Malware AnalyNcs at SRI Phillip Porras   Computer Science Laboratory, SRI  InternaMonal Date: Sprint  2012

NOT FOR  PUBLIC DISTRIBUTION

2011 Great  AnMmalware Papers in Academia  

hOp://mtc.sri.com/2011BestPapers.html Tracking Internet Fraudsters Click  Trajectories: End-­‐to-­‐End Analysis  of the Spam Value Chain Levchenko et  al., IEEE Security Symposium 2011 Summary: Perhaps  the  most comprehensive  analysis  of  the  underground spam  economy to date. Strong Evidence that SPAM  adverNsers are boPlenecked at a handful of banks Understanding Fraudulent Ac?vi?es  in Online Ad Exchanges   BreO Stone-­‐Gross, Ryan Stevens, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna,   Apostolis Zarras, ACM/SIGCOMM  Internet  Measurement  Conference 2011 Summary: First analysis of fraud in ad exchanges driven by botnets with data from inside an ad network, how botnets are used to perpetrate ad-­‐fraud, and how they make money. Measuring Pay-­‐per-­‐Install: The Commodi?za?on of Malware Distribu?on Juan Caballero, Chris Grier, ChrisMan Kreibich,  Vern Paxson,  Usenix Security 2011 Summary: Another great measurement study of underground malware economy. Best paper award  at Usenix Security!   PPI is  all about  the  economy that  drives  criminals  to infect   vicNm  machines,  and how  they convert  those  installs  into cash.  12 of  the  top 20 malware   installs employ  PPI.

2011 Great  AnMmalware Papers in Academia   hOp://mtc.sri.com/2011BestPapers.html DNS Abuse Monitoring Monitoring the IniNal DNS Behavior of Malicious Domains, Shuang Hao,  Nick  Feamster,   Ramakant Pandrangi ACM/SIGCOMM  Internet  Measurement  Conference 2011 Summary: InteresNng measurement  paper with  some important  insights  for rapid   classificaNon of malicious domains. 55%  of of malware campaigns use domains registered w/ in 24hrs of campaign + plus key ASs where JIT malware domains are born. DetecNng Malware Domains at the Upper DNS Hierararchy,  Manos Antonakakis, Roberto Perdisci,  Wenke Lee, Nikolaos Vasiloglou II, David Dagon Usenix Security 2011 Summary: Another malware DNS detecNon system, but from a unique global vantage point. How to detect  malware DNS  acNvity  by monitoring  upper-­‐level  DNS  query  paPerns  (Kopis). BOTNET DETECTION SYSTEMS BOTMAGNIFIER: LocaNng  Spambots on the  Internet, Gianluca Stringhini, Thorsten Holz,  BreO Stone-­‐Gross, Christopher Kruegelx, and Giovanni Vigna Summary: One of the few  botnet  detecNon  systems  published  this year,  the other significant   one being JACKSTRAW. Using maillogs to detect  hosts  w/ spam  behavioral paPerns what match known spammers.

2011 Great  AnMmalware Papers in Academia  

MALWARE ANALYSIS SYSTEMS BitShred: Feature Hashing Malware for Scalable Triage and SemanNc Analysis, Jiyong Jang, David Brumley and Shobha Venkataraman, ACM  CCS 2011 Summary: A new approach to the malware classificaNon problem with impressive scalability and performance.   The Power of ProcrasNnaNon: DetecNon and MiNgaNon of ExecuNon-­‐Stalling Malicious Code, Clemens  Kolbitsch,  Engin Kirda, Christopher Kruegel, ACM  CCS 2011 Summary: An important step in improving the state of dynamic analysis. Virtuoso: Narrowing the SemanNc Gap in Virtual Machine IntrospecNon, Brendan Dolan-­‐GaviO,   Tim Leek, Michael Zhivich, Jonathon Giffin, and Wenke Lee, IEEE Security Symposium 2011 Summary: IntrospecNon  has featured  prominently  in many  recent  security  soluNons,  such  as virtual machine-­‐based intrusion detecNon,  forensic  memory analysis,  and low-­‐arNfact   malware  analysis.   This system  shows lots of  promise  and will hopefully inspire  a new  suite  of   introspecNon  systems. A Study of Android ApplicaNon Security, William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri,  Usenix Security 2011 Summary: An interesNng tool that would likely be useful for next-­‐generaNon Android malware  analysis systems.  

Malware Binary Reverse Engineering malgram.mtc.sri.com Automated Malware Reverse Engineering •  Binary Structural Analysis •  Dynamic Analyses •  API  Hooking •  Peer App Kernel Probing   •  VM  IntrospecMon •  StaMc Program Analysis •  Unpacking •  Code DeobfuscaMon •  DecompilaMon •  Program Analysis •  Program RewriMng

BotHunter www.bothunter.net What’s  Novel Here è BotHunter • Flip the IDS Paradigm -­‐ INFECTION DIAGNOSIS not  INBOUND EXPLOIT ALARMS • Network Dialog CorrelaMon (patent   pending)   • Analyze two-­‐way  communicaNon flows between internal assets and the Internet   • Analyze all dialog exchanges against   defined   malware infec?on lifecycle model   Next  Steps:   IntegraNng  InfecNon  Diagnosis  with Binary object intercepNon |=   InfecNon ValidaNon

OpenFlow

Security  Through   So?ware Defined Networking

Malware Threat Tracking hPp://Nnyurl/InfectedUSA

www.openflowsec.org  

Fresco / FortNOX SRI  does mulMple forms of malware Threat   Intel Tracking •  Honeynets •  ReflectorNets •  IP ReputaMon Service •  CALO – Web Tracking and InterpretaMon •  Free Sensors  

