SAUCY SPICE: uma nova abordagem eficiente para a detecção de malwares baseada em assinatura
Abstract
The development of security solutions capable of correctly identifying and blocking malware has never expressed itself with such need. Nevertheless, nowadays solutions carry significant limitating issues with special regard to performance and scalability. Therefore, in the present work we propose the SAUCY SPICE: a signature based security solution that identifies and blocks malware threats through a filtering policy that can be well generalized to several malware executables. It also has a detection module designed with high performance and efficiency in mind. Experimentally, the results have shown high accuracy on the identification of malwares and minimum overhead caused by the solution.
References
Abusitta, A., Li, M. Q., and Fung, B. C. (2021). Malware classification and composition analysis: A survey of recent developments. Journal of Information Security and Applications, 59:102828.
Aslan, Ö. A. and Samet, R. (2020). A comprehensive review on malware detection approaches. IEEE Access, 8:6249–6271.
Botacin, M., Alves, M. Z., Oliveira, D., and Grégio, A. (2022). Heaven: A hardware-enhanced antivirus engine to accelerate real-time, signature-based malware detection. Expert Systems with Applications, 201:117083.
Campion, M., Dalla Preda, M., and Giacobazzi, R. (2021). Learning metamorphic malware signatures from samples. Journal of Computer Virology and Hacking Techniques, 17(3):167–183.
David, O. E. and Netanyahu, N. S. (2015). Deepsign: Deep learning for automatic malware signature generation and classification. In 2015 International Joint Conference on Neural Networks (IJCNN), pages 1–8.
Federal, P. (2021). Relatório do SISCRIM de crimes causados à Administração Pública Federal por ransonware. documento reservado e não publicado.
Feng, Y., Bastani, O., Martins, R., Dillig, I., and Anand, S. (2017). Automated synthesis of semantic malware signatures using maximum satisfiability. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17), San Diego, CA.
Kaspersky (2022). Kaspersky Security Bulletin 2022. Statistics — securelist.com. [link]. [Acessado em 20-Jun-2023].
Minghao, K., Chyang, K. Y., and Karuppiah, E. K. (2007). Performance analysis and optimization of user space versus kernel space network application. In 2007 5th Student Conference on Research and Development, pages 1–6.
Mohanta, A. and Saldanha, A. (2020). Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware. Springer.
Newman, M. E. J. (2004). Fast algorithm for detecting community structure in networks. Phys. Rev. E, 69:066133.
Pinto, R., Delbem, A., and Monaco, F. (2017). Caracterização do perfil de consumo de recursos de programas binários utilizando a técnica damicore. In Anais do XIII Simpósio Brasileiro de Sistemas de Informação, Porto Alegre, RS, Brasil. SBC.
Razeghi Borojerdi, H. and Abadi, M. (2013). Malhunter: Automatic generation of multiple behavioral signatures for polymorphic malware detection. In ICCKE 2013.
Saitou, N. and Nei, M. (1987). The neighbor-joining method: a new method for reconstructing phylogenetic trees. Molecular Biology and Evolution, 4(4):406–425.
Sanches, A., Cardoso, J. M., and Delbem, A. C. (2011). Identifying merge-beneficial software kernels for hardware implementation. In 2011 International Conference on Reconfigurable Computing and FPGAs, pages 74–79.
Singh, J. and Singh, J. (2021). A survey on machine learning-based malware detection in executable files. Journal of Systems Architecture, 112:101861.
Tang, Y., Xiao, B., and Lu, X. (2009). Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms. Computers & Security, 28(8).
Aslan, Ö. A. and Samet, R. (2020). A comprehensive review on malware detection approaches. IEEE Access, 8:6249–6271.
Botacin, M., Alves, M. Z., Oliveira, D., and Grégio, A. (2022). Heaven: A hardware-enhanced antivirus engine to accelerate real-time, signature-based malware detection. Expert Systems with Applications, 201:117083.
Campion, M., Dalla Preda, M., and Giacobazzi, R. (2021). Learning metamorphic malware signatures from samples. Journal of Computer Virology and Hacking Techniques, 17(3):167–183.
David, O. E. and Netanyahu, N. S. (2015). Deepsign: Deep learning for automatic malware signature generation and classification. In 2015 International Joint Conference on Neural Networks (IJCNN), pages 1–8.
Federal, P. (2021). Relatório do SISCRIM de crimes causados à Administração Pública Federal por ransonware. documento reservado e não publicado.
Feng, Y., Bastani, O., Martins, R., Dillig, I., and Anand, S. (2017). Automated synthesis of semantic malware signatures using maximum satisfiability. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17), San Diego, CA.
Kaspersky (2022). Kaspersky Security Bulletin 2022. Statistics — securelist.com. [link]. [Acessado em 20-Jun-2023].
Minghao, K., Chyang, K. Y., and Karuppiah, E. K. (2007). Performance analysis and optimization of user space versus kernel space network application. In 2007 5th Student Conference on Research and Development, pages 1–6.
Mohanta, A. and Saldanha, A. (2020). Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware. Springer.
Newman, M. E. J. (2004). Fast algorithm for detecting community structure in networks. Phys. Rev. E, 69:066133.
Pinto, R., Delbem, A., and Monaco, F. (2017). Caracterização do perfil de consumo de recursos de programas binários utilizando a técnica damicore. In Anais do XIII Simpósio Brasileiro de Sistemas de Informação, Porto Alegre, RS, Brasil. SBC.
Razeghi Borojerdi, H. and Abadi, M. (2013). Malhunter: Automatic generation of multiple behavioral signatures for polymorphic malware detection. In ICCKE 2013.
Saitou, N. and Nei, M. (1987). The neighbor-joining method: a new method for reconstructing phylogenetic trees. Molecular Biology and Evolution, 4(4):406–425.
Sanches, A., Cardoso, J. M., and Delbem, A. C. (2011). Identifying merge-beneficial software kernels for hardware implementation. In 2011 International Conference on Reconfigurable Computing and FPGAs, pages 74–79.
Singh, J. and Singh, J. (2021). A survey on machine learning-based malware detection in executable files. Journal of Systems Architecture, 112:101861.
Tang, Y., Xiao, B., and Lu, X. (2009). Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms. Computers & Security, 28(8).
Published
2023-09-18
How to Cite
CHAHUD, Leonardo Gonçalves; FAVORETTI, João Pedro; ROCHA, Rafael; SANGY JR., Nilson; VERRI, Filipe; DRAGO, Idilio; PEREIRA JUNIOR, Lourenço Alves.
SAUCY SPICE: uma nova abordagem eficiente para a detecção de malwares baseada em assinatura. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 209-222.
DOI: https://doi.org/10.5753/sbseg.2023.233610.
