Please use this identifier to cite or link to this item: http://repositorio.unicamp.br/jspui/handle/REPOSIP/97098
Type: Artigo de evento
Title: Interactive, Visual-aided Tools To Analyze Malware Behavior
Author: Gregio A.R.A.
Baruque A.O.C.
Afonso V.M.
Filho D.S.F.
De Geus P.L.
Jino M.
Dos Santos R.D.C.
Abstract: Malicious software attacks can disrupt information systems, violating security principles of availability, confidentiality and integrity. Attackers use malware to gain control, steal data, keep access and cover traces left on the compromised systems. The dynamic analysis of malware is useful to obtain an execution trace that can be used to assess the extent of an attack, to do incident response and to point to adequate counter-measures. An analysis of the captured malware can provide analysts with information about its behavior, allowing them to review the malicious actions performed during its execution on the target. The behavioral data gathered during the analysis consists of filesystem and network activity traces; a security analyst would have a hard time sieving through a maze of textual event data in search of relevant information. We present a behavioral event visualization framework that allows for an easier realization of the malicious chain of events and for quickly spotting interesting actions performed during a security compromise. Also, we analyzed more than 400 malware samples from different families and showed that they can be classified based on their visual signature. Finally, we distribute one of our tools to be freely used by the community. © 2012 Springer-Verlag.
Editor: 
Rights: fechado
Identifier DOI: 10.1007/978-3-642-31128-4_22
Address: http://www.scopus.com/inward/record.url?eid=2-s2.0-84863928210&partnerID=40&md5=451350b793e81a44286f3b310d586727
Date Issue: 2012
Appears in Collections:Unicamp - Artigos e Outros Documentos

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.