SAUCY SPICE: uma nova abordagem eficiente para a detecção de malwares baseada em assinatura
Resumo
O desenvolvimento de soluções de segurança capazes de identificar e bloquear ameaças de malware nunca foi tão necessário. Contudo, observam-se nas soluções atuais limitações, sobretudo de desempenho e escalabilidade, as quais prejudicam a resolução deste problema. Dessa forma, este trabalho apresenta o SAUCY SPICE: uma solução baseada em assinatura capaz de identificar e bloquear softwares maliciosos através da criação de políticas com alta capacidade de generalização, e um módulo de detecção focado em eficiência e desempenho. Experimentalmente, foi observado overhead mínimo e alta taxa de acerto na identificação e bloqueio dos malwares.
Referências
Abusitta, A., Li, M. Q., and Fung, B. C. (2021). Malware classification and composition analysis: A survey of recent developments. Journal of Information Security and Applications, 59:102828.
Aslan, Ö. A. and Samet, R. (2020). A comprehensive review on malware detection approaches. IEEE Access, 8:6249–6271.
Botacin, M., Alves, M. Z., Oliveira, D., and Grégio, A. (2022). Heaven: A hardware-enhanced antivirus engine to accelerate real-time, signature-based malware detection. Expert Systems with Applications, 201:117083.
Campion, M., Dalla Preda, M., and Giacobazzi, R. (2021). Learning metamorphic malware signatures from samples. Journal of Computer Virology and Hacking Techniques, 17(3):167–183.
David, O. E. and Netanyahu, N. S. (2015). Deepsign: Deep learning for automatic malware signature generation and classification. In 2015 International Joint Conference on Neural Networks (IJCNN), pages 1–8.
Federal, P. (2021). Relatório do SISCRIM de crimes causados à Administração Pública Federal por ransonware. documento reservado e não publicado.
Feng, Y., Bastani, O., Martins, R., Dillig, I., and Anand, S. (2017). Automated synthesis of semantic malware signatures using maximum satisfiability. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17), San Diego, CA.
Kaspersky (2022). Kaspersky Security Bulletin 2022. Statistics — securelist.com. [link]. [Acessado em 20-Jun-2023].
Minghao, K., Chyang, K. Y., and Karuppiah, E. K. (2007). Performance analysis and optimization of user space versus kernel space network application. In 2007 5th Student Conference on Research and Development, pages 1–6.
Mohanta, A. and Saldanha, A. (2020). Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware. Springer.
Newman, M. E. J. (2004). Fast algorithm for detecting community structure in networks. Phys. Rev. E, 69:066133.
Pinto, R., Delbem, A., and Monaco, F. (2017). Caracterização do perfil de consumo de recursos de programas binários utilizando a técnica damicore. In Anais do XIII Simpósio Brasileiro de Sistemas de Informação, Porto Alegre, RS, Brasil. SBC.
Razeghi Borojerdi, H. and Abadi, M. (2013). Malhunter: Automatic generation of multiple behavioral signatures for polymorphic malware detection. In ICCKE 2013.
Saitou, N. and Nei, M. (1987). The neighbor-joining method: a new method for reconstructing phylogenetic trees. Molecular Biology and Evolution, 4(4):406–425.
Sanches, A., Cardoso, J. M., and Delbem, A. C. (2011). Identifying merge-beneficial software kernels for hardware implementation. In 2011 International Conference on Reconfigurable Computing and FPGAs, pages 74–79.
Singh, J. and Singh, J. (2021). A survey on machine learning-based malware detection in executable files. Journal of Systems Architecture, 112:101861.
Tang, Y., Xiao, B., and Lu, X. (2009). Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms. Computers & Security, 28(8).
Aslan, Ö. A. and Samet, R. (2020). A comprehensive review on malware detection approaches. IEEE Access, 8:6249–6271.
Botacin, M., Alves, M. Z., Oliveira, D., and Grégio, A. (2022). Heaven: A hardware-enhanced antivirus engine to accelerate real-time, signature-based malware detection. Expert Systems with Applications, 201:117083.
Campion, M., Dalla Preda, M., and Giacobazzi, R. (2021). Learning metamorphic malware signatures from samples. Journal of Computer Virology and Hacking Techniques, 17(3):167–183.
David, O. E. and Netanyahu, N. S. (2015). Deepsign: Deep learning for automatic malware signature generation and classification. In 2015 International Joint Conference on Neural Networks (IJCNN), pages 1–8.
Federal, P. (2021). Relatório do SISCRIM de crimes causados à Administração Pública Federal por ransonware. documento reservado e não publicado.
Feng, Y., Bastani, O., Martins, R., Dillig, I., and Anand, S. (2017). Automated synthesis of semantic malware signatures using maximum satisfiability. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17), San Diego, CA.
Kaspersky (2022). Kaspersky Security Bulletin 2022. Statistics — securelist.com. [link]. [Acessado em 20-Jun-2023].
Minghao, K., Chyang, K. Y., and Karuppiah, E. K. (2007). Performance analysis and optimization of user space versus kernel space network application. In 2007 5th Student Conference on Research and Development, pages 1–6.
Mohanta, A. and Saldanha, A. (2020). Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware. Springer.
Newman, M. E. J. (2004). Fast algorithm for detecting community structure in networks. Phys. Rev. E, 69:066133.
Pinto, R., Delbem, A., and Monaco, F. (2017). Caracterização do perfil de consumo de recursos de programas binários utilizando a técnica damicore. In Anais do XIII Simpósio Brasileiro de Sistemas de Informação, Porto Alegre, RS, Brasil. SBC.
Razeghi Borojerdi, H. and Abadi, M. (2013). Malhunter: Automatic generation of multiple behavioral signatures for polymorphic malware detection. In ICCKE 2013.
Saitou, N. and Nei, M. (1987). The neighbor-joining method: a new method for reconstructing phylogenetic trees. Molecular Biology and Evolution, 4(4):406–425.
Sanches, A., Cardoso, J. M., and Delbem, A. C. (2011). Identifying merge-beneficial software kernels for hardware implementation. In 2011 International Conference on Reconfigurable Computing and FPGAs, pages 74–79.
Singh, J. and Singh, J. (2021). A survey on machine learning-based malware detection in executable files. Journal of Systems Architecture, 112:101861.
Tang, Y., Xiao, B., and Lu, X. (2009). Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms. Computers & Security, 28(8).
Publicado
18/09/2023
Como Citar
CHAHUD, Leonardo Gonçalves; FAVORETTI, João Pedro; ROCHA, Rafael; SANGY JR., Nilson; VERRI, Filipe; DRAGO, Idilio; PEREIRA JUNIOR, Lourenço Alves.
SAUCY SPICE: uma nova abordagem eficiente para a detecção de malwares baseada em assinatura. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 209-222.
DOI: https://doi.org/10.5753/sbseg.2023.233610.
