Contributions to Proceedings:
C. Leita, U. Bayer, E. Kirda:
"Exploiting diverse observation perspectives to get insights on the malware landscape";
in: "Proceedings of the 40th Dependable Systems & Networks Conference (DSN)",
issued by: IEEE;
IEEE Computer Society,
2010,
393
- 402.
English abstract:
We are witnessing an increasing complexity in the mal-
ware analysis scenario. The usage of polymorphic tech-
niques generates a new challenge: it is often difficult to
discern the instance of a known polymorphic malware from
that of a newly encountered malware family, and to evaluate
the impact of patching and code sharing among malware
writers in order to prioritize analysis efforts.
This paper offers an empirical study on the value of
exploiting the complementarity of different information
sources in studying malware relationships. By leveraging
real-world data generated by a distributed honeypot de-
ployment, we combine clustering techniques based on static
and behavioral characteristics of the samples, and we show
how this combination helps in detecting clustering anoma-
lies. We also show how the different characteristics of the
approaches can help, once combined, to underline relation-
ships among different code variants. Finally, we highlight
the importance of contextual information on malware prop-
agation for getting a deeper understanding of the evolution
and the "economy" of the different threats.
Electronic version of the publication:
http://publik.tuwien.ac.at/files/PubDat_190254.pdf