Title :
Sandboxing and reasoning on malware infection trees
Author :
Krishnendu Ghosh;Jose Andre Morales;William Casey;Bud Mishra
Author_Institution :
Dept. of Comp. & Info. Tech. Miami University Hamilton, OH., USA
Abstract :
Malware infection trees are computational structures for analyzing and identifying different processes and files during the execution of malware. In this paper, we describe a sandboxing-based formalization to predict malware behaviors such as the possibility of file and process creation. Model checking is used as a querying mechanism on a labeled transition system representing a malware infection tree. We evaluate computational feasibility of our formalism using a case study on Backdoor.WIN32.Poison malware and behavior specified by malware infection trees.
Keywords :
"Malware","Model checking","Computational modeling","Probabilistic logic","Markov processes","Cognition"
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2015 10th International Conference on
Print_ISBN :
978-1-5090-0317-4
DOI :
10.1109/MALWARE.2015.7413686