Mariconti, E;
Onaolapo, J;
Ross, G;
Stringhini, G;
(2017)
The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity.
In:
Proceedings of the 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET '17).
USENIX: Vancouver, Canada.
Preview |
Text
causality-CSET2017.pdf - Accepted Version Download (384kB) | Preview |
Abstract
Malware samples are created at a pace that makes it difficult for analysis to keep up. When analyzing an unknown malware sample, it is important to assess its capabilities to determine how much damage it can make to its victims, and perform prioritization decisions on which threats should be dealt with first. In a corporate environment, for example, a malware infection that is able to steal financial information is much more critical than one that is sending email spam, and should be dealt with the highest priority. In this paper we present a statistical approach able to determine causality relations between a specific trigger action (e.g., a user visiting a certain website in the browser) and a malware sample. We show that we can learn the typology of a malware sample by presenting it with a number of trigger actions commonly performed by users, and studying to which events the malware reacts. We show that our approach is able to correctly infer causality relations between information stealing malware and login events on websites, as well as between adware and websites containing advertisements.
Type: | Proceedings paper |
---|---|
Title: | The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity |
Event: | 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET '17) |
Location: | Vancouver, BC |
Dates: | 14 August 2017 - 18 August 2017 |
Open access status: | An open access version is available from UCL Discovery |
Publisher version: | https://www.usenix.org/conference/cset17/workshop-... |
Language: | English |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
URI: | https://discovery-pp.ucl.ac.uk/id/eprint/1563507 |
Archive Staff Only
View Item |