In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS

Elf_x23 Virus Description, Trendmicro - An Online Malware Descriptions Database. <http://threatinfo.trendmicro.com> (last-viewed-on 05.11.10). Grsecurity, Complete Documentation for the Pax Project. <http://pax.grsecurity.net/docs/>. Kaitan Backdoor Description, Symantec – An Antivirus Solution Provider. <http://www.symantec.com> (last-viewed-on 05.11.10). Satyr Virus Desciption, Virus-List – A Malware Description Database. <http://www.viruslist.com> (last-viewed-on 05.11.10). Sorso-b4264 Net-Worm Description, Symantec – An Antivirus Solution Provider. <http://www.symantec.com> (last-viewed-on 05.11.10). F. Ahmed, H. Hameed, M.Z. Shafiq, M. Farooq, Using spatio-temporal information in API calls with machine learning algorithms for malware detection, in: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, 2009. Bayer, 2006, Dynamic analysis of malicious code, Journal in Computer Virology, 2, 67, 10.1007/s11416-006-0012-2 Brodley, 1999, Identifying mislabeled training data, Journal of Artificial Intelligence Research, 11, 131, 10.1613/jair.606 Bruschi, 2006, Detecting self-mutating malware using control-flow graph matching, Lecture Notes in Computer Science, 4064, 10.1007/11790754_8 G. Casas-Garriga, P. Dıaz, J. Balcazar, ISSA: an integrated system for sequence analysis, Technical Report DELIS-TR-0103, Universitat Paderborn, 2005. M. Castro, M. Costa, T. Harris, Securing software by enforcing data-flow integrity, in: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006. Christodorescu, 2004, Testing malware detectors, ACM SIGSOFT Software Engineering Notes, 29, 34, 10.1145/1013886.1007518 M. Christodorescu, S. Jha, S. Seshia, D. Song, R. Bryant, Semantics-aware malware detection, in: IEEE Symposium on Security and Privacy, 2005. M.F. et al., Symantec global Internet security threat report: Trends for 2009, vol. XV, Symantec 2010. H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, B. Miller, Formalizing sensitivity in static analysis for intrusion detection, in: IEEE Symposium on Security and Privacy, 2004. Fisch, 2010, On the versatility of radial basis function neural networks: a case study in the field of intrusion detection, Information Sciences, 180, 2421, 10.1016/j.ins.2010.02.023 S. Forrest, S. Hofmeyr, A. Somayaji, T. Longstaff, et al., A sense of self for Unix processes, in: IEEE Symposium on Security and Privacy, 1996. D. Gao, M. Reiter, D. Song, Behavioral distance measurement using hidden markov models, in: Recent Advances in Intrusion Detection, 2006. J. Giffin, S. Jha, B. Miller, Efficient context-sensitive intrusion detection, in: Proceedings of the 11th Network and Distributed System Security Symposium, 2004. R. Hund, T. Holz, F. Freiling, Return-oriented rootkits: bypassing kernel code integrity protection mechanisms, in: Proceedings of the USENIX Security Symposium, 2009. M. Inc., Microsoft, Digital Signatures for Kernel Modules on Systems Running Windows Vista. J. Kinder, S. Katzenbeisser, C. Schallhart, H. Veith, et al., Detecting malicious code by model checking, in: Conference on Detection of Intrusions and Malware and Vulnerability Assessment, 2005. E. Kirda, C. Kruegel, G. Banks, G. Vigna, R. Kemmerer, Behavior-based spyware detection, in: Usenix Security Symposium, vol. 15, 2006. C. Kolbitsch, P. Comparetti, C. Kruegel, E. Kirda, X. Zhou, X. Wang, U. Santa Barbara, Effective and efficient malware detection at the end host, in: Proceedings of the 18th USENIX Security Symposium, 2009. Kruegel, 2006, Polymorphic worm detection using structural information of executables, Lecture Notes in Computer Science, 3858, 10.1007/11663812_11 C. Kruegel, W. Robertson, G. Vigna, Detecting kernel-level rootkits through binary analysis, in: Proceedings of the Annual Computer Security Applications Conference, 2005. Li, 2007, A study of malcode-bearing documents, Detection of Intrusions and Malware, and Vulnerability Assessment, 4579, 231, 10.1007/978-3-540-73614-1_14 W. Li, K. Wang, S. Stolfo, B. Herzog, Fileprints: identifying file types by n-gram analysis, in: Proceedings of the IEEE Workshop on Information Assurance and Security, 2005. Z. Li, X. Wang, Z. Liang, M. Reiter, AGIS: towards automatic generation of infection signatures, in: IEEE International Conference on Dependable Systems and Networks with FTCS and DCC, 2008. B. Mehdi, F. Ahmed, S.A. Khayyam, M. Farooq, Towards a theory of generalizing system call representation for in-execution malware detection, in: Proceedings of the IEEE International Conference on