FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2160637255> ?p ?o ?g. }

• W2160637255 abstract "To handle the growing flood of malware, security vendors and analysts rely on tools that automatically identify and analyze malicious code. Current systems for automated malware analysis typically follow a dynamic approach, executing an unknown program in a controlled environment (sandbox) and recording its runtime behavior. Since dynamic analysis platforms directly run malicious code, they are resilient to popular malware defense techniques such as packing and code obfuscation. Unfortunately, in many cases, only a small subset of all possible malicious behaviors is observed within the short time frame that a malware sample is executed. To mitigate this issue, previous work introduced techniques such as multipath or forced execution to increase the coverage of dynamic malware analysis. Unfortunately, using these techniques is potentially expensive, as the number of paths that require analysis can grow exponentially. In this paper, we propose REANIMATOR, a novel solution to determine the capabilities (malicious functionality) of malware programs. Our solution is based on the insight that we can leverage behavior observed while dynamically executing a specific malware sample to identify similar functionality in other programs. More precisely, when we observe malicious actions during dynamic analysis, we automatically extract and model the parts of the malware binary that are responsible for this behavior. We then leverage these models to check whether similar code is present in other samples. This allows us to statically identify dormant functionality (functionality that is not observed during dynamic analysis) in malicious programs. We evaluate our approach on thousands of realworld malware samples, and we show that our system is successful in identifying additional, malicious functionality. As a result, our approach can significantly improve the coverage of malware analysis results." @default.
• W2160637255 created "2016-06-24" @default.
• W2160637255 creator A5006807916 @default.
• W2160637255 creator A5022177364 @default.
• W2160637255 creator A5046604572 @default.
• W2160637255 creator A5064772336 @default.
• W2160637255 creator A5077875821 @default.
• W2160637255 creator A5090555377 @default.
• W2160637255 date "2010-01-01" @default.
• W2160637255 modified "2023-09-26" @default.
• W2160637255 title "Identifying Dormant Functionality in Malware Programs" @default.
• W2160637255 cites W1515180657 @default.
• W2160637255 cites W1570974058 @default.
• W2160637255 cites W1573286687 @default.
• W2160637255 cites W1984248430 @default.
• W2160637255 cites W2011367000 @default.
• W2160637255 cites W2041839827 @default.
• W2160637255 cites W2068211976 @default.
• W2160637255 cites W2096491586 @default.
• W2160637255 cites W2096921767 @default.
• W2160637255 cites W2101077503 @default.
• W2160637255 cites W2109943392 @default.
• W2160637255 cites W2111295912 @default.
• W2160637255 cites W2117030266 @default.
• W2160637255 cites W2128389850 @default.
• W2160637255 cites W2128782367 @default.
• W2160637255 cites W2131523719 @default.
• W2160637255 cites W2137786570 @default.
• W2160637255 cites W2138756793 @default.
• W2160637255 cites W2158167094 @default.
• W2160637255 cites W2159702664 @default.
• W2160637255 cites W2167671111 @default.
• W2160637255 cites W2168519318 @default.
• W2160637255 cites W4237492309 @default.
• W2160637255 cites W4238295473 @default.
• W2160637255 doi "https://doi.org/10.1109/sp.2010.12" @default.
• W2160637255 hasPublicationYear "2010" @default.
• W2160637255 type Work @default.
• W2160637255 sameAs 2160637255 @default.
• W2160637255 citedByCount "89" @default.
• W2160637255 countsByYear W21606372552012 @default.
• W2160637255 countsByYear W21606372552013 @default.
• W2160637255 countsByYear W21606372552014 @default.
• W2160637255 countsByYear W21606372552015 @default.
• W2160637255 countsByYear W21606372552016 @default.
• W2160637255 countsByYear W21606372552017 @default.
• W2160637255 countsByYear W21606372552018 @default.
• W2160637255 countsByYear W21606372552019 @default.
• W2160637255 countsByYear W21606372552020 @default.
• W2160637255 countsByYear W21606372552021 @default.
• W2160637255 countsByYear W21606372552022 @default.
• W2160637255 countsByYear W21606372552023 @default.
• W2160637255 crossrefType "proceedings-article" @default.
• W2160637255 hasAuthorship W2160637255A5006807916 @default.
• W2160637255 hasAuthorship W2160637255A5022177364 @default.
• W2160637255 hasAuthorship W2160637255A5046604572 @default.
• W2160637255 hasAuthorship W2160637255A5064772336 @default.
• W2160637255 hasAuthorship W2160637255A5077875821 @default.
• W2160637255 hasAuthorship W2160637255A5090555377 @default.
• W2160637255 hasConcept C111919701 @default.
• W2160637255 hasConcept C119857082 @default.
• W2160637255 hasConcept C137287247 @default.
• W2160637255 hasConcept C153083717 @default.
• W2160637255 hasConcept C167981075 @default.
• W2160637255 hasConcept C177264268 @default.
• W2160637255 hasConcept C199360897 @default.
• W2160637255 hasConcept C2776760102 @default.
• W2160637255 hasConcept C2777904410 @default.
• W2160637255 hasConcept C2779395397 @default.
• W2160637255 hasConcept C38652104 @default.
• W2160637255 hasConcept C40305131 @default.
• W2160637255 hasConcept C41008148 @default.
• W2160637255 hasConcept C529173508 @default.
• W2160637255 hasConcept C541664917 @default.
• W2160637255 hasConcept C84525096 @default.
• W2160637255 hasConcept C97686452 @default.
• W2160637255 hasConceptScore W2160637255C111919701 @default.
• W2160637255 hasConceptScore W2160637255C119857082 @default.
• W2160637255 hasConceptScore W2160637255C137287247 @default.
• W2160637255 hasConceptScore W2160637255C153083717 @default.
• W2160637255 hasConceptScore W2160637255C167981075 @default.
• W2160637255 hasConceptScore W2160637255C177264268 @default.
• W2160637255 hasConceptScore W2160637255C199360897 @default.
• W2160637255 hasConceptScore W2160637255C2776760102 @default.
• W2160637255 hasConceptScore W2160637255C2777904410 @default.
• W2160637255 hasConceptScore W2160637255C2779395397 @default.
• W2160637255 hasConceptScore W2160637255C38652104 @default.
• W2160637255 hasConceptScore W2160637255C40305131 @default.
• W2160637255 hasConceptScore W2160637255C41008148 @default.
• W2160637255 hasConceptScore W2160637255C529173508 @default.
• W2160637255 hasConceptScore W2160637255C541664917 @default.
• W2160637255 hasConceptScore W2160637255C84525096 @default.
• W2160637255 hasConceptScore W2160637255C97686452 @default.
• W2160637255 hasLocation W21606372551 @default.
• W2160637255 hasOpenAccess W2160637255 @default.
• W2160637255 hasPrimaryLocation W21606372551 @default.
• W2160637255 hasRelatedWork W109909280 @default.
• W2160637255 hasRelatedWork W2007647094 @default.
• W2160637255 hasRelatedWork W2149659470 @default.
• W2160637255 hasRelatedWork W2160637255 @default.

• next