Detection of Privacy Threat by Peculiar Feature Extraction in Malwares to Combat Targeted Cyber Attacks

Conference paper
First Online:
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 362)

Abstract

Targeted cyber-threats are topmost concern of organizations and technologies of today. Malwares having similar objectives bear common artifacts. Thus defining a detection mechanism based on such peculiar artifacts will not only help in detecting existing risks but also gives a considerable defense against unknown malicious attacks. About 903 known malware samples related to espionage were analyzed statically and a data set comprising related artifacts is established and also checked against the benign software. Weightage is given to each artifact on the difference of its existence in malicious and benign code and artifact’s relation to the expected targeted organization or technology thus catering for targeted attacks. Designed algorithm for detection of espionage attack has given 99.16 % of authentication and 99.33 % of precision. Real time alarm generation is also incorporated by API hooking using Detour library for latter detailed analysis of suspicious program or application by proposed algorithm.

Keywords

Telecomm Sector String Data Malicious Application Alarm Generation Benign File 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Symantec Corporation Internet Security Threat Report, vol. 19 (2014). http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf. Accessed 12 Apr 2014
  2. 2.
    Kaspersky Lab: Available http://www.kaspersky.com/about/news/virus/2013/number-of-the-year. Accessed 12 Apr 2015
  3. 3.
    de Vries, J.A.: Towards a roadmap for development of intelligent data analysis based cyber attack detection systems. Dissertation, Delft University of Technology (2012)Google Scholar
  4. 4.
    Denning, P.J.: The ARPANET after twenty years. Am. Sci. 77, 530–535 (1989)Google Scholar
  5. 5.
    Oberheide, J., Cooke, E., Jahanian, F., CloudAV : N-version antivirus in the network cloud. Electrical Engineering and Computer Science Department, University of MichiganGoogle Scholar
  6. 6.
    Hung,, S.L.Y.C.H.: N-victims : an approach to determine N victims for APT investigations. Paper Presented in Information Security Application 13th International Workshop WISA 2012Google Scholar
  7. 7.
    Veeramani, R., Rai, N.: Windows API based malware detection and framework analysis. Int. J. Scientif. Eng. Res. 3(3), 1–6 (2012)Google Scholar
  8. 8.
    Spafford, E.H.: The internet worm incident (1989). Available http://docs.lib.purdue.edu/cstech/793. Accessed 13 Apr 2015
  9. 9.
    Botnet Research Survey: Available http://www.computer.org/csdl/proceedings/compsac/2008/3262/00/3262a967.pdf. Accessed 22 Mar 2015
  10. 10.
    Egele, M.: A Survey on Automated Dynamic Malware Analysis Techniques and Tools, vol. V, pp. 1–49. Vienna University of TechnologyGoogle Scholar
  11. 11.
    Alam, S., Horspool, R.N., Traore, I.: MARD: a framework for metamorphic malware analysis and real-time detection. In: Proceedings of International Conference on Advanced Information Networking and Applications (AINA), pp. 480–489 (2014)Google Scholar
  12. 12.
    Javed, A., Akhlaq, M.: On the approach of static feature extraction in trojans to combat against zero-day threats. In: International conference on Paper Presented in IT Convergence and Security (ICITCS), pp. 1–5, 28–30 Oct 2014Google Scholar
  13. 13.
    Salehi, Z., Ghiasi, M., Sami, A.: A miner for malware detection based on API function calls and their arguments. In: 16th CSI International Symposium on Artificial Intelligence and Signal Processing (AISP 2012), pp. 563–568, May 2012Google Scholar
  14. 14.
    Burji, S., Liszka, K.J., Chan, C.: Malware analysis using reverse engineering and data mining tools. In: International Conference on System Science and Engineering (ICSSE), pp. 619–624 (2010)Google Scholar
  15. 15.
  16. 16.
    Windows Filtering Platform (Windows). Available http://msdn.microsoft.com/en-us/library/aa366510(VS.85).aspx. Accessed 21 Jan 2013
  17. 17.
    Open Malware. Available http://oc.gtisc.gatech.edu:8080/. Accessed 22 Mar 2015
  18. 18.
    Contagio. Available http://contagiodump.blogspot.com/. Accessed 22 Mar 2015
  19. 19.
    Malware Sample Sources for Researchers. Available https://zeltser.com/malware-sample-sources/. Accessed 22 Mar 2015
  20. 20.
    Marco Pontello’s Home—Software—TrID. Available http://mark0.net/soft-trid-e.html. Accessed 22 Mar 2015
  21. 21.
    PEid—aldeid. Available http://www.aldeid.com/wiki/PEid#PEid. Accessed 22 Mar 2015
  22. 22.
    Sami, A., Hamze, A.: Malware Detection Based on Mining API Calls, Categories and Subject Descriptors. ACM, pp. 1020–1025 (2010). 978-1-60558-638-0/10/03Google Scholar
  23. 23.
    Ye, Y.F., Wang, D.D., Li, T., Ye, D.Y.: IMDS: intelligent malware detection system, KDD-2007. In: Proceedings of Thirteenth ACM SIGKDD International Conference on Knowledge Discovery of Data Mining, pp. 1043–1047 (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Farhan Habib Ahmad
    • 1
  • Komal Batool
    • 1
  • Azhar Javed
    • 1
  1. 1.National University of Sciences and TechnologyIslamabadPakistan

Personalised recommendations