PL
 |
EN

PL EN

Preferencje help
Polish version English version Język
Widoczny [Schowaj] Abstrakt
Liczba wyników
Czasopismo

Annals of Computer Science and Information Systems

2014 | 2 | 101--110
Tytuł artykułu

Identification of malware activities with rules

Autorzy
Bartosz Jasiul , Joanna Śliwa , Kamil Gleba , Marcin Szpyrka
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
The article describes the method of malware activities identification using ontology and rules. The method supports detection of malware at host level by observing its behavior. It sifts through hundred thousands of regular events and allows to identify suspicious ones. They are then passed on to the second building block responsible for malware tracking and matching stored models with observed malicious actions. The presented method was implemented and verified in the infected computer environment. As opposed to signature-based antivirus mechanisms it allows to detect malware the code of which has been obfuscated.(original abstract)
Słowa kluczowe
EN
PL
Czasopismo
Annals of Computer Science and Information Systems
Rocznik
2014
Tom
2
Strony
101--110
Opis fizyczny
Twórcy
autor
Bartosz Jasiul
  • Military Communication Institute
autor
Joanna Śliwa
  • Military Communication Institute
autor
Kamil Gleba
  • Military Communication Institute
autor
Marcin Szpyrka
  • AGH University of Science and Technology Kraków, Poland
Bibliografia
  • Adair S., Deibert R., Rohozinski R., Villeneuve N., and Walton G., Shadows in the cloud: Investigating Cyber Espionage 2.0, 2010, Information Warfare Monitor Shadowserver Foundation, http://shadows-in-the-cloud.net
  • Antoniou G. and van Harmelen F., A Semantic Web P rimer. Cambridge, England: The MIT Press, 2008.
  • API hooking revealed, http://www.codeproject.com/Articles/2082/API-hooking-revealed
  • ARAKIS, http://www.arakis.pl
  • Bereziński P., Szpyrka M., Jasiul B., and Mazur M., "Network anomaly detection using parameterized entropy," in CISIM 2014, ser. LNCS, K. Saeed and V. Snášel, Eds. Springer, 2014, vol. 8838, pp. 473-486.
  • Bobek S., Porzycki K., and Nalepa G., "Learning sensors usage patterns in mobile context-aware systems," in Proceedings of the Federated Conference on Computer Science and Information Systems - FedCSIS, IEEE, 2013, pp. 993-998.
  • Choraś M., Kozik R., Piotrowski R., Brzostek J., and Hołubowicz W., "Network events correlation for federated networks protection system," in Towards a Service-Based Internet, LNCS, Springer, 2011, vol. 6994, pp. 100-111. http://dx.doi.org/10.1007/978-3-642-24755-2_9
  • Conti M., Di Pietro R., Mancini L., and Mei A., "Mobility and cooperation to thwart node capture attacks in MANETs," EURASIP J. Wirel. Commun. Netw., vol. 2009, no. 1, pp. 8:1-8:13, 2009. http://dx.doi.org/10.1155/2009/945943
  • EasyHook, http://easyhook.codeplex.com/
  • Gostev A., Kaspersky Security Bulletin: Statistics 2008, http://www.securelist.com/en/analysis/204792052/
  • Horrocks I., Patel-Schneider P., Boley H., Tabet S., Grosof B., and Dean M., SWRL: A Semantic Web Rule Language. Combining OWL and RuleML, http://www.w3.org/Submission/SWRL/
  • Jasiul B., Piotrowski R., Bereziski P., Choraś M., Kozik R., and Brzostek J., "Federated Cyber Defence System - applied methods and techniques," in 2012 Military Communications and Information Systems Conference, MCC 2012, 2012, pp. 145-150.
  • Jasiul B., Szpyrka M., and Śliwa J., "Malware behavior modeling with Colored Petri nets," in CISIM 2014, ser. LNCS, K. Saeed and V. Snášel, Eds. Springer, 2014, vol. 8838, pp. 667-679.
  • Jensen K. and Kristensen L., Coloured Petri Nets: Modelling and Validation of Concurrent Systems, 1st ed. Springer, 2009.
  • Maslennikov D. and Namestnikov Y., Kaspersky Security Bulletin. The overall statistics for 2012, http://www.securelist.com/en/analysis/204792255/
  • McAfee and HB Garry Solution Brief. Extend McAfee Total Protection for Endpoint with HBGary Digital DNA and Responder, http://www.mcafee.com/us/resources/solution-briefs/sb- hbgary.pdf
