UCL Discovery Stage
UCL home » Library Services » Electronic resources » UCL Discovery Stage

The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity

Mariconti, E; Onaolapo, J; Ross, G; Stringhini, G; (2017) The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity. In: Proceedings of the 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET '17). USENIX: Vancouver, Canada. Green open access

[thumbnail of causality-CSET2017.pdf]
Preview
Text
causality-CSET2017.pdf - Accepted Version

Download (384kB) | Preview

Abstract

Malware samples are created at a pace that makes it difficult for analysis to keep up. When analyzing an unknown malware sample, it is important to assess its capabilities to determine how much damage it can make to its victims, and perform prioritization decisions on which threats should be dealt with first. In a corporate environment, for example, a malware infection that is able to steal financial information is much more critical than one that is sending email spam, and should be dealt with the highest priority. In this paper we present a statistical approach able to determine causality relations between a specific trigger action (e.g., a user visiting a certain website in the browser) and a malware sample. We show that we can learn the typology of a malware sample by presenting it with a number of trigger actions commonly performed by users, and studying to which events the malware reacts. We show that our approach is able to correctly infer causality relations between information stealing malware and login events on websites, as well as between adware and websites containing advertisements.

Type: Proceedings paper
Title: The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity
Event: 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET '17)
Location: Vancouver, BC
Dates: 14 August 2017 - 18 August 2017
Open access status: An open access version is available from UCL Discovery
Publisher version: https://www.usenix.org/conference/cset17/workshop-...
Language: English
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery-pp.ucl.ac.uk/id/eprint/1563507
Downloads since deposit
2,356Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item