Building malware classificators usable by State security agencies
El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar análisis de malware, esta requiere que un analista de malware desarrolle u...
- Autores:
-
Useche-Peláez, David Esteban
Díaz-López, Daniel Orlando
Sepúlveda-Alzate, Daniela
Cabuya-Padilla, Diego Edison
- Tipo de recurso:
- Article of investigation
- Fecha de publicación:
- 2018
- Institución:
- Escuela Colombiana de Ingeniería Julio Garavito
- Repositorio:
- Repositorio Institucional ECI
- Idioma:
- eng
- OAI Identifier:
- oai:repositorio.escuelaing.edu.co:001/1474
- Acceso en línea:
- https://repositorio.escuelaing.edu.co/handle/001/1474
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072
- Palabra clave:
- Cuckoo sandbox
Data science
Machine learning
Malware analysis
Sandboxing
Ciencia de datos
Aprendizaje de máquina
Análisis de malware
- Rights
- openAccess
- License
- https://creativecommons.org/licenses/by/4.0/
| id |
ESCUELAIG2_062a352f9a8e67a2a993918e10c1ec4f |
|---|---|
| oai_identifier_str |
oai:repositorio.escuelaing.edu.co:001/1474 |
| network_acronym_str |
ESCUELAIG2 |
| network_name_str |
Repositorio Institucional ECI |
| repository_id_str |
|
| dc.title.spa.fl_str_mv |
Building malware classificators usable by State security agencies |
| dc.title.alternative.spa.fl_str_mv |
Construcción de clasificadores de malware para agencias de seguridad del Estado |
| title |
Building malware classificators usable by State security agencies |
| spellingShingle |
Building malware classificators usable by State security agencies Cuckoo sandbox Data science Machine learning Malware analysis Sandboxing Ciencia de datos Aprendizaje de máquina Análisis de malware |
| title_short |
Building malware classificators usable by State security agencies |
| title_full |
Building malware classificators usable by State security agencies |
| title_fullStr |
Building malware classificators usable by State security agencies |
| title_full_unstemmed |
Building malware classificators usable by State security agencies |
| title_sort |
Building malware classificators usable by State security agencies |
| dc.creator.fl_str_mv |
Useche-Peláez, David Esteban Díaz-López, Daniel Orlando Sepúlveda-Alzate, Daniela Cabuya-Padilla, Diego Edison |
| dc.contributor.author.none.fl_str_mv |
Useche-Peláez, David Esteban Díaz-López, Daniel Orlando Sepúlveda-Alzate, Daniela Cabuya-Padilla, Diego Edison |
| dc.contributor.corporatename.spa.fl_str_mv |
Escuela Colombiana de Ingeniería Julio Garavito. |
| dc.contributor.researchgroup.spa.fl_str_mv |
CTG-Informática |
| dc.subject.proposal.eng.fl_str_mv |
Cuckoo sandbox Data science Machine learning Malware analysis Sandboxing |
| topic |
Cuckoo sandbox Data science Machine learning Malware analysis Sandboxing Ciencia de datos Aprendizaje de máquina Análisis de malware |
| dc.subject.proposal.spa.fl_str_mv |
Ciencia de datos Aprendizaje de máquina Análisis de malware |
| description |
El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar análisis de malware, esta requiere que un analista de malware desarrolle un análisis riguroso de los resultados para determinar la naturaleza de la muestra: goodware o malware. Este artículo propone dos modelos de aprendizaje automáticos capaces de clasificar muestras con base a un análisis de firmas o permisos extraídos por medio de Cuckoo sandbox, Androguard y VirusTotal. En este artículo también se presenta una propuesta de arquitectura de centinela IoT que protege dispositivos IoT, usando uno de los modelos de aprendizaje automáticos desarrollados anteriormente. Finalmente, diferentes enfoques y perspectivas acerca del uso de sandboxing y aprendizaje automático por parte de agencias de seguridad del Estado también son aportados. |
| publishDate |
2018 |
| dc.date.issued.none.fl_str_mv |
2018 |
| dc.date.accessioned.none.fl_str_mv |
2021-05-24T20:41:43Z 2021-10-01T17:22:42Z |
| dc.date.available.none.fl_str_mv |
2021-05-24T20:41:43Z 2021-10-01T17:22:42Z |
| dc.type.spa.fl_str_mv |
Artículo de revista |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.version.spa.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.coar.spa.fl_str_mv |
