Babble: Identifying malware by its dialects

Aziz Mohaisen, Omar Alrawi, Andrew G. West, Allison Mankin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Using runtime execution artifacts to identify whether code is malware, and to which malware family it belongs, is an established technique in the security domain. Traditionally, literature has relied on explicit features derived from network, file system, or registry interaction [1]. While effective, the collection and analysis of these fine-granularity data points makes the technique quite computationally expensive. Moreover, the signatures/heuristics this analysis produces are often easily circumvented by subsequent malware authors.

Original languageEnglish
Title of host publication2013 IEEE Conference on Communications and Network Security, CNS 2013
PublisherIEEE Computer Society
Pages407-408
Number of pages2
DOIs
Publication statusPublished - 1 Jan 2013
Externally publishedYes
Event1st IEEE International Conference on Communications and Network Security, CNS 2013 - Washington, DC, United States
Duration: 14 Oct 201316 Oct 2013

Other

Other1st IEEE International Conference on Communications and Network Security, CNS 2013
CountryUnited States
CityWashington, DC
Period14/10/1316/10/13

Fingerprint

Malware

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Mohaisen, A., Alrawi, O., West, A. G., & Mankin, A. (2013). Babble: Identifying malware by its dialects. In 2013 IEEE Conference on Communications and Network Security, CNS 2013 (pp. 407-408). [6682751] IEEE Computer Society. https://doi.org/10.1109/CNS.2013.6682751

Babble : Identifying malware by its dialects. / Mohaisen, Aziz; Alrawi, Omar; West, Andrew G.; Mankin, Allison.

2013 IEEE Conference on Communications and Network Security, CNS 2013. IEEE Computer Society, 2013. p. 407-408 6682751.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Mohaisen, A, Alrawi, O, West, AG & Mankin, A 2013, Babble: Identifying malware by its dialects. in 2013 IEEE Conference on Communications and Network Security, CNS 2013., 6682751, IEEE Computer Society, pp. 407-408, 1st IEEE International Conference on Communications and Network Security, CNS 2013, Washington, DC, United States, 14/10/13. https://doi.org/10.1109/CNS.2013.6682751
Mohaisen A, Alrawi O, West AG, Mankin A. Babble: Identifying malware by its dialects. In 2013 IEEE Conference on Communications and Network Security, CNS 2013. IEEE Computer Society. 2013. p. 407-408. 6682751 https://doi.org/10.1109/CNS.2013.6682751
Mohaisen, Aziz ; Alrawi, Omar ; West, Andrew G. ; Mankin, Allison. / Babble : Identifying malware by its dialects. 2013 IEEE Conference on Communications and Network Security, CNS 2013. IEEE Computer Society, 2013. pp. 407-408
@inproceedings{de33277eadcd47ceac6bd45393bf5c89,
title = "Babble: Identifying malware by its dialects",
abstract = "Using runtime execution artifacts to identify whether code is malware, and to which malware family it belongs, is an established technique in the security domain. Traditionally, literature has relied on explicit features derived from network, file system, or registry interaction [1]. While effective, the collection and analysis of these fine-granularity data points makes the technique quite computationally expensive. Moreover, the signatures/heuristics this analysis produces are often easily circumvented by subsequent malware authors.",
author = "Aziz Mohaisen and Omar Alrawi and West, {Andrew G.} and Allison Mankin",
year = "2013",
month = "1",
day = "1",
doi = "10.1109/CNS.2013.6682751",
language = "English",
pages = "407--408",
booktitle = "2013 IEEE Conference on Communications and Network Security, CNS 2013",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Babble

T2 - Identifying malware by its dialects

AU - Mohaisen, Aziz

AU - Alrawi, Omar

AU - West, Andrew G.

AU - Mankin, Allison

PY - 2013/1/1

Y1 - 2013/1/1

N2 - Using runtime execution artifacts to identify whether code is malware, and to which malware family it belongs, is an established technique in the security domain. Traditionally, literature has relied on explicit features derived from network, file system, or registry interaction [1]. While effective, the collection and analysis of these fine-granularity data points makes the technique quite computationally expensive. Moreover, the signatures/heuristics this analysis produces are often easily circumvented by subsequent malware authors.

AB - Using runtime execution artifacts to identify whether code is malware, and to which malware family it belongs, is an established technique in the security domain. Traditionally, literature has relied on explicit features derived from network, file system, or registry interaction [1]. While effective, the collection and analysis of these fine-granularity data points makes the technique quite computationally expensive. Moreover, the signatures/heuristics this analysis produces are often easily circumvented by subsequent malware authors.

UR - http://www.scopus.com/inward/record.url?scp=84893595479&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84893595479&partnerID=8YFLogxK

U2 - 10.1109/CNS.2013.6682751

DO - 10.1109/CNS.2013.6682751

M3 - Conference contribution

AN - SCOPUS:84893595479

SP - 407

EP - 408

BT - 2013 IEEE Conference on Communications and Network Security, CNS 2013

PB - IEEE Computer Society

ER -