Mostrar el registro sencillo del ítem
Building malware classificators usable by State security agencies
| dc.contributor.author | Useche-Peláez, David Esteban | |
| dc.contributor.author | Díaz-López, Daniel Orlando | |
| dc.contributor.author | Sepúlveda-Alzate, Daniela | |
| dc.contributor.author | Cabuya-Padilla, Diego Edison | |
| dc.date.accessioned | 2021-05-24T20:41:43Z | |
| dc.date.accessioned | 2021-10-01T17:22:42Z | |
| dc.date.available | 2021-05-24T20:41:43Z | |
| dc.date.available | 2021-10-01T17:22:42Z | |
| dc.date.issued | 2018 | |
| dc.identifier.issn | 1692-1798 | |
| dc.identifier.issn | 2339-3483 | |
| dc.identifier.uri | https://repositorio.escuelaing.edu.co/handle/001/1474 | |
| dc.description.abstract | El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar análisis de malware, esta requiere que un analista de malware desarrolle un análisis riguroso de los resultados para determinar la naturaleza de la muestra: goodware o malware. Este artículo propone dos modelos de aprendizaje automáticos capaces de clasificar muestras con base a un análisis de firmas o permisos extraídos por medio de Cuckoo sandbox, Androguard y VirusTotal. En este artículo también se presenta una propuesta de arquitectura de centinela IoT que protege dispositivos IoT, usando uno de los modelos de aprendizaje automáticos desarrollados anteriormente. Finalmente, diferentes enfoques y perspectivas acerca del uso de sandboxing y aprendizaje automático por parte de agencias de seguridad del Estado también son aportados. | spa |
| dc.description.abstract | Sandboxing has been used regularly to analyze software samples and determine if these contain suspicious properties or behaviors. Even if sandboxing is a powerful technique to perform malware analysis, it requires that a malware analyst performs a rigorous analysis of the results to determine the nature of the sample: goodware or malware. This paper proposes two machine learning models able to classify samples based on signatures and permissions obtained through Cuckoo sandbox, Androguard and VirusTotal. The developed models are also tested obtaining an acceptable percentage of correctly classified samples, being in this way useful tools for a malware analyst. A proposal of architecture for an IoT sentinel that uses one of the developed machine learning model is also showed. Finally, different approaches, perspectives, and challenges about the use of sandboxing and machine learning by security teams in State security agencies are also shared. | spa |
| dc.format.extent | 15 páginas | spa |
| dc.format.mimetype | application/pdf | spa |
| dc.language.iso | eng | spa |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | spa |
| dc.source | http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072 | spa |
| dc.title | Building malware classificators usable by State security agencies | spa |
| dc.title.alternative | Construcción de clasificadores de malware para agencias de seguridad del Estado | spa |
| dc.type | Artículo de revista | spa |
| dc.description.notes | Recibido: 20/03/2018 Aceptado: 25/06/2018 | spa |
| dc.type.version | info:eu-repo/semantics/publishedVersion | spa |
| oaire.accessrights | http://purl.org/coar/access_right/c_abf2 | spa |
| oaire.version | http://purl.org/coar/version/c_970fb48d4fbd8a85 | spa |
| dc.contributor.corporatename | Escuela Colombiana de Ingeniería Julio Garavito. | spa |
| dc.contributor.researchgroup | CTG-Informática | spa |
| dc.identifier.doi | doi.org/10.15332/iteckne.v15i2.2072 | |
| dc.identifier.url | http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072 | |
| dc.publisher.place | Colombia | spa |
| dc.relation.citationedition | Volúmen 15, Número 2, diciembre 2018 | spa |
| dc.relation.citationendpage | 121 | spa |
| dc.relation.citationissue | 2 | spa |
| dc.relation.citationstartpage | 107 | spa |
| dc.relation.citationvolume | 15 | spa |
| dc.relation.indexed | N/A | spa |
| dc.relation.ispartofjournal | ITECKNE | spa |
| dc.relation.references | Kaspersky, “Kaspersky Lab detects 360,000 new malicious files daily – up 11.5% from 2016,” 2014. [Online]. Available: https://kaspersky.com/about/press-releases/2017_kaspersky-lab-detects-360000-new-malicious-files-daily. [Accessed: 13-Aug-2018]. | spa |
| dc.relation.references | M. Sikorski and A. Honig, Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. No Starch Press, 2012. | spa |
| dc.relation.references | J. M. Ehrenfeld, “WannaCry, Cybersecurity and Health Information Technology: A Time to Act,” J. Med. Syst., vol. 41, no. 7, p. 104, Jul. 2017 | spa |
| dc.relation.references | M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT,” in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017, pp. 2177-2184 | spa |
| dc.relation.references | C. Wang, J. Ding, T. Guo, and B. Cui, “A Malware Detection Method Based on Sandbox, Binary Instrumentation and Multidimensional Feature Extraction,” in Advances on Broad-Band Wireless Computing, Communication and Applications, 2018, pp. 427-438. | spa |
| dc.relation.references | I. Santos, J. Devesa, F. Brezo, J. Nieves, and P. G. Bringas, “OPEM: A static-dynamic approach for machine-learning-based malware detection,” in Advances in Intelligent Systems and Computing, 2013, vol. 189 AISC, pp. 271-280. | spa |
| dc.relation.references | P. Burnap, R. French, F. Turner, and K. Jones, “Malware classification using self organising feature maps and machine activity data,” Comput. Secur., vol. 73, pp. 399-410, Mar. 2018. | spa |
| dc.relation.references | S. E. Donaldson, S. G. Siegel, C. K. Williams, and A. Aslam, “Defining the Cybersecurity Challenge,” in Enterprise Cybersecurity Study Guide: How to Build a Successful Cyberdefense Program Against Advanced Threats, Berkeley, CA: Apress, 2018, pp. 3-51. | spa |
| dc.relation.references | O. Ferrand, “How to detect the Cuckoo Sandbox and hardening it ? Keywords.” | spa |
| dc.relation.references | T. Teller and A. Hayon, “Enhancing Automated Malware Analysis Machines with Memory Analysis.” | spa |
| dc.relation.references | R. Messier, Network Forensics. Wiley, 2017. | spa |
| dc.relation.references | D. Oktavianto and I. Muhardianto, Cuckoo malware analysis: analyze malware using Cuckoo Sandbox | spa |
| dc.relation.references | M. A. Waller and S. E. Fawcett, “Data Science, Predictive Analytics, and Big Data: A Revolution That Will Transform Supply Chain Design and Management.” | spa |
| dc.relation.references | F. Provost and T. Fawcett, Data Science for Business: What You Need to Know about Data Mining and Data-Analytic Thinking. O’Reilly Media, 2013. | spa |
| dc.relation.references | G. S. Nelson, The analytics lifecycle toolkit: a practical guide for an effective analytics capability | spa |
| dc.relation.references | D. (Computer scientist) Dietrich, R. Heller, B. Yang, and EMC Education Services, Data science and big data analytics: discovering, analyzing, visualizing and presenting data. | spa |
| dc.relation.references | T. Dunning and B. E. Friedman, Practical machine learning: a new look at anomaly detection. O’Reilly Media, 2014. | spa |
| dc.relation.references | H. Chen, R. H. L. Chiang, and V. C. Storey, “Business Intelligence and Analytics: From Big Data to Big Impact,” MIS Quarterly, vol. 36. Management Information Systems Research Center, University of Minnesota, pp. 1165-1188, 2012. | spa |
| dc.relation.references | L. Sebastian-Coleman, Navigating the Labyrinth: An Executive Guide to Data Management. Technics Publications, 2018. | spa |
| dc.relation.references | A. L’heureux, K. Grolinger, H. F. El Yamany, M. A. M. Capretz, A. L’heureux, and K. Grolinger, “Machine Learning with Big Data: Challenges and Approaches 4 PUBLICATIONS 100 CITATIONS SEE PROFILE,” 2017 | spa |
