• DocumentCode
    130329
  • Title

    Identification of malware activities with rules

  • Author

    Jasiul, Bartosz ; Sliwa, Joanna ; Gleba, Kamil ; Szpyrka, Marcin

  • Author_Institution
    C4I Syst.´ Dept., Mil. Commun. Inst., Zegrze, Poland
  • fYear
    2014
  • fDate
    7-10 Sept. 2014
  • Firstpage
    101
  • Lastpage
    110
  • Abstract
    The article describes the method of malware activities identification using ontology and rules. The method supports detection of malware at host level by observing its behavior. It sifts through hundred thousands of regular events and allows to identify suspicious ones. They are then passed on to the second building block responsible for malware tracking and matching stored models with observed malicious actions. The presented method was implemented and verified in the infected computer environment. As opposed to signature-based antivirus mechanisms it allows to detect malware the code of which has been obfuscated.
  • Keywords
    data mining; invasive software; infected computer environment; malware activities identification; malware detection; malware tracking; ontology; signature-based antivirus mechanisms; Computers; Engines; Knowledge based systems; Malware; Monitoring; Ontologies;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on
  • Conference_Location
    Warsaw
  • Type

    conf

  • DOI
    10.15439/2014F265
  • Filename
    6933002
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=130329