http://purl.org/coar/resource_type/c_2df8fbb1 |
| dc.type.content.spa.fl_str_mv |
Text |
| dc.type.driver.spa.fl_str_mv |
info:eu-repo/semantics/article |
| dc.type.redcol.spa.fl_str_mv |
http://purl.org/redcol/resource_type/ART |
| format |
http://purl.org/coar/resource_type/c_2df8fbb1 |
| status_str |
publishedVersion |
| dc.identifier.issn.none.fl_str_mv |
1692-1798 2339-3483 |
| dc.identifier.uri.none.fl_str_mv |
https://repositorio.escuelaing.edu.co/handle/001/1474 |
| dc.identifier.doi.none.fl_str_mv |
doi.org/10.15332/iteckne.v15i2.2072 |
| dc.identifier.url.none.fl_str_mv |
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072 |
| identifier_str_mv |
1692-1798 2339-3483 doi.org/10.15332/iteckne.v15i2.2072 |
| url |
https://repositorio.escuelaing.edu.co/handle/001/1474 http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072 |
| dc.language.iso.spa.fl_str_mv |
eng |
| language |
eng |
| dc.relation.citationedition.spa.fl_str_mv |
Volúmen 15, Número 2, diciembre 2018 |
| dc.relation.citationendpage.spa.fl_str_mv |
121 |
| dc.relation.citationissue.spa.fl_str_mv |
2 |
| dc.relation.citationstartpage.spa.fl_str_mv |
107 |
| dc.relation.citationvolume.spa.fl_str_mv |
15 |
| dc.relation.indexed.spa.fl_str_mv |
N/A |
| dc.relation.ispartofjournal.spa.fl_str_mv |
ITECKNE |
| dc.relation.references.spa.fl_str_mv |
Kaspersky, “Kaspersky Lab detects 360,000 new malicious files daily – up 11.5% from 2016,” 2014. [Online]. Available: https://kaspersky.com/about/press-releases/2017_kaspersky-lab-detects-360000-new-malicious-files-daily. [Accessed: 13-Aug-2018]. M. Sikorski and A. Honig, Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. No Starch Press, 2012. J. M. Ehrenfeld, “WannaCry, Cybersecurity and Health Information Technology: A Time to Act,” J. Med. Syst., vol. 41, no. 7, p. 104, Jul. 2017 M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT,” in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017, pp. 2177-2184 C. Wang, J. Ding, T. Guo, and B. Cui, “A Malware Detection Method Based on Sandbox, Binary Instrumentation and Multidimensional Feature Extraction,” in Advances on Broad-Band Wireless Computing, Communication and Applications, 2018, pp. 427-438. I. Santos, J. Devesa, F. Brezo, J. Nieves, and P. G. Bringas, “OPEM: A static-dynamic approach for machine-learning-based malware detection,” in Advances in Intelligent Systems and Computing, 2013, vol. 189 AISC, pp. 271-280. P. Burnap, R. French, F. Turner, and K. Jones, “Malware classification using self organising feature maps and machine activity data,” Comput. Secur., vol. 73, pp. 399-410, Mar. 2018. S. E. Donaldson, S. G. Siegel, C. K. Williams, and A. Aslam, “Defining the Cybersecurity Challenge,” in Enterprise Cybersecurity Study Guide: How to Build a Successful Cyberdefense Program Against Advanced Threats, Berkeley, CA: Apress, 2018, pp. 3-51. O. Ferrand, “How to detect the Cuckoo Sandbox and hardening it ? Keywords.” T. Teller and A. Hayon, “Enhancing Automated Malware Analysis Machines with Memory Analysis.” R. Messier, Network Forensics. Wiley, 2017. D. Oktavianto and I. Muhardianto, Cuckoo malware analysis: analyze malware using Cuckoo Sandbox M. A. Waller and S. E. Fawcett, “Data Science, Predictive Analytics, and Big Data: A Revolution That Will Transform Supply Chain Design and Management.” F. Provost and T. Fawcett, Data Science for Business: What You Need to Know about Data Mining and Data-Analytic Thinking. O’Reilly Media, 2013. G. S. Nelson, The analytics lifecycle toolkit: a practical guide for an effective analytics capability D. (Computer scientist) Dietrich, R. Heller, B. Yang, and EMC Education Services, Data science and big data analytics: discovering, analyzing, visualizing and presenting data. T. Dunning and B. E. Friedman, Practical machine learning: a new look at anomaly detection. O’Reilly Media, 2014. H. Chen, R. H. L. Chiang, and V. C. Storey, “Business Intelligence and Analytics: From Big Data to Big Impact,” MIS Quarterly, vol. 36. Management Information Systems Research Center, University of Minnesota, pp. 1165-1188, 