PublicaMons Current  Video Demos Automated Malware QuaranMne Reflector Nets Stopping Illegal VTunnels

SRI Threat ReputaNon Service: hOp://kb.bothunter.net/ipInfo/IPRep.php?IP=%s&FORMAT=csv -­‐ the FORMAT arg can be CSV, TEXT, TAB, XML

hOp://www.bothunter.net  

Wired Magazine 12/30/2012

SRI

Page 2. 2011 Great AnMmalware Papers in Academia. hOp://mtc.sri.com/2011BestPapers.html ... Perdisci, Wenke Lee, Nikolaos Vasiloglou II, David Dagon.
Download PDF
1MB Sizes 5 Downloads 362 Views
Report

Recommend Documents

Sri Sri Yoga - What is Sri Sri Yoga - Benefits -
Apr 5, 2012 - Through the regular practice of yoga one develops skills and experiencial understanding to see the reality of life and appreciate its beauty. When you see the beauty in life, you are able to admire and adore the Creator—the Spirit---t
Sri Gopala Sahasranama Stotram - Sri Narada Pancharatram.pdf ...
Page 3 of 16. Sri Gopala Sahasranama Stotram - Sri Narada Pancharatram.pdf. Sri Gopala Sahasranama Stotram - Sri Narada Pancharatram.pdf. Open. Extract.
SRI essay.pdf
urban agriculture : aeroponics - soilless cultivation, that consists in using the mist to deliver 6. nutrients and ... aeroponics. ○ Vertical ... SRI essay.pdf. SRI essay.
Chatterbox, Sri Lanka
extremely exciting, innovative contributor to social media.” Now, they ... working with other social platforms in Sri Lanka, especially sites related to ... 5 employees.
Watch Sri Sri Sri Maryada Ramanna (1967) Full Movie Online Free ...
Whoops! There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Watch Sri Sri Sri Maryada Ramanna (1967) Full Movie Online Free .MP4__.pdf. Watch Sri Sri Sri Maryad
List of Sri Sri Marma Practitioners.pdf
5 Bengaluru 560027 Karnataka AP0160 Uma Rama Kanth T 9491383335 [email protected]. 6 Bengaluru 560082 Karnataka KR0021 Nisha Manikantan 9342402302 [email protected]. 7 Bengaluru 560082 Karnataka KR0245 Subash A 9986956679 [email protected]. 8 Ben
Sri Vikhanasa Sthotra Patha In Tamil Script, Sri Vaikhanasa.pdf ...
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Sri Vikhanasa ...
Krishna, Guruji, Sri Sri Anna, Dolotsavam -
Sango Manushya Sahaja Swabhavam ............................................................... 823. Sanka Chakra Dhara Govinda ........................................................................... 824. Santhaswaroopa Daya Sagara ..............
cover insert sri ramanasramam february 2014 - Sri Ramana Maharshi
Feb 8, 2014 - For videos, photos and further news of events, go to ... instinctively kept to the left, making way for gods and siddhas .... Illustration courtesy of R.
cover insert sri ramanasramam april 2014 - Sri Ramana Maharshi
Apr 8, 2014 - Events from the Kendras: Delhi Ramana Kendra Golden Jubilee 3 ... As the small band from Virupaksha made its way ... 2 The foregoing from Devaraja Mudaliar, Call Divine vol 6, 1957, pp. ..... of Arunachala radio station is now registere
Sri Gopala Sahasranama Stotram - Sri Narada Pancharatram - TEL.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Sri Gopala ...
cover insert sri ramanasramam february 2014 - Sri Ramana Maharshi
Feb 8, 2014 - by hand onto a geometric grid of dots according to traditional patterns. They may take ... When the coarse grain ceased to be available, his wife, ...
SSI - SRI - India
Nov 1, 2009 - officers and staff from sugar factories to send in articles .... potential to address energy needs through ...... as one of many alternatives. Several.
SSI - SRI - India
Nov 1, 2009 - the reason SSI - Sustainable Sugarcane Initiative - has been put together. Until now the ... The results are out there in the public domain to verify. .... producing states in India - in AP, where. 132 lakh MT of ... rice cultivation (s
2017 SRI Program.pdf
The findings suggest that, in the era of big data, qualitative social science has. probably become more, not less important. PUBLIC SOCIOLOGY AWARD.
Bhagavad Gita - Sri Yoga Peeth
followers of the Virochana school. .... Study of the Gita must be made compulsory in all schools and colleges of India ...... ploughing, protection of cattle and trade.
Bhagavad Gita - Sri Yoga Peeth
Founder of. The Divine Life Society. SERVE, LOVE ...... Thou art the apple of my eye, the divine love of my heart, the life of my life, the very soul of my soul, the ...
Sri Lanka-Tour.pdf
Page. 1. /. 1. Loading… Page 1. Sri Lanka-Tour.pdf. Sri Lanka-Tour.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying Sri Lanka-Tour.pdf. Page 1 of 1.
Sri-Aurobindo-Aphorisms.pdf
+ !&# ,. - . # ! #'. # ! #. ' ' . # . # ! # - . !# !# / !# ' !# !# 0 !# !# (. () (/) () () !"# !# !# !# !# !$# !# !# !# !# !%# !# !# !# !# !&# !# !# !# !# Page 2 of 2. Sri-Aurobindo-Aphorisms.pdf. Sri-Aurobindo-Aphorisms.pdf. Open. Extract. Open with