Methods Of Detecting Clandestine Malware Using Behavior And Signature Based Methods
1194 Words5 Pages
In learning about Surreptitious code, specifically malware code I wanted to learn more about how to detect hidden, secret, or misleading malware on a system and how to remove or even prevent it. The article of choice was “Causality reasoning about network events for detecting stealthy malware activities” by Hao Zhang, Danfend Yao, Naren Ramakrishnan and Zhibin Zhang. The article was published in the Computers & Security Journal, Issue 58 in 2016, pages 180 to 198.
Objectives The authors of this article stated the purpose of the article was to describe methods of detecting clandestine malware using behavior and signature based methods. The authors;
• Introduced a network-request-level causal analysis for malware…show more content… et al., 2016, p. 180). Malware creators get paid if their software is installed and runs so newer malware has to over-come, evade, and fool the anti-malware software that it might come up against. Thus more and more of the modern malware is being created to be installed surreptitiously, and then run clandestine. The authors attribute the malware being harder to detect because modern security solutions rely on the ability to recognize known code and signatures.
This article was the summary of research conducted in order to introduce a network-request-level causal analysis for malware detection (Zhang, H. et al., 2016, p. 181). The major premise of the article was that they propose the use of algorithms to search and monitor triggering events. Triggering events that were not caused by a user action were referred to as vagabond requests (Zhang, H. et al., 2016, p. 183). Events that were occurring without legitimate cause by a user interaction, requests or initiation were viewed suspiciously as possible malware activities (Zhang, H. et al., 2016, p. 183). Examples given were DNS requests given without the user requesting it, or information being sent to a site without authorized initiation.
The next step was to formulate the problem of triggering relation discovery (TRD) in network requests (Zhang, H. et al., 2016, p. 184). The two train of thoughts are to use “rule-based” discovery detection and “learning-based” discovery detection as the means to record and evaluate