2012. L. Sebastian-Coleman, Navigating the Labyrinth: An Executive Guide to Data Management. Technics Publications, 2018. A. L’heureux, K. Grolinger, H. F. El Yamany, M. A. M. Capretz, A. L’heureux, and K. Grolinger, “Machine Learning with Big Data: Challenges and Approaches 4 PUBLICATIONS 100 CITATIONS SEE PROFILE,” 2017 B. Kaluža, Instant Weka how-to: implement cutting-edge data mining aspects in Weka to your applications. Packt Pub, 2013. D. Tao, S. Member, X. Tang, S. Member, X. Li, and X. Wu, “Asymmetric Bagging and Random Subspace for Support Vector Machines-Based Relevance Feedback in Image Retrieval.” J. M. G. Anthony J. Viera, “Understanding interobserver agreement: the kappa statistic,” 2005. C. Willmott and K. Matsuura, “Advantages of the mean absolute error (MAE) over the root mean square error (RMSE) in assessing average model performance,” Clim. Res., vol. 30, no. 1, pp. 79-82, Dec. 2005. R. Lippmann et al., “Validating and Restoring Defense in Depth Using Attack Graphs,” in MILCOM 2006, 2006, pp. 1-10. S. Snapp et al., “DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype,” http://www.academia.edu/download/4378230/10.1.1.46.4991.pdf, 2017. M. Mansoori, I. Welch, and Q. Fu, “YALIH, yet another low interaction honeyclient,” Proc. Twelfth Australas. Inf. Secur. Conf. - Vol. 149, pp. 7-15, 2014 Symantec Corporation, “ISTR Internet Security Threat Report.,” Mountain View, CA 94043, 2018. S. Corporation, “ISTR Internet Security Threat Report Volume 23,” Mountain View, CA 94043, 2018. A. Yokoyama et al., “Sandprint: Fingerprinting malware sandboxes to provide intelligence for sandbox evasion,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, vol. 9854 LNCS, pp. 165-187. D. Harley, R. Slade, and U. E. Gattiker, “Polymorphism,” in Viruses Revealed: Understand and counter maliciosus software, United States: McGraw-Hill/Osborne, 2001, p. 10. M. Stephens, “Sandbox,” in Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia, Eds. Boston, MA: Springer US, 2011, pp. 1075-1078. Gass S.I., Ed., “Machine Learning,” in Encyclopedia of Operations Research and Management Science, Boston, MA: Springer US, 2013, pp. 909-909. Z. C. Schreuders, T. McGill, and C. Payne, “The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls,” Comput. Secur, vol. 32, pp. 219-241, Feb. 2013 D. P. (Daniel P. Bovet and M. Cesati, Understanding the Linux kernel. United States of America: O’Reilly, 2002. CGFM, “Comando Conjunto Cibernético,” 2018. [Online]. Available: http://www.ccoc.mil.co/.[Accessed: 13-Aug-2018]. PONAL, “CSIRT - Equipo de Respuesta a Incidentes Informáticos.” [Online]. Available: https://cc-csirt.policia.gov.co/Sandbox. [Accessed: 13-Aug-2018]. |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| dc.rights.uri.spa.fl_str_mv |
https://creativecommons.org/licenses/by/4.0/ |
| dc.rights.accessrights.spa.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.creativecommons.eng.fl_str_mv |
Atribución 4.0 Internacional (CC BY 4.0) |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by/4.0/ Atribución 4.0 Internacional (CC BY 4.0) http://purl.org/coar/access_right/c_abf2 |
| eu_rights_str_mv |
openAccess |
| dc.format.extent.spa.fl_str_mv |
15 páginas |
| dc.format.mimetype.spa.fl_str_mv |
application/pdf |
| dc.publisher.place.spa.fl_str_mv |
Colombia |
| dc.source.spa.fl_str_mv |
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072 |
| institution |
Escuela Colombiana de Ingeniería Julio Garavito |
| bitstream.url.fl_str_mv |
https://repositorio.escuelaing.edu.co/bitstream/001/1474/1/license.txt https://repositorio.escuelaing.edu.co/bitstream/001/1474/2/Building%20malware%20classificators%20usable%20by%20State%20security%20agencies.pdf https://repositorio.escuelaing.edu.co/bitstream/001/1474/3/Building%20malware%20classificators%20usable%20by%20State%20security%20agencies.pdf.txt https://repositorio.escuelaing.edu.co/bitstream/001/1474/4/Building%20malware%20classificators%20usable%20by%20State%20security%20agencies.pdf.jpg |
| bitstream.checksum.fl_str_mv |