Communication, 2010. S.B. Mehdi, A.K. Tanwani, M. Farooq, Imad: in-execution malware analysis and detection, in: Proceedings of the Genetic and Evolutionary Conference, 2009. Menahem, 2009, Improving malware detection by applying multi-inducer ensemble, Computational Statistics & Data Analysis, 53, 1483, 10.1016/j.csda.2008.10.015 A. Moser, C. Kruegel, E. Kirda, Limits of static analysis for malware detection, in: Annual Computer Security Applications Conference (ACSAC), 2007. Mutz, 2006, Anomalous system call detection, ACM Transactions on Information and System Security, 9, 61, 10.1145/1127345.1127348 Offensive-Computing, An Online Malware Collection Database. <http://offensivecomputing.net>. Park, 2010, Anomaly intrusion detection by clustering transactional audit streams in a host computer, Information Sciences, 180, 2375, 10.1016/j.ins.2010.03.001 N. Paul, S. Gurumurthi, D. Evans, Towards disk-level malware detection, in: Code Based Software Security Assessments, 2005, p. 13. Preda, 2008, A semantics-based approach to malware detection, ACM Transactions on Programming Languages and Systems (TOPLAS), 30, 25, 10.1145/1387673.1387674 Qian, 2007, Research on hidden Markov model for system call anomaly detection, Intelligence and Security Informatics, 152, 10.1007/978-3-540-71549-8_13 R. Riley, X. Jiang, D. Xu, Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing, in: Proceedings of the International Symposium on Recent Advances in Intrusion Detection, 2008. P. Royal, M. Halpin, D. Dagon, R. Edmonds, W. Lee, Polyunpack: automating the hidden-code extraction of unpack-executing malware, in: Proceedings of the Computer Security Applications Conference, 2006. Seshadri, 2007, SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes, ACM SIGOPS Operating Systems Review, 41, 350, 10.1145/1323293.1294294 Shafiq, 2008, Embedded malware detection using Markov n-grams, Lecture Notes in Computer Science, 5137, 88, 10.1007/978-3-540-70542-0_5 M.Z. Shafiq, S.M. Tabish, M. Farooq, PE-probe: leveraging packer detection and structural information to detect malicious portable executables, in: Proceedings of the 18th Virus Bulletin Conference, 2009. M.Z. Shafiq, S.M. Tabish, F. Mirza, M. Farooq, PE-Miner: mining structural information to detect malicious executables in realtime, in: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, 2009. F. Shahzad, S. Bhatti, M. Shahzad, M. Farooq, In-execution malware detection using task structures of linux processes, in: IEEE International Conference on Communication, 2011, pp. 1–6. Shahzad, 2011, Elf-miner: using structural knowledge and data mining methods to detect new (Linux) malicious executables, Knowledge and Information Systems, 1 Stopel, 2009, Using artificial neural networks to detect unknown computer worms, Neural Computing and Applications, 18, 663, 10.1007/s00521-009-0238-2 Szor, 2005 G. Taha, Counterattacking the packers, in: McAfee Avert Labs, 2007. Tanwani, 2009, Guidelines to select machine learning scheme for classifcation of biomedical datasets, EVOBIO, Lecture Notes in Computer Science, 5483, 128, 10.1007/978-3-642-01184-9_12 Tanwani, 2009, The role of biomedical dataset in classification, AIME, Lecture Notes in Artificial Intelligence, 5651, 370 VX-Heavens, A Free Malware Collection Web Site. <http://vx.netlux.org/>. D. Wagner, D. Dean, Intrusion detection via static analysis, in: IEEE Symposium on Security and Privacy, 2001. X. Wang, W. Yu, A. Champion, X. Fu, D. Xuan, Detecting worms via mining dynamic program execution, in: Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks and the Workshops, 2007. Y. Wang, D. Beck, B. Vo, R. Roussev, C. Verbowski, A. Johnson, Detecting stealth software with strider ghostbuster, in: Proceedings of the International Conference on Dependable Systems and Networks Table of Contents, 2005. Z. Wang, X. Jiang, W. Cui, P. Ning, Countering kernel rootkits with lightweight hook protection, in: Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009. Willems, 2007, Toward automated dynamic malware analysis using cwsandbox, IEEE Security & Privacy, 32, 10.1109/MSP.2007.45 Witten, 2002, Data mining: practical machine learning tools and techniques with Java implementations, ACM SIGMOD Record, 31, 76, 10.1145/507338.507355 Witten, 2005 H. Yin, D. Song, M. Egele, C. Kruegel, E. Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, in: Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007. Zhu, 2004, Class noise vs. attribute noise: a quantitative study, Artificial Intelligence Review, 22, 177, 10.1007/s10462-004-0751-8