A proactive malicious software identification approach for digital forensic examiners

Journal of Information Security and Applications - Tập 47 - Trang 139-155 - 2019
Muhammad Ali1, Stavros Shiaeles1, Nathan Clarke1, Dimitrios Kontogeorgis2
1Centre for Security, Communications, and Networks Research (CSCAN), School of Computing and Mathematics, Plymouth University, UK
2School of Applied Science, Open University of Cyprus, Latsia, Nicosia, Cyprus

Tài liệu tham khảo

Ali, 2018, Agent-based vs agent-less sandbox for dynamic behavioral analysis AlienVault (2013). What are the most common types of malware?Available at:https://www.alienvault.com/blogs/security-essentials/what-are-the-most-common-types-of-malware. Accessed: 22 Mar 2019. Babić, 2011, Malware analysis with tree automata inference, 116 Balthrop, 2004, Technological networks and the spread of computer viruses, Science, 304, 527, 10.1126/science.1095845 Bayer, 2009, Scalable, behaviour-based malware clustering, 9, 8 Bayer U, Habibi I, Balzarotti D, Kirda E, Kruegel C. A view on current malware behaviours. Available at: http://static.usenix.org/event/leet09/tech/full_papers/bayer/bayer_html/. Accessed: 31 Jan 2019. Bayer, 2010, Improving the efficiency of dynamic malware analysis, 1871 Brumley, 2008, Automatically identifying trigger-based behaviour in malware, 65 Carrier, 2005 Carvey, 2009 Carvey, 2011 Carvey, 2005, Tracking USB storage: analysis of windows artifacts generated by USB storage devices, Digit Investig, 2, 94, 10.1016/j.diin.2005.04.006 Casey, 2013, Honing digital forensic processes, Digital Investigation, 10, 138, 10.1016/j.diin.2013.07.002 2012 Cheng, 2011, On modeling malware propagation in generalized social networks, IEEE Commun Lett, 15, 25, 10.1109/LCOMM.2010.01.100830 Christodorescu, 2006 Christodorescu, 2007, Mining specifications of malicious behavior, 5 Christodorescu, 2005, Semantics-aware malware detection, 32 Collie, 2013, The windows IconCache. db: a resource for forensic artifacts from USB connectable devices, Digit Investig, 9, 200, 10.1016/j.diin.2013.01.006 Costa, 2005, Vigilante: end-to-end containment of internet worms, 39, 133 Dalziel, 2014 Dash, 2013 Dolan-Gavitt, 2008, Forensic analysis of the Windows registry in memory, Digit Investig, 5, S26, 10.1016/j.diin.2008.05.003 Egele, 2012, A survey on automated dynamic malware-analysis techniques and tools, ACM Comput Surv (CSUR), 44, 6, 10.1145/2089125.2089126 Fnal (2016). Common Windows Trojan/application startup locations. Available at:https://security.fnal.gov/cookbook/WinStartup.html. Accessed: 27 Mar 2016. Fredrikson, 2010, Synthesizing near-optimal malware specifications from suspicious behaviours, 45 Gil, 2014, A genetic epidemiology approach to cyber-security, Scientific Report, 4, 5659, 10.1038/srep05659 Gordon, 1997, What is wild? Greamo, 2011, Sandboxing and virtualization: modern tools for combating malware, IEEE Secur Priv, 9, 79, 10.1109/MSP.2011.36 Horsman, 2014, A case-based reasoning method for locating evidence during digital forensic device triage, Decis Support Syst, 61, 69, 10.1016/j.dss.2014.01.007 Hosmer, 2014 James, 2013, A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview, Digit Investig, 10, 148, 10.1016/j.diin.2013.04.005 Kolbitsch, 2009, Effective and efficient malware detection at the end host, 351 Kruegel, 2004, Detecting kernel-level rootkits through binary analysis, 91 Li, 2014, Optimal distributed malware defense in mobile networks with heterogeneous devices, IEEE Trans Mob Comput, 13, 377, 10.1109/TMC.2012.255 Lindorfer, 2012, Lines of malicious code: insights into the malicious software industry, 349 Lippmann, 2008 Liu, 2016, Modeling the spread of malware with the influence of heterogeneous immunization, Appl Math Modell, 40, 3141, 10.1016/j.apm.2015.09.105 Malekal (2016). Available at:http://malwaredb.malekal.com/. Accessed: 10 Apr 2019. Malicious-streams (2014). Digging for malware: suspicious filesystem geography. Available at:http://www.malicious-streams.com/resources/articles/DGMW1_Suspicious_FS_Geography.html. Accessed: 31 Jan 2016. Malware.lu (2016). Available at:https://malware.lu/. Accessed: 10 Mar 2019. MalwareTips (2016). Available at:https://malwaretips.com/. Accessed: 10 Mar 2019. Malwaretruth (2016). A list of malware types and their definitions. Available at:http://www.malwaretruth.com/the-list-of-malware-types/Accessed: 22 Mar 2019. Mee, 2006, The windows registry as a forensic artefact: illustrating evidence collection for Internet usage, Digital Investigation, 3, 166, 10.1016/j.diin.2006.07.001 Mishra, 2014, Dynamic model of worm propagation in computer network, Appl Math Modell, 38, 2173, 10.1016/j.apm.2013.10.046 Misra, 2014, Capturing the interplay between malware and anti-malware in a computer network, Appl Math Comput, 229, 340 Moser, 2007, Limits of static analysis for malware detection, 421 NetMarketShare.com (2019). Operating system market share. Available at:https://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0&qpcustomb. Accessed: 21 Mar 2019. Norton (2010). Malware removal guide. Oktavianto, 2013 Park, 2013, Deriving common malware behaviour through graph clustering, Comput Secur, 39, 419, 10.1016/j.cose.2013.09.006 Park, 2010, AntiBot: clustering common semantic patterns for bot detection, 262 Purcell, 2008, Forensic Artifacts of Microsoft windows Vista system, 304 RSA (2013). The cyber espionage blueprint. SANS. Available at:https://www.sans.org/. LastAccessed: 10 Apr 2019. Schuster, 2006, Pool allocations as an information source in windows memory forensics, 104 Shanks, 2014, 39 Sharif, 2008, Impeding malware analysis using conditional code obfuscation Shukla, 2014, Modeling and analysis of the effects of antivirus software on an infected computer network, Appl Math Comput, 227, 11 Sikorski, 2012 Stormo, J.M. (2013). Analysis of Windows 8 registry artifacts. Symantec (2009). Common loading points for viruses, worms, and Trojan horse programs. Available at:https://support.symantec.com/en_US/article.TECH99331.html. Accessed: 2 Feb 2019. SNDBOX (2019). Available at:https://app.sndbox.com/upload/ (Accessed: 23 January 2019). Thomas, 2013, Extraction of memory forensic artifacts from windows 7 ram image, 937 Veracode (2012). Common malware types: cybersecurity 101. Available at:https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101. Accessed: 22 May 2019. Vespignani, 2005, Complex networks: behind enemy lines, Nat Phys, 1, 135, 10.1038/nphys183 VirusSign (2016). Available at:http://www.virussign.com/. Accessed: 10 Apr 2019. VirusTotal(nd). VirusTotal – free online virus, malware and URL scanner. Available at:https://www.virustotal.com/. Accessed: 25 Mar 2019. Vlachos, 2012, On the evolution of malware species, 54 Vmware (2016). VMware virtualization for desktop & server, application, Public Hybrid Clouds. Available at:http://www.vmware.com/. Accessed: 22 Mar 2019. VxHeaven (2016). Available at:http://vxheaven.org/. Accessed: 10 Apr 2016. Willems, 2007, Toward automated dynamic malware analysis using cwsandbox, IEEE Security Privacy, 5, 32, 10.1109/MSP.2007.45 Zeltser L. (nd). Available at:https://zeltser.com/. Accessed: 10 Mar 2019. Zou, 2007, Modeling and simulation study of the propagation and defense of internet e-mail worms, IEEE Trans Depend Secure Comput, 4, 105, 10.1109/TDSC.2007.1001
Thông tin
Thông tin xuất bản

Journal of Information Security and Applications

Tập 47

139-155

Thông tin tác giả