nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform

verfasst von : Ahmed M. Elmisery, Mirela Sertovic, Mamoun Qasem

Erschienen in: Service-Oriented Computing – ICSOC 2020 Workshops

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The rising cyber threat puts organizations and ordinary users at risk of data breaches. In many cases, Early detection can hinder the occurrence of these incidents or even prevent a full compromise of all internal systems. The existing security controls such as firewalls and intrusion prevention systems are constantly blocking numerous intrusions attempts that happen on a daily basis. However, new situations may arise where these security controls are not sufficient to provide full protection. There is a necessity to establish a threat hunting methodology that can assist investigators and members of the incident response team to analyse malicious binaries quickly and efficiently. The methodology proposed in this research is able to distinguish malicious binaries from benign binaries using a quick and efficient way. The proposed methodology consists of static and dynamic hunting techniques. Using these hunting techniques, the proposed methodology is not only capable of identifying a range of signature-based anomalies but also to pinpoint behavioural anomalies that arise in the operating system when malicious binaries are triggered. Static hunting can describe any extracted artifacts as malicious depending on a set of pre-defined patterns of malicious software. Dynamic hunting can assist investigators in finding behavioural anomalies. This work focuses on applying the proposed threat hunting methodology on samples of malicious binaries, which can be found in common malware repositories and presenting the results.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Cyber Security Education and Future Provision

Nächstes Kapitel Peer-to-Peer Application Threat Investigation

Dowdy, J.: The cyber-security threat to us growth and prosperity. In: Cyberspace: A New Domain for National Security (2012)

Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35–57 (2015)CrossRef

Connolly, L.Y., Wall, D.S.: The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput. Secur. 87, (2019)CrossRef

Lord, N.: What is threat hunting? The emerging focus in threat detection. In: Digital Guardian (2018)

Sqrrl. Cyber Threat Hunting. www.sqrrl.com

Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 390–395 (2014)

Scarabeo, N., Fung, B.C., Khokhar, R.H.: Mining known attack patterns from security-related events. Peer J. Comput. Sci. 1, (2015)CrossRef

Mahyari, A.G., Aviyente, S.: A multi-scale energy detector for anomaly detection in dynamic networks. In: 2013 Asilomar Conference on Signals, Systems and Computers, pp. 962–965. IEEE (2013)

Miller, B.A., Beard, M.S., Bliss, N.T.: Eigenspace analysis for threat detection in social networks. In: 14th International Conference on Information Fusion, pp. 1–7. IEEE (2011)

10.

Bhardwaj, A.K., Singh, M.: Data mining-based integrated network traffic visualization framework for threat detection. Neural Comput. Appl. 26(1), 117–130 (2015)CrossRef

11.

Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection (2008)

12.

Elmisery, A.M., Sertovic, M.: Privacy preserving threat hunting in smart home environments. In: Anbar, M., Abdullah, N., Manickam, S. (eds.) Advances in Cyber Security (ACeS 2019) Communications in Computer and Information Science, vol. 1132, pp. 104–120. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-2693-0_8CrossRef

13.

Elmisery, A.M., Botvich, D.: Privacy aware recommender service using multi-agent middleware-an IPTV network scenario. Informatica 36(1) (2012)

14.

Elmisery, A.M., Rho, S., Botvich, D.: A fog based middleware for automated compliance with OECD privacy principles in internet of healthcare things. IEEE Access 4, 8418–8441 (2016)CrossRef

15.

Elmisery, A.M., Rho, S., Botvich, D.: Collaborative privacy framework for minimizing privacy risks in an IPTV social recommender service. Multimedia Tools Appl. 75(22), 14927–14957 (2016)CrossRef

16.

Elmisery, A.M., Botvich, D.: Enhanced middleware for collaborative privacy in IPTV recommender services. J. Converg. 2(2), 10 (2011)

17.

Elmisery, A.M., Doolin, K., Roussaki, I., Botvich, D.: Enhanced middleware for collaborative privacy in community based recommendations services. In: Yeo, S.S., Pan, Y., Lee, Y., Chang, H. (eds.) Computer Science and its Applications. Lecture Notes in Electrical Engineering, vol. 203, pp. 313–328. Springer, Dordrecht (2012)CrossRef

18.

Berrueta Irigoyen, E., Morató Osés, D., Lizarrondo, M., Izal Azcárate, M.: A survey on detection techniques for cryptographic ransomware. IEEE Access 7, 144925–144944 (2019)CrossRef

19.

Akbanov, V.G., Vassilakis, I.D. Moscholios, Logothetis, M.D.: Static and dynamic analysis of WannaCry ransmware

20.

Aman, W.: A framework for analysis and comparison of dynamic malware analysis tools. Int. J. Netw. Secur. Its Appl. 6(5), 63–74 (2014). arXiv preprint arXiv:1410.2131

21.

Wichmann, B.A., Canning, A., Clutterbuck, D., Winsborrow, L., Ward, N., Marsh, D.: Industrial perspective on static analysis. Softw. Eng. J. 10(2), 69–75 (1995)CrossRef

22.

Firdausi, I., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 201–203. IEEE (2010)

23.

Snaker (ed.): Softpedia (2008). https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml

24.

Petoolse (ed.): Github (2018). https://github.com/petoolse/petools

25.

Miller, S. (ed.): Dependency walker (2015). http://www.dependencywalker.com

26.

Microsoft (ed.): Process explorer (2019). https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

27.

Microsoft (ed.): Process monitor. https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

28.

Wojner, C. (ed.): ProcDOT, a new way of visual malware analysis. Austrian National CERT (2015). https://www.procdot.com/

29.

Maddes, X. (ed.): Regshot download (2018). https://sourceforge.net/projects/regshot/

30.

Hungenberg, T., Eckert, M. (ed.): INetSim: internet services simulation suite (2013)

31.

Wireshark, F.: Wireshark-Go Deep, vol. 15. Retrieved Oct 2011

32.

Sistemas, H. (ed.): VirusTotal (2004). https://www.virustotal.com/gui/

Titel: Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform
verfasst von: Ahmed M. Elmisery
Mirela Sertovic
Mamoun Qasem
Verlag: Springer International Publishing
Buch: Service-Oriented Computing – ICSOC 2020 Workshops
Print ISBN: 978-3-030-76351-0

Electronic ISBN: 978-3-030-76352-7

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-76352-7_54

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"