<?xml version="1.0" encoding="ISO-8859-1"?>
<metadatalist>
	<metadata ReferenceType="Journal Article">
		<site>mtc-m16d.sid.inpe.br 806</site>
		<holdercode>{isadg {BR SPINPE} ibi 8JMKD3MGPCW/3DT298S}</holdercode>
		<identifier>8JMKD3MGP7W/3CEPDR8</identifier>
		<repository>sid.inpe.br/mtc-m19/2012/08.14.11.34</repository>
		<lastupdate>2012:08.29.17.11.29 sid.inpe.br/mtc-m19@80/2009/08.21.17.02 marciana</lastupdate>
		<metadatarepository>sid.inpe.br/mtc-m19/2012/08.14.11.34.04</metadatarepository>
		<metadatalastupdate>2018:06.05.04.12.40 sid.inpe.br/mtc-m19@80/2009/08.21.17.02 administrator {D 2012}</metadatalastupdate>
		<secondarykey>INPE--PRE/</secondarykey>
		<doi>10.1007/978-3-642-31128-4_20</doi>
		<issn>0302-9743</issn>
		<citationkey>GrégioAfFeGeJiSa:2012:PiMaAc</citationkey>
		<title>Pinpointing Malicious Activities through Network and System-Level Malware Execution Behavior</title>
		<year>2012</year>
		<secondarytype>PRE PI</secondarytype>
		<numberoffiles>1</numberoffiles>
		<size>149 KiB</size>
		<author>Grégio, André Ricardo Abed,</author>
		<author>Afonso, Vitor Monte,</author>
		<author>Fernandes Filho, Dario Simões,</author>
		<author>Geus, Paulo Lício de,</author>
		<author>Jino, Mario,</author>
		<author>Santos, Rafael Duarte Coelho dos,</author>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid></resumeid>
		<resumeid>8JMKD3MGP5W/3C9JJ4N</resumeid>
		<group></group>
		<group></group>
		<group></group>
		<group></group>
		<group></group>
		<group>LAC-CTE-INPE-MCTI-GOV-BR</group>
		<affiliation>CTI Renato Archer - MCT</affiliation>
		<affiliation>DCA - FEEC - Unicamp</affiliation>
		<affiliation>DCA - FEEC - Unicamp</affiliation>
		<affiliation>DCA - FEEC - Unicamp</affiliation>
		<affiliation>DCA - FEEC - Unicamp</affiliation>
		<affiliation>Instituto Nacional de Pesquisas Espaciais (INPE)</affiliation>
		<electronicmailaddress>argregio@cti.gov.br</electronicmailaddress>
		<electronicmailaddress></electronicmailaddress>
		<electronicmailaddress></electronicmailaddress>
		<electronicmailaddress>paulo@las.ic.unicamp.br</electronicmailaddress>
		<electronicmailaddress>jino@dca.fee.unicamp.br</electronicmailaddress>
		<journal>Lecture Notes in Computer Science</journal>
		<volume>7336</volume>
		<number>PART 4</number>
		<pages>274-285</pages>
		<secondarymark>C_ADMINISTRAÇÃO,_CIÊNCIAS_CONTÁBEIS_E_TURISMO C_ASTRONOMIA_/_FÍSICA C_BIOTECNOLOGIA B5_CIÊNCIAS_BIOLÓGICAS_I C_CIÊNCIAS_BIOLÓGICAS_III B1_CIÊNCIAS_SOCIAIS_APLICADAS_I B3_DIREITO C_EDUCAÇÃO C_ENGENHARIAS_I B3_ENGENHARIAS_II C_ENGENHARIAS_III B4_ENSINO_DE_CIÊNCIAS_E_MATEMATICA B5_GEOCIÊNCIAS B2_INTERDISCIPLINAR B5_MATEMÁTICA_/_PROBABILIDADE_E_ESTATÍSTICA B3_MEDICINA_I B3_MEDICINA_II B3_PSICOLOGIA</secondarymark>
		<transferableflag>1</transferableflag>
		<contenttype>External Contribution</contenttype>
		<versiontype>finaldraft</versiontype>
		<keywords>Computer Security, Malware Analysis.</keywords>
		<abstract>Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware.</abstract>
		<area>COMP</area>
		<language>en</language>
		<usergroup>administrator</usergroup>
		<usergroup>marciana</usergroup>
		<readergroup>administrator</readergroup>
		<readergroup>marciana</readergroup>
		<visibility>shown</visibility>
		<archivingpolicy>denypublisher denyfinaldraft12</archivingpolicy>
		<readpermission>allow from all</readpermission>
		<documentstage>not transferred</documentstage>
		<mirrorrepository>sid.inpe.br/mtc-m19@80/2009/08.21.17.02.53</mirrorrepository>
		<nexthigherunit>8JMKD3MGPCW/3ESGTTP</nexthigherunit>
		<citingitemlist>sid.inpe.br/bibdigital/2013/09.22.23.14 3</citingitemlist>
		<citingitemlist>sid.inpe.br/mtc-m21/2012/07.13.14.58.32 1</citingitemlist>
		<dissemination>WEBSCI; PORTALCAPES; COMPENDEX.</dissemination>
		<hostcollection>sid.inpe.br/mtc-m19@80/2009/08.21.17.02</hostcollection>
		<notes>12th International Conference on Computational Science and Its Applications, ICCSA 2012 Salvador de Bahia 18 June 2012through21 June 2012 Code90945</notes>
		<username>marciana</username>
		<agreement>agreement.html .htaccess .htaccess2</agreement>
		<lasthostcollection>sid.inpe.br/mtc-m19@80/2009/08.21.17.02</lasthostcollection>
		<url>http://mtc-m16d.sid.inpe.br/rep-/sid.inpe.br/mtc-m19/2012/08.14.11.34</url>
	</metadata>
</metadatalist>