FARM - Malware Information Sharing (Automated Malware Analysis Symposium
Abstract not provided.
Publications
Malware Information Sharing by Federating Malware repositories
Abstract not provided.
RETRACE Poster for Malware Technical Exchange Meeting (MTEM)
Abstract not provided.
Information Sharing: FARM
Abstract not provided.
FARM
Abstract not provided.
Host-based Anomalous Behavior Detection Using Cluster-Level Markov Networks
Abstract not provided.
Host-based Anomalous Behavior Detection Using Cluster-Level Markov Networks
Abstract not provided.
Streaming Malware Classification in the Presence of Concept Drift and Class Imbalance
Abstract not provided.
Host-based Anomalous Behavior Detection Using Cluster-Level Markov Networks
Abstract not provided.
KPeeler: Hypervisor-Based Malware Unpacker
Abstract not provided.
FARM
Abstract not provided.
Streaming malware classification in the presence of concept drift and class imbalance
Proceedings - 2013 12th International Conference on Machine Learning and Applications, ICMLA 2013
Malware, or malicious software, is capable of performing any action or command that can be expressed in code and is typically used for illicit activities, such as e-mail spamming, corporate espionage, and identity theft. Most organizations rely on anti-virus software to identifymalware, which typically utilize signatures that can only identify previously-seen malware instances. We consider the detection ofmalware executables that are downloaded in streaming network data as a supervised machine learning problem. Using malwaredata collected over multiple years, we characterize the effect of concept drift and class imbalance on batch and streaming decision tree ensembles. In particular, we illustrate a surprising vulnerability generated by precisely the aspect of streaming methods that seemed most likely to help them, when compared to batch methods. © 2013 IEEE.
Copy of Using Emulation and Simulation to Understand the Large-Scale Behavior of the Internet
We report on the work done in the late-start LDRDUsing Emulation and Simulation toUnderstand the Large-Scale Behavior of the Internet. We describe the creation of a researchplatform that emulates many thousands of machines to be used for the study of large-scale inter-net behavior. We describe a proof-of-concept simple attack we performed in this environment.We describe the successful capture of a Storm bot and, from the study of the bot and furtherliterature search, establish large-scale aspects we seek to understand via emulation of Storm onour research platform in possible follow-on work. Finally, we discuss possible future work.3
FARM : an automated malware analysis environment
We present the forensic analysis repository for malware (FARM), a system for automating malware analysis. FARM leverages existing dynamic and static analysis tools and is designed in a modular fashion to provide future extensibility. We present our motivations for designing the system and give an overview of the system architecture. We also present several common scenarios that detail uses for FARM as well as illustrate how automated malware analysis saves time. Finally, we discuss future development of this tool.
FARM : an automated malware analysis environment
We present the forensic analysis repository for malware (FARM), a system for automating malware analysis. FARM leverages existing dynamic and static analysis tools and is designed in a modular fashion to provide future extensibility. We present our motivations for designing the system and give an overview of the system architecture. We also present several common scenarios that detail uses for FARM as well as illustrate how automated malware analysis saves time. Finally, we discuss future development of this tool.
Sandia Malware/Botnet Analysis Environment Overview
Abstract not provided.
A Case Study of the Rustock Rootkit and Spam Bot
Abstract not provided.
A Case Study of the Rustock Rootkit and Spam Bot
Abstract not provided.
18 Results