%0 Journal Article
%4 sid.inpe.br/mtc-m19/2012/08.14.11.34
%2 sid.inpe.br/mtc-m19/2012/08.14.11.34.04
%@doi 10.1007/978-3-642-31128-4_20
%@issn 0302-9743
%T Pinpointing Malicious Activities through Network and System-Level Malware Execution Behavior
%D 2012
%A Grégio, André Ricardo Abed,
%A Afonso, Vitor Monte,
%A Fernandes Filho, Dario Simões,
%A Geus, Paulo Lício de,
%A Jino, Mario,
%A Santos, Rafael Duarte Coelho dos,
%@affiliation CTI Renato Archer - MCT
%@affiliation DCA - FEEC - Unicamp
%@affiliation DCA - FEEC - Unicamp
%@affiliation DCA - FEEC - Unicamp
%@affiliation DCA - FEEC - Unicamp
%@affiliation Instituto Nacional de Pesquisas Espaciais (INPE)
%@electronicmailaddress argregio@cti.gov.br
%@electronicmailaddress
%@electronicmailaddress
%@electronicmailaddress paulo@las.ic.unicamp.br
%@electronicmailaddress jino@dca.fee.unicamp.br
%B Lecture Notes in Computer Science
%V 7336
%N PART 4
%P 274-285
%K Computer Security, Malware Analysis.
%X Malicious programs pose a major threat to Internet-connected systems, increasing the importance of studying their behavior in order to fight against them. In this paper, we propose definitions to the different types of behavior that a program can present during its execution. Based on those definitions, we define suspicious behavior as the group of actions that change the state of a target system. We also propose a set of network and system-level dangerous activities that can be used to denote the malignity in suspicious behaviors, which were extracted from a large set of malware samples. In addition, we evaluate the malware samples according to their suspicious behavior. Moreover, we developed filters to translate from lower-level execution traces to the observed dangerous activities and evaluated them in the context of actual malware.
%@language en
%O 12th International Conference on Computational Science and Its Applications, ICCSA 2012 Salvador de Bahia 18 June 2012through21 June 2012 Code90945