@electronicmailaddress vitor@las.ic.unicamp.br
%@electronicmailaddress dario@las.ic.unicamp.br
%@electronicmailaddress paulo@las.ic.unicamp.br
%@electronicmailaddress jino@ldca.fee.unicamp.br
%@electronicmailaddress rafael.santos@inpe.br
%B International Conference on Computational Science and Its Applications, 12 (ICCSA).
%C Salvador
%8 2012
%I Springer Verlag
%J Heidelberg
%V 7336
%P 274-285
%S Proceedings
%1 Universidade Federal da Bahia (UFBA); Universidade Federal do Reconcavo da Bahia (UFRB); Universidade Estadual de Feira de Santana (UEFS); University of Perugia; University of Basilicata (UB)
%X Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware.
%@language en
%3 gregio_pinpointing.pdf