Sandboxing and reasoning on malware infection trees

Krishnendu Ghosh, Jose Andre Morales, William Casey, Bud Mishra

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Malware infection trees are computational structures for analyzing and identifying different processes and files during the execution of malware. In this paper, we describe a sandboxing-based formalization to predict malware behaviors such as the possibility of file and process creation. Model checking is used as a querying mechanism on a labeled transition system representing a malware infection tree. We evaluate computational feasibility of our formalism using a case study on Backdoor.WIN32.Poison malware and behavior specified by malware infection trees.

Original languageEnglish (US)
Title of host publication2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages69-73
Number of pages5
ISBN (Electronic)9781509003174
DOIs
StatePublished - Feb 18 2016
Event10th International Conference on Malicious and Unwanted Software, MALWARE 2015 - Fajardo, United States
Duration: Oct 20 2015Oct 22 2015

Publication series

Name2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015

Other

Other10th International Conference on Malicious and Unwanted Software, MALWARE 2015
CountryUnited States
CityFajardo
Period10/20/1510/22/15

Keywords

  • Cognition
  • Computational modeling
  • Malware
  • Markov processes
  • Model checking
  • Probabilistic logic

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Sandboxing and reasoning on malware infection trees'. Together they form a unique fingerprint.

Cite this