loading
Documents

Research.Publish.Connect.

Paper

Authors: Robert Luh 1 ; Gregor Schramm 2 ; Markus Wagner 3 and Sebastian Schrittwieser 2

Affiliations: 1 St. Pölten University of Applied Sciences and De Montfort University, Austria ; 2 St. Pölten University of Applied Sciences, Austria ; 3 St. Pölten UAS, Austria

ISBN: 978-989-758-209-7

Keyword(s): Malware Analysis, System Behavior, Attribute Grammar, Knowledge Generation.

Abstract: Targeted attacks on IT systems are a rising threat against the confidentiality of sensitive data and the availability of critical systems. With the emergence of Advanced Persistent Threats (APTs), it has become more important than ever to fully understand the particulars of such attacks. Grammar inference offers a powerful foundation for the automated extraction of behavioral patterns from sequential system traces. In order to facilitate the interpretation and analysis of APTs, we present a grammar inference system based on Sequitur, a greedy compression algorithm that constructs a context-free grammar (CFG) from string-based input data. Next to recursive rule extraction, we expanded the procedure through automated assessment routines capable of dealing with multiple input sources and types. This enables the identification of relevant patterns in sequential corpora of arbitrary quantity and size. On the formal side, we extended the CFG with attributes that help depict the extracted (m alicious) actions in a comprehensive fashion. The tool’s output is automatically mapped to the grammar for further parsing and discovery-focused pattern visualization. (More)

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.80.177.176

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Luh R., Schramm G., Wagner M. and Schrittwieser S. (2017). Sequitur-based Inference and Analysis Framework for Malicious System Behavior.In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017) ISBN 978-989-758-209-7, pages 632-643. DOI: 10.5220/0006250206320643

@conference{forse17,
author={Robert Luh and Gregor Schramm and Markus Wagner and Sebastian Schrittwieser},
title={Sequitur-based Inference and Analysis Framework for Malicious System Behavior},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)},
year={2017},
pages={632-643},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006250206320643},
isbn={978-989-758-209-7},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)
TI - Sequitur-based Inference and Analysis Framework for Malicious System Behavior
SN - 978-989-758-209-7
AU - Luh R.
AU - Schramm G.
AU - Wagner M.
AU - Schrittwieser S.
PY - 2017
SP - 632
EP - 643
DO - 10.5220/0006250206320643

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.