5a7ca94c2e5326ee169f979d71d0f06e b9cf6ca9b33560cb28d3d5af6458a8cd 28800026a093c9f65f174dc1460b9573 fab134ab52ef9daa01af418ff1f03f1e |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Escuela Colombiana de Ingeniería Julio Garavito |
| repository.mail.fl_str_mv |
repositorio.eci@escuelaing.edu.co |
| _version_ |
1808494292801421312 |
| spelling |
Useche-Peláez, David Esteban7e2198ca7dd0436acd7b3dde363bcf7a600Díaz-López, Daniel Orlandoce52f132c16a863cd9518bcc59c77df9600Sepúlveda-Alzate, Daniela264d196f901da99d3dc49f3bcd580dd4600Cabuya-Padilla, Diego Edison3d6828523537291569013ac3e62774eb600Escuela Colombiana de Ingeniería Julio Garavito.CTG-Informática2021-05-24T20:41:43Z2021-10-01T17:22:42Z2021-05-24T20:41:43Z2021-10-01T17:22:42Z20181692-17982339-3483https://repositorio.escuelaing.edu.co/handle/001/1474doi.org/10.15332/iteckne.v15i2.2072http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar análisis de malware, esta requiere que un analista de malware desarrolle un análisis riguroso de los resultados para determinar la naturaleza de la muestra: goodware o malware. Este artículo propone dos modelos de aprendizaje automáticos capaces de clasificar muestras con base a un análisis de firmas o permisos extraídos por medio de Cuckoo sandbox, Androguard y VirusTotal. En este artículo también se presenta una propuesta de arquitectura de centinela IoT que protege dispositivos IoT, usando uno de los modelos de aprendizaje automáticos desarrollados anteriormente. Finalmente, diferentes enfoques y perspectivas acerca del uso de sandboxing y aprendizaje automático por parte de agencias de seguridad del Estado también son aportados.Sandboxing has been used regularly to analyze software samples and determine if these contain suspicious properties or behaviors. Even if sandboxing is a powerful technique to perform malware analysis, it requires that a malware analyst performs a rigorous analysis of the results to determine the nature of the sample: goodware or malware. This paper proposes two machine learning models able to classify samples based on signatures and permissions obtained through Cuckoo sandbox, Androguard and VirusTotal. The developed models are also tested obtaining an acceptable percentage of correctly classified samples, being in this way useful tools for a malware analyst. A proposal of architecture for an IoT sentinel that uses one of the developed machine learning model is also showed. Finally, different approaches, perspectives, and challenges about the use of sandboxing and machine learning by security teams in State security agencies are also shared.Recibido: 20/03/2018 Aceptado: 25/06/201815 páginasapplication/pdfenghttps://creativecommons.org/licenses/by/4.0/info:eu-repo/semantics/openAccessAtribución 4.0 Internacional (CC BY 4.0)http://purl.org/coar/access_right/c_abf2http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072Building malware classificators usable by State security agenciesConstrucción de clasificadores de malware para agencias de seguridad del EstadoArtículo de revistainfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_2df8fbb1Textinfo:eu-repo/semantics/articlehttp://purl.org/redcol/resource_type/ARThttp://purl.org/coar/version/c_970fb48d4fbd8a85ColombiaVolúmen 15, Número 2, diciembre 2018121210715N/AITECKNEKaspersky, “Kaspersky Lab detects 360,000 new malicious files daily – up 11.5% from 2016,” 2014. [Online]. Available: https://kaspersky.com/about/press-releases/2017_kaspersky-lab-detects-360000-new-malicious-files-daily. [Accessed: 13-Aug-2018].M. Sikorski and A. Honig, Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. No Starch Press, 2012.J. M. Ehrenfeld, “WannaCry, Cybersecurity and Health Information Technology: A Time to Act,” J. Med. Syst., vol. 41, no. 7, p. 104, Jul. 2017M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi, and S. Tarkoma, “IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT,” in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017, pp. 2177-2184C. Wang, J. Ding, T. Guo, and B. Cui, “A Malware Detection Method Based on Sandbox, Binary Instrumentation and Multidimensional Feature Extraction,” in Advances on Broad-Band Wireless Computing, Communication and Applications, 2018, pp. 