MAPMon: A host-based malware detection tool

Shih Yao Dai; Sy Yen Kuo

doi:10.1109/PRDC.2007.47

MAPMon: A host-based malware detection tool

Shih Yao Dai
, Sy Yen Kuo^*

^*此作品的通信作者

National Taiwan University
National Taiwan University of Science and Technology

研究成果: 圖書/報告稿件的類型 › 會議稿件 › 同行評審

12 引文斯高帕斯（Scopus）

摘要

In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

原文	英語
主出版物標題	Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007
頁面	346-356
頁數	11
DOIs	https://doi.org/10.1109/PRDC.2007.47
出版狀態	已出版 - 2007
對外發佈	是
事件	13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007 - Melbourne, VIC, 澳大利亞持續時間: 17 12 2007 → 19 12 2007

出版系列

名字	Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

Conference

Conference	13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007
國家/地區	澳大利亞
城市	Melbourne, VIC
期間	17/12/07 → 19/12/07

存取文件

10.1109/PRDC.2007.47

其它文件與鏈接

Link to publication in Scopus

引用此

@inproceedings{2f41b7a70c8e45f88030c3746eec4777,

title = "MAPMon: A host-based malware detection tool",

abstract = "In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.",

keywords = "Auto-start extensibility point, Backdoor, Honeypot, Malicious software, Malware attacking points",

author = "Dai, \{Shih Yao\} and Kuo, \{Sy Yen\}",

year = "2007",

doi = "10.1109/PRDC.2007.47",

language = "英语",

isbn = "0769530540",

series = "Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007",

pages = "346--356",

booktitle = "Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007",

note = "13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007 ; Conference date: 17-12-2007 Through 19-12-2007",

}

Dai, SY & Kuo, SY 2007, MAPMon: A host-based malware detection tool. 於 Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007., 4459682, Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, 頁 346-356, 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007, Melbourne, VIC, 澳大利亞, 17/12/07. https://doi.org/10.1109/PRDC.2007.47

TY - GEN

T1 - MAPMon

T2 - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

AU - Dai, Shih Yao

AU - Kuo, Sy Yen

PY - 2007

Y1 - 2007

N2 - In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

AB - In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as Malware Attacking Points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of Malware Attacking Points. This paper describes the design and implementation trade-off of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.

KW - Auto-start extensibility point

KW - Backdoor

KW - Honeypot

KW - Malicious software

KW - Malware attacking points

UR - https://www.scopus.com/pages/publications/50049126427

U2 - 10.1109/PRDC.2007.47

DO - 10.1109/PRDC.2007.47

M3 - 会议稿件

AN - SCOPUS:50049126427

SN - 0769530540

SN - 9780769530543

T3 - Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

SP - 346

EP - 356

BT - Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007

Y2 - 17 December 2007 through 19 December 2007

ER -

MAPMon: A host-based malware detection tool

摘要

出版系列

Conference

存取文件

其它文件與鏈接

指紋

引用此