參考文獻 |
[ACK 2007] Moser, A., Kruegel, C., and Kirda, “Exploring Multiple Execution Paths for Malware Analysis.” In IEEE Symposium on Security and Privacy, Oakland, 2007.
[ESK 2011]EGELE, M., SCHOLTE, T., KIRDA, E., KRUEGEL, C., “A Survey on automated dynamic malware analysis techniques and tools”, ACM Computing Surveys ,2011.
[KREB 2007]Krebs, B., “Mpack exploit tool slips through security holes.” The malwareWashington Post, June 2007.
[KASP 2002] Kaspersky Corporation,”Attempts to infect users’ computers increase by ver25%.”
,2011.http://www.kaspersky.com/reading_room?chapter=207717258
[SYMA 2010] Symantec Corporation, “Symantec Global Internet Security Threat Report, Volume 16” 2010.http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf
[SYMA 2011] Symantec Corporation, “Symantec Global Internet Security Threat Report , Volume 16”, 2011.http://www.symantec.com/business/threatreport/index.jsp
[HZD 2008] Heng, Y., Zhenkai, L., Dawn, S.. “HookFinder: Identifying and understanding malware hooking behaviors.” , In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS’08), February 2008.
[VASU 2008] Vasudevan, A., “MalTRAK_Tracking and Eliminating Unknown Malware,” in Proceedings of Computer Security Applications Conference , pp.: 311 - 321, 2008.
[ALSA 2008] Alsagoff, S., “Malware Self Protection Mechanism” Information Technology, 2008. ITSim 2008. International Symposium on 3, pp.:1-8, 2008 .
[LBK 2008] Lanzi, A.,Balzarotti,D., Kruegel,C., “AccessMiner: Using system-centric models for malware protection” In: Proceedings of the 17th ACM conference on Computer and communications security, ACM (2010) pp.:399–412 ,2010.
[KCK 2009] Kolbitsch, C., Comparetti, PM., Kruegel, C., “Effective and efficient malware detection at the end host,” In USENIX Security Symposium, Montr′eal, Canada, August 2009.
[MWCZ 2010] Miao, QG., Wang, Y., Cao, Y., Zhang, XG., “APICapture-A tool for monitoring the behavior of malware,” Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, pp.: 390-394, August 2010.
[MCD 2010] Morales, J. A., Clarke, P. J., Deng. Y., “Identification of file infecting virus through detection of self-reference replication” Journal in Computer Virology,2010.
[MCD 2008] Morales, J. A., Clarke, P. J., Deng “Characterizing and detecting virus replication,” Proceedings of Third International Conference on Systems, Cancun, pp.. 214-219, 2008.
[SVS 2007] Skormin, V., Volynkin, A., Summerville, D., “Prevention of information attacks by run-time detection of self-replication in computer codes,” Journal in Computer Virology, 2010.
[EK 2007] Egele, M.,kruegel, E., “Dynamic spyware analysis,” In Proceedings of USENIX Annual Technical Conference, 2007.
[YSE 2007] Yin, H., Song, D., Egele, M., Kruegel,. “Panorama: capturing system-wide information flow for malware detection and analysis” Proceedings of the 14th ACM conference on Computer and communications security, pp.:116-127, 2007.
[WRV 2005] Wang, YM., Roussev, R., Verbowski, C.,“Gatekeeper: monitoring auto-start extensibility points(ASEPs) for Spyware management” In Proceedings of the 18th Large Installation System Administration Conference (LISA ’04), Atlanta, GA, November 2004.
[WWK 2008] Wu, M.W., Wang,Y.M., Kuo, S.Y.,“Self-Healing Spyware: Detection, and Remediation” Reliability, IEEE Transactions on, pp.: 588 – 596,2007.
[KAS 2010] Kaspersky Corporation, “Kaspersky Security Bulletin 2010. Statistics” http://www.securelist.com/en/analysis/204792162/Kaspersky_Security_Bulletin_2010_Statistics_2010.,2010
[SOPHOS 2010] W32/Krap http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Mal~Krap-I.aspx
[SOPHOS 2008] Troj/Lineag http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Troj~Lineag-DQ.aspx
[SOPHOS 2010] Mal/Katusha-A http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Mal~Katusha-A.aspx.
[FY 2010]Fukushima,Y.,Sakai,A. “A behavior based malware detection scheme for avoiding false positivet,” Proceedings of the 6th IEEE Secure Network Protocols (NPSec), pp.: 79 – 84,2010
[WPZ 2009] Wang, C., Pang, J., Zhao, R., “Using API Sequence and Bayes Algorithm to Detect Suspicious Behavior,”International Conference on Communication Software and Networks, 2009.
[TA 2001] Taylor. R. Browning, “Applying the design structure matrix to system decomposition and integration problems: a review and new directions” IEEE Transactions on Engineering management, pp.:292-306, 2001.
[BHB 2009] Bayer, U., Habibi, I ., Balzarotti., “A View on Current Malware Behaviors,” Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more,2009
[AV 2010] Alazab, M., Venkataraman , S., “Towards Understanding Malware Behaviour by the Extraction of API Calls,” IEEE/ACM Transactions on Networking, Volume 15, 2010.
[PM 2010] Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645.2010
[EVAD 2009] Evading userland hooks - problems w/hooking implementations, http://www.stanford.edu/∼stinson/paper notes/win dev/hooks/defeating hooks.txt
[KT 2009] Keong, T.C., AntiHookExec Version 1.0 (Anti API Hooking
Proof-Of-Concept), http://www.security.org.sg/code/antihookexec.html.
[VX 2010] VX Heaven. http://vx.netlux.org/,2010
[OC 2010] Offensive Computing, http://www.offensivecomputing.net/.
[PERF 2010] Perfmon ,http://technet.microsoft.com/en-us/library/bb490957.aspx
[KAS 2011] Kaspersky Corporation, “Monthly Malware Statistics, March 2011”,2011
[VT 2009] Virus total, http://www.virustotal.com/
[MD 2010] Troj/Mdrop-COH,Aliases:Trojan-GameThief.Win32.Magania.ddox
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-COH.aspx
[CON 2010]SOPHOS: Mal/Conficker-A:
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Conficker-A/detailed-analysis.aspx
[SAL2010]SOPHOS: W32/00 Sality-AM
http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/W32~Sality-AM.aspx
[CLAM 2010]ClamAV , http://www.clamav.net/lang/en/,2010.
[NOVA 2010]Nova Shield , http://www.novashield.com/.2010
|