ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2017, Vol. 54 ›› Issue (7): 1537-1548.doi: 10.7544/issn1000-1239.2017.20160436

Previous Articles     Next Articles

The Malware Detection Based on Data Breach Actions

Wang Lina, Tan Cheng, Yu Rongwei, Yin Zhengguang   

  1. (State Key Laboratory of Software Engineering (Wuhan University), Wuhan 430072) (Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072) (School of Computer Science, Wuhan University, Wuhan 430072)
  • Online:2017-07-01

Abstract: The advanced persistent threat (APT) attack is a big challenge towards enterprise and governmental data protection. The use of 0-day exploits is prevalent with malwares capable of APT attacks, and traditional security systems relying on known features can hardly detect them. In order to detect malwares which steal sensitive information, first of all we analyze existing APT malwares and describe the steps of their attacks. Based on the analysis, we propose a malware detection method focusing on data breach actions to the same kind of malwares. Combining anomaly detection with misuse detection, this method enables persistent monitoring, protecting hosts and network with low cost. Also proposed are inference rulesets which describe high-level malicious events observed in attack steps. Once suspicious events are detected, low-level actions from the hosts and the network will be further collected and correlated to high-level malicious events by the inference rules. Eventually we reconstruct the data breach attack procedure to judge the existence of the attacks. Simulation experiment verify the effectiveness of the method.

Key words: data breach, malware, attack steps, low-level actions, high-level malicious events, inference rules

CLC Number: