Advanced Search
    Wang Lina, Tan Cheng, Yu Rongwei, Yin Zhengguang. The Malware Detection Based on Data Breach Actions[J]. Journal of Computer Research and Development, 2017, 54(7): 1537-1548. DOI: 10.7544/issn1000-1239.2017.20160436
    Citation: Wang Lina, Tan Cheng, Yu Rongwei, Yin Zhengguang. The Malware Detection Based on Data Breach Actions[J]. Journal of Computer Research and Development, 2017, 54(7): 1537-1548. DOI: 10.7544/issn1000-1239.2017.20160436

    The Malware Detection Based on Data Breach Actions

    • The advanced persistent threat (APT) attack is a big challenge towards enterprise and governmental data protection. The use of 0-day exploits is prevalent with malwares capable of APT attacks, and traditional security systems relying on known features can hardly detect them. In order to detect malwares which steal sensitive information, first of all we analyze existing APT malwares and describe the steps of their attacks. Based on the analysis, we propose a malware detection method focusing on data breach actions to the same kind of malwares. Combining anomaly detection with misuse detection, this method enables persistent monitoring, protecting hosts and network with low cost. Also proposed are inference rulesets which describe high-level malicious events observed in attack steps. Once suspicious events are detected, low-level actions from the hosts and the network will be further collected and correlated to high-level malicious events by the inference rules. Eventually we reconstruct the data breach attack procedure to judge the existence of the attacks. Simulation experiment verify the effectiveness of the method.
    • loading

    Catalog

      Turn off MathJax
      Article Contents

      /

      DownLoad:  Full-Size Img  PowerPoint
      Return
      Return