Title :
Browser function calls modeling for banking malware detection
Author :
García-Cervigón, Manuel ; Llinàs, Manel Medina
Author_Institution :
Comput. Networks & Distrib. Syst. (CNDS), Univ. Politec. de Catalunya, Barcelona, Spain
Abstract :
Financial service providers are moving many services on-line to reduce their costs and facilitate customers´ interaction. Criminals have quickly found several ways to exploit multiple vulnerabilities to perpetrate attacks. Traditional signature based detection methods are nowadays easily circumvented due to the amount of new malware samples and the use of sophisticated evasion techniques. The contribution of this paper is twofold. First, we developed a new detection system based in the modeling of the browser execution behavior within an isolated environment. Second, we analyse the results of our system over a set of malware samples. Financial institutions are now playing an important role against malware that specifically affect their customers by deploying their own detection tools. However, most approaches tend to rely on the malware sample itself in order to deploy useless signatures or perform time consuming reverse engineering methods to understand malware actions, so our work aims to help them to be more proactive, implementing tools to protect themselves from new threats.
Keywords :
banking; invasive software; online front-ends; banking malware detection; browser execution behavior modelling; browser function calls modeling; detection system; financial institutions; financial service providers; Banking; Browsers; Instruments; Radiation detectors; Training; Trojan horses; anomaly detection; malware; man-in-the-browser;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on
Conference_Location :
Cork
Print_ISBN :
978-1-4673-3087-9
Electronic_ISBN :
978-1-4673-3088-6
DOI :
10.1109/CRISIS.2012.6378950