  • Microsoft Technet - Sysinternals, http://technet.microsoft.com/en-us/sysinternals/
  • Nalepa G. and Bobek S., "Rule-based solution for context-aware reasoning on mobile devices," Computer Science and Information Systems, vol. 11, no. 1, pp. 171-193, 2014.
  • Netfilter, http://www.netfilter.org/
  • Protégé - ontology editor and knowledge-base framework, http://protege.stanford.edu/
  • Raiu C., Virus News: 2012 by the numbers, http://www.kaspersky.com/
  • Russinovich M. and Cogswell B., Process Monitor v3.05, http://technet.microsoft.com/pl-pl/sysinternals/bb896645.aspx
  • Russinovich M. and Margosis A., Windows Sysinternals Administrator's Reference. Redmond, Washington, USA: Microsoft Press, 2011.
  • Sirin E., Parsia B., Cuenca Grau B., Kalyanpur A., and Katz Y., "Pellet: A practical OWL-DL reasoner," in Web Semantics: Science, Services and Agents on the World Wide Web, vol. 5, 2007, pp. 51 - 53. http://dx.doi.org/10.1016/j.websem.2007.03.004
  • SNORT, http://www.snort.org/
  • Szpyrka M. and Szmuc T., "Decision tables in Petri net models," in Rough Sets and Intelligent Systems Paradigms, LNCS, Springer, 2007, vol. 4585, pp. 648-657. http://dx.doi.org/10.1007/978-3-540-73451-2_68
  • Szpyrka M., "Analysis of VME-Bus communication protocol - RTCPnet approach," Real-Time Systems, vol. 35, no. 1, pp. 91- 108, 2007. http://dx.doi.org/10.1007/s11241-006-9003-0
  • Szpyrka M., "Exclusion rule-based systems - case study," in Computer Science and Information Technology, IMCSIT, 2008, pp. 237-242. http://dx.doi.org/10.1109/IMCSIT.2008.4747245
  • Szpyrka M., Jasiul B., Wrona K., and Dziedzic F., "Telecommunications networks risk assessment with Bayesian networks," in Computer Information Systems and Industrial Management, LNCS, Springer, 2013, vol. 8104, pp. 277-288. http://dx.doi.org/10.1007/978-3-642-40925-7_26
  • Szwed P. and Skrzyński P., "A new lightweight method for security risk assessment based on fuzzy cognitive maps," Applied Mathematics and Computer Science, vol. 24, no. 1, pp. 213-225, 2014. http://dx.doi.org/10.2478/amcs-2014-0016
  • Śliwa J. and Amanowicz M., "A mediation service for web services provision in tactical disadvatnaged environment," in IEEE Military Communications Conference, MILCOM, 2008, pp. 1-7. http://dx.doi.org/10.1109/MILCOM.2008.4753323
  • Śliwa J. and Jasiul B., "Efficiency of dynamic content adaptation based on semantic description of web service call context," in Proceedings - IEEE Military Communications Conference MILCOM 2012, Orlando, USA, 2012, pp. 1-6. http://dx.doi.org/10.1109/MILCOM.2012.6415810
  • Śliwa J., Gleba K., Chmiel W., Szwed P., and Głowacz A., " IOEM - Ontology engineering methodology for large systems," in Computational Collective Intelligence. Technologies and Applications, LNCS, Springer, 2011, vol. 6922, pp. 602-611. http://dx.doi.org/10.1007/978-3-642-23935-9_59
  • Takeshi A., Masaki K., and Murakami T., Cyber Security Trend - Annual Review 2012, http://www.nri-secure.co.jp/news/2012/pdf/cyber _security_trend_report_en.pdf
  • Tarapata Z., Chmielewski M., and Kasprzyk R., "An algorithmic approach to social knowledge processing and reasoning based on graph representation - a case study," in Intelligent Information and Database Systems, LNCS, Springer, 2010, vol. 5991, pp. 93-104. http://dx.doi.org/10.1007/978-3-642-12101-2_11
  • Tarski A., Introduction to Logic and to the Methodology of Deductive Sciences, Second Edition. New York: Dover Publications, Inc., 1946.
  • Tibbs H., Ambler-Edwards S., and Corcoran M., The Global Cyber Game: Achieving strategic resilience in the global knowledge society, 2013, Defence Academy of The United Kingdom.
  • Verizone. 2012 Data Breach Investigations Report, http://www.verizonenterprise.com/DBIR/2012/.
Typ dokumentu
Bibliografia
Identyfikatory
Identyfikator YADDA
bwmeta1.element.ekon-element-000171321121

Zgłoszenie zostało wysłane

Zgłoszenie zostało wysłane

Musisz być zalogowany aby pisać komentarze.
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.