MAPMon: A host-based malware detection tool

Shih Yao Dai; Sy Yen Kuo

doi:10.1109/PRDC.2007.47

MAPMon: A host-based malware detection tool

Shih Yao Dai
, Sy Yen Kuo^*

^*Corresponding author for this work

National Taiwan University
National Taiwan University of Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Scopus citations

Abstract

In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

Original language	English
Title of host publication	Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007
Pages	346-356
Number of pages	11
DOIs	https://doi.org/10.1109/PRDC.2007.47
State	Published - 2007
Externally published	Yes
Event	13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007 - Melbourne, VIC, Australia Duration: 17 12 2007 → 19 12 2007

Publication series

Name	Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

Conference

Conference	13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007
Country/Territory	Australia
City	Melbourne, VIC
Period	17/12/07 → 19/12/07

Keywords

Auto-start extensibility point
Backdoor
Honeypot
Malicious software
Malware attacking points

Access to Document

10.1109/PRDC.2007.47

Cite this

@inproceedings{2f41b7a70c8e45f88030c3746eec4777,

title = "MAPMon: A host-based malware detection tool",

abstract = "In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.",

keywords = "Auto-start extensibility point, Backdoor, Honeypot, Malicious software, Malware attacking points",

author = "Dai, \{Shih Yao\} and Kuo, \{Sy Yen\}",

year = "2007",

doi = "10.1109/PRDC.2007.47",

language = "英语",

isbn = "0769530540",

series = "Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007",

pages = "346--356",

booktitle = "Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007",

note = "13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007 ; Conference date: 17-12-2007 Through 19-12-2007",

}

Dai, SY & Kuo, SY 2007, MAPMon: A host-based malware detection tool. in Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007., 4459682, Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, pp. 346-356, 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, Melbourne, VIC, Australia, 17/12/07. https://doi.org/10.1109/PRDC.2007.47

MAPMon: A host-based malware detection tool. / Dai, Shih Yao; Kuo, Sy Yen.
Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007. 2007. p. 346-356 4459682 (Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - MAPMon

T2 - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

AU - Dai, Shih Yao

AU - Kuo, Sy Yen

PY - 2007

Y1 - 2007

N2 - In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

AB - In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

KW - Auto-start extensibility point

KW - Backdoor

KW - Honeypot

KW - Malicious software

KW - Malware attacking points

UR - https://www.scopus.com/pages/publications/50049126427

U2 - 10.1109/PRDC.2007.47

DO - 10.1109/PRDC.2007.47

M3 - 会议稿件

AN - SCOPUS:50049126427

SN - 0769530540

SN - 9780769530543

T3 - Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

SP - 346

EP - 356

BT - Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

Y2 - 17 December 2007 through 19 December 2007

ER -

MAPMon: A host-based malware detection tool

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this