427-438.I. Santos, J. Devesa, F. Brezo, J. Nieves, and P. G. Bringas, “OPEM: A static-dynamic approach for machine-learning-based malware detection,” in Advances in Intelligent Systems and Computing, 2013, vol. 189 AISC, pp. 271-280.P. Burnap, R. French, F. Turner, and K. Jones, “Malware classification using self organising feature maps and machine activity data,” Comput. Secur., vol. 73, pp. 399-410, Mar. 2018.S. E. Donaldson, S. G. Siegel, C. K. Williams, and A. Aslam, “Defining the Cybersecurity Challenge,” in Enterprise Cybersecurity Study Guide: How to Build a Successful Cyberdefense Program Against Advanced Threats, Berkeley, CA: Apress, 2018, pp. 3-51.O. Ferrand, “How to detect the Cuckoo Sandbox and hardening it ? Keywords.”T. Teller and A. Hayon, “Enhancing Automated Malware Analysis Machines with Memory Analysis.”R. Messier, Network Forensics. Wiley, 2017.D. Oktavianto and I. Muhardianto, Cuckoo malware analysis: analyze malware using Cuckoo SandboxM. A. Waller and S. E. Fawcett, “Data Science, Predictive Analytics, and Big Data: A Revolution That Will Transform Supply Chain Design and Management.”F. Provost and T. Fawcett, Data Science for Business: What You Need to Know about Data Mining and Data-Analytic Thinking. O’Reilly Media, 2013.G. S. Nelson, The analytics lifecycle toolkit: a practical guide for an effective analytics capabilityD. (Computer scientist) Dietrich, R. Heller, B. Yang, and EMC Education Services, Data science and big data analytics: discovering, analyzing, visualizing and presenting data.T. Dunning and B. E. Friedman, Practical machine learning: a new look at anomaly detection. O’Reilly Media, 2014.H. Chen, R. H. L. Chiang, and V. C. Storey, “Business Intelligence and Analytics: From Big Data to Big Impact,” MIS Quarterly, vol. 36. Management Information Systems Research Center, University of Minnesota, pp. 1165-1188, 2012.L. Sebastian-Coleman, Navigating the Labyrinth: An Executive Guide to Data Management. Technics Publications, 2018.A. L’heureux, K. Grolinger, H. F. El Yamany, M. A. M. Capretz, A. L’heureux, and K. Grolinger, “Machine Learning with Big Data: Challenges and Approaches 4 PUBLICATIONS 100 CITATIONS SEE PROFILE,” 2017B. Kaluža, Instant Weka how-to: implement cutting-edge data mining aspects in Weka to your applications. Packt Pub, 2013.D. Tao, S. Member, X. Tang, S. Member, X. Li, and X. Wu, “Asymmetric Bagging and Random Subspace for Support Vector Machines-Based Relevance Feedback in Image Retrieval.”J. M. G. Anthony J. Viera, “Understanding interobserver agreement: the kappa statistic,” 2005.C. Willmott and K. Matsuura, “Advantages of the mean absolute error (MAE) over the root mean square error (RMSE) in assessing average model performance,” Clim. Res., vol. 30, no. 1, pp. 79-82, Dec. 2005.R. Lippmann et al., “Validating and Restoring Defense in Depth Using Attack Graphs,” in MILCOM 2006, 2006, pp. 1-10.S. Snapp et al., “DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype,” http://www.academia.edu/download/4378230/10.1.1.46.4991.pdf, 2017.M. Mansoori, I. Welch, and Q. Fu, “YALIH, yet another low interaction honeyclient,” Proc. Twelfth Australas. Inf. Secur. Conf. - Vol. 149, pp. 7-15, 2014Symantec Corporation, “ISTR Internet Security Threat Report.,” Mountain View, CA 94043, 2018.S. Corporation, “ISTR Internet Security Threat Report Volume 23,” Mountain View, CA 94043, 2018.A. Yokoyama et al., “Sandprint: Fingerprinting malware sandboxes to provide intelligence for sandbox evasion,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016, vol. 9854 LNCS, pp. 165-187.D. Harley, R. Slade, and U. E. Gattiker, “Polymorphism,” in Viruses Revealed: Understand and counter maliciosus software, United States: McGraw-Hill/Osborne, 2001, p. 10.M. Stephens, “Sandbox,” in Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia, Eds. Boston, MA: Springer US, 2011, pp. 1075-1078.Gass S.I., Ed., “Machine Learning,” in Encyclopedia of Operations Research and Management Science, Boston, MA: Springer US, 2013, pp. 909-909.Z. C. Schreuders, T. McGill, and C. Payne, “The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls,” Comput. Secur, vol. 32, pp. 219-241, