KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware

机译：KLIMAX：对内存写入模式进行分析以检测按键捕获恶意软件

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Privacy-breaching malware is an ever-growing class of malicious applications that attempt to steal confidential data and leak them to third parties. One of the most prominent activities to acquire private user information is to eavesdrop and harvest user-issued keystrokes. Despite the serious threat involved, keylogging activities are challenging to detect in the general case. From an operating system perspective, their general behavior is no different than that of legitimate applications used to implement common end-user features like custom shortcut handling and keyboard remapping. As a result, existing detection techniques that attempt to model malware behavior based on system or library calls are largely ineffective. To address these concerns, we introduce a novel detection technique based on fine-grained profiling of memory write patterns. The intuition behind our model lies in data harvesting being a good predictor for sensitive information leakage. To demonstrate the viability of our approach, we have designed and implemented KLIMAX: a Kernel-Level Infrastructure for Memory and eXecution profiling. Our system supports proactive and reactive detection and can be transparently deployed online on a running Windows platform. Experimental results with real-world malware confirm the effectiveness of our approach.

机译：侵犯隐私的恶意软件是一类不断增长的恶意应用程序，它们试图窃取机密数据并将其泄漏给第三方。获取私人用户信息的最重要的活动之一就是窃听和收获用户发布的按键。尽管涉及严重威胁，但在一般情况下，键盘记录活动很难检测。从操作系统的角度来看，它们的一般行为与用于实现常见的最终用户功能（如自定义快捷键处理和键盘重新映射）的合法应用程序没有什么不同。结果，试图基于系统或库调用对恶意软件行为建模的现有检测技术在很大程度上无效。为了解决这些问题，我们介绍了一种基于内存写入模式的细粒度分析的新颖检测技术。我们模型背后的直觉在于，数据收集可以很好地预测敏感信息的泄漏。为了证明我们方法的可行性，我们设计并实现了KLIMAX：用于内存和执行性能分析的内核级基础结构。我们的系统支持主动和被动检测，可以透明地在线部署在运行中的Windows平台上。实际恶意软件的实验结果证实了我们方法的有效性。

著录项

来源
《Recent advances in intrusion detection》|2011年|p.81-100|共20页
会议地点 Menlo Park CA(US);Menlo Park CA(US)
作者
Stefano Ortolani; Cristiano Giuffrida; Bruno Crispo;
展开▼
作者单位

Vrije Universiteit, De Boelelaan 1081, 1081HV Amsterdam, The Netherlands;

Vrije Universiteit, De Boelelaan 1081, 1081HV Amsterdam, The Netherlands;

University of Trento, Via Sommarive 14, 38050 Povo, Trento, Italy;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
malware; memory; behavior; keylogging; detection;

机译：恶意软件；记忆;行为;键盘记录检测;

相似文献

外文文献
中文文献
专利

1. Mining Patterns of Sequential Malicious APIs to Detect Malware [J] . Abdurrahman Pektas, Elif Nurdan Pektas, Tankut Acarman International Journal of Network Security & Its Applications . 2018,第4期

机译：顺序恶意API的挖掘模式以检测恶意软件
2. Detecting Malware-Infected Devices Using the HTTP Header Patterns [J] . Sho MIZUNO, Mitsuhiro HATADA, Tatsuya MORI, IEICE transactions on information and systems . 2018,第5期

机译：使用HTTP标头模式检测受恶意软件感染的设备
3. Detecting Android malware using Long Short-term Memory (LSTM) [J] . Vinayakumar R., Soman K. P., Poornachandran Prabaharan, Journal of intelligent & fuzzy systems: Applications in Engineering and Technology . 2018,第3期

机译：使用长短期内存（LSTM）检测Android Malware
4. KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware [C] . Stefano Ortolani, Cristiano Giuffrida, Bruno Crispo International symposium on recent advances in intrusion detection . 2011

机译：klimax：分析内存写模式以检测击键收获恶意软件
5. Developing Profiles of Malware and User Behaviors Using Graph-Mining and Machine Learning Techniques. [D] . Hang, Huy Nhut. 2014

机译：使用图挖掘和机器学习技术开发恶意软件和用户行为的配置文件。
6. Detecting and classifying method based on similarity matching of Android malware behavior with profile [O] . Jae-wook Jang, Jaesung Yun, Aziz Mohaisen, -1

机译：基于Android恶意软件行为与配置文件相似度匹配的检测分类方法
7. KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware [O] . Ortolani, S., Giuffrida, C., Crispo, B. 2011

机译：KLIMAX：对内存写入模式进行分析以检测按键捕获恶意软件

KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware

摘要

著录项

相似文献

相关主题

期刊订阅