| dc.relation.references | B. Kaluža, Instant Weka how-to: implement cutting-edge data mining aspects in Weka to your applications. Packt Pub, 2013. | spa |
| dc.relation.references | D. Tao, S. Member, X. Tang, S. Member, X. Li, and X. Wu, “Asymmetric Bagging and Random Subspace for Support Vector Machines-Based Relevance Feedback in Image Retrieval.” | spa |
| dc.relation.references | J. M. G. Anthony J. Viera, “Understanding interobserver agreement: the kappa statistic,” 2005. | spa |
| dc.relation.references | C. Willmott and K. Matsuura, “Advantages of the mean absolute error (MAE) over the root mean square error (RMSE) in assessing average model performance,” Clim. Res., vol. 30, no. 1, pp. 79-82, Dec. 2005. | spa |
| dc.relation.references | R. Lippmann et al., “Validating and Restoring Defense in Depth Using Attack Graphs,” in MILCOM 2006, 2006, pp. 1-10. | spa |
| dc.relation.references | S. Snapp et al., “DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype,” http://www.academia.edu/download/4378230/10.1.1.46.4991.pdf, 2017. | spa |
| dc.relation.references | M. Mansoori, I. Welch, and Q. Fu, “YALIH, yet another low interaction honeyclient,” Proc. Twelfth Australas. Inf. Secur. Conf. - Vol. 149, pp. 7-15, 2014 | spa |
| dc.relation.references | Symantec Corporation, “ISTR Internet Security Threat Report.,” Mountain View, CA 94043, 2018. | spa |
| dc.relation.references | S. Corporation, “ISTR Internet Security Threat Report Volume 23,” Mountain View, CA 94043, 2018. | spa |
| dc.relation.references | A. Yokoyama et al., “Sandprint: Fingerprinting malware sandboxes to provide intelligence for sandbox evasion,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, vol. 9854 LNCS, pp. 165-187. | spa |
| dc.relation.references | D. Harley, R. Slade, and U. E. Gattiker, “Polymorphism,” in Viruses Revealed: Understand and counter maliciosus software, United States: McGraw-Hill/Osborne, 2001, p. 10. | spa |
| dc.relation.references | M. Stephens, “Sandbox,” in Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia, Eds. Boston, MA: Springer US, 2011, pp. 1075-1078. | spa |
| dc.relation.references | Gass S.I., Ed., “Machine Learning,” in Encyclopedia of Operations Research and Management Science, Boston, MA: Springer US, 2013, pp. 909-909. | spa |
| dc.relation.references | Z. C. Schreuders, T. McGill, and C. Payne, “The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls,” Comput. Secur, vol. 32, pp. 219-241, Feb. 2013 | spa |
| dc.relation.references | D. P. (Daniel P. Bovet and M. Cesati, Understanding the Linux kernel. United States of America: O’Reilly, 2002. | spa |
| dc.relation.references | CGFM, “Comando Conjunto Cibernético,” 2018. [Online]. Available: http://www.ccoc.mil.co/.[Accessed: 13-Aug-2018]. | spa |
| dc.relation.references | PONAL, “CSIRT - Equipo de Respuesta a Incidentes Informáticos.” [Online]. Available: https://cc-csirt.policia.gov.co/Sandbox. [Accessed: 13-Aug-2018]. | spa |
| dc.rights.accessrights | info:eu-repo/semantics/openAccess | spa |
| dc.rights.creativecommons | Atribución 4.0 Internacional (CC BY 4.0) | eng |
| dc.subject.proposal | Cuckoo sandbox | eng |
| dc.subject.proposal | Data science | eng |
| dc.subject.proposal | Machine learning | eng |
| dc.subject.proposal | Malware analysis | eng |
| dc.subject.proposal | Sandboxing | eng |
| dc.subject.proposal | Ciencia de datos | spa |
| dc.subject.proposal | Aprendizaje de máquina | spa |
| dc.subject.proposal | Análisis de malware | spa |
| dc.type.coar | http://purl.org/coar/resource_type/c_2df8fbb1 | spa |
| dc.type.content | Text | spa |
| dc.type.driver | info:eu-repo/semantics/article | spa |
| dc.type.redcol | http://purl.org/redcol/resource_type/ART | spa |
Ficheros en el ítem
Este ítem aparece en la(s) siguiente(s) colección(ones)
-
AD - CTG – Informática [76]
Clasificación B- Convocatoria 2018
Excepto si se señala otra cosa, la licencia del ítem se describe como https://creativecommons.org/licenses/by/4.0/
