Title :
Identification of malware activities with rules
Author :
Jasiul, Bartosz ; Sliwa, Joanna ; Gleba, Kamil ; Szpyrka, Marcin
Author_Institution :
C4I Syst.´ Dept., Mil. Commun. Inst., Zegrze, Poland
Abstract :
The article describes the method of malware activities identification using ontology and rules. The method supports detection of malware at host level by observing its behavior. It sifts through hundred thousands of regular events and allows to identify suspicious ones. They are then passed on to the second building block responsible for malware tracking and matching stored models with observed malicious actions. The presented method was implemented and verified in the infected computer environment. As opposed to signature-based antivirus mechanisms it allows to detect malware the code of which has been obfuscated.
Keywords :
data mining; invasive software; infected computer environment; malware activities identification; malware detection; malware tracking; ontology; signature-based antivirus mechanisms; Computers; Engines; Knowledge based systems; Malware; Monitoring; Ontologies;
Conference_Titel :
Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on
Conference_Location :
Warsaw
