Zero-day Malicious Email Behavior Investigation and Analysis

Sanouphab Phomkeona, Koji Okamura, Kristan Edwards, Yoshitatus Ban

Abstract


Zero-day malware which is created by cyber deviants is a critical risk and menace because neither machines nor cyber security tools can easily detect them. Phishing emails are the most common point of intrusion for attackers, who randomly send malware to general users. Based on the rise of phishing emails with zero-day malware behavior, the research workshop uses information security analysis tools as well as develop new tools to define an investigation procedure to investigate malware behavior in order to meet the aims of understanding them better, being able to track them effectively, and collect information to find and help infected victims inside an organization’s network.

Full Text:

PDF

References


T. Tsikrika, B. Akhgar, V. Katos, S. Vrochidis, P. Burnap and M. L. Williams. Terrorist Online Content & Advances in Data Science for Cyber Security and Risk on the Web, In 1st International Workshop on Search and Mining. Feb. 2017

M. Aziz, K. Okamura. “An Analaysis of Botnet Attack for SMTP Server using Software Define Network (SDN)”. APAN Research Workshop. 2016.

A. Dinaburg, P. Royal, M. Sharif and W. Lee. “Ether: Malware Analysis via Hardware Virtualization Extensions”. Oct. 2008

A. Moser, C. Kruegel, and E. Kirda. Exploring Multiple Execution Paths for Malware Analysis. In IEEE Symposium on Security and Privacy. May. 2007

L. Bilge, T. Dumitras. “An Empirical Study of Zero-Day Attacks in The Real World,” ACM conference on Computer and communications security. Oct. 2012.

M. Christodorescu and S. Jha. “Static Analysis of Executables to Detect Malicious Patterns. In Usenix Security Symposium”. 2003.

M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. “Semantics-aware Malware Detection”. In IEEE Symposium on Security and Privacy, May. 2005.

E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. Kemmerer. “Behavior-based Spyware Detection”. In Usenix Security Symposium, 2006.

C. Kruegel, W. Robertson, and G. Vigna. “Detecting Kernel-Level Rootkits Through Binary Analysis”. In Annual Computer Security Application Conference (ACSAC), 2004.

C. Linn and S. Debray. “Obfuscation of Executable Code to Improve Resistance to Static Disassembly”. In ACM Conference on Computer and Communications Security, 2003.

G.Wroblewski. “GeneralMethod of Program Code Obfuscation”. PhD thesis, Wroclaw University of Technology, 2002.

M. A. McQueen, T. A. McQueen, W. F. Boyer, and M. R. Chaffin. “Empirical estimates and observations of 0day vulnerabilities. In Hawaii International Conference on System Sciences”. 2009.

Symantec Corporation. Symantec Internet security threat report, volume 17. http://www.symantec.com/threatreport/. Apr. 2012.

P. Szor. “The Art of Computer Virus Research and Defense”. Addison Wesley. 2005.

K. Borders, X. Zhao, and A. Prakash. “Siren: Catching Evasive Malware (Short Paper)”. In IEEE Symposium on Security and Privacy. 2006.

J. Crandall, G. Wassermann, D. Oliveira, Z. Su, F. Wu, and F. Chong. “Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines”. In Conference on Architectural Support for Programming Languages and OS. 2006.

Y. Ban, K. Okamura. “Result of Analyzed Phishing Mail & Malware Behavior” URL: https://zmal.cs.kyushu-u.ac.jp/info/. 2017.

K. Edwards, K. Okamura, M. Portmann. “Malicious Software Analysis Procedure for Generating Dynamic Signature” Master thesis, The University of Queensland in 2017.

S. S. Hansen, T. M. T. Larsen, M. Stevanovic, and J. M. Pedersen, "An approach for detection and family classification of malware based on behavioral analysis," in 2016 International Conference on Computing, Networking and Communications (ICNC), 2016, pp. 1-5.


Refbacks

  • »
  • »
  • »
  • »