Probabilistic analysis of dynamic malware traces
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F18%3A00318758" target="_blank" >RIV/68407700:21230/18:00318758 - isvavai.cz</a>
Result on the web
<a href="https://www.sciencedirect.com/science/article/pii/S0167404818300336" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404818300336</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.cose.2018.01.012" target="_blank" >10.1016/j.cose.2018.01.012</a>
Alternative languages
Result language
angličtina
Original language name
Probabilistic analysis of dynamic malware traces
Original language description
We propose a method to automatically group unknown binaries executed in sandbox according to their interaction with system resources (files on the filesystem, mutexes, registry keys, network communication with remote servers and error messages generated by operating system) such that each group corresponds to a malware family. The method utilizes probabilistic generative model (Bernoulli mixture model), which allows human-friendly prioritization of identified clusters and extraction of readable behavioral indicators to maximize interpretability. We compare it to relevant prior art on a large set of malware binaries where a quality of cluster prioritization and automatic extraction of indicators of compromise is demonstrated. The proposed approach therefore implements complete pipeline which has the potential to significantly speed-up analysis of unknown samples.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2018
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computers & Security
ISSN
0167-4048
e-ISSN
1872-6208
Volume of the periodical
74
Issue of the periodical within the volume
May
Country of publishing house
GB - UNITED KINGDOM
Number of pages
19
Pages from-to
221-239
UT code for WoS article
000428098500013
EID of the result in the Scopus database
2-s2.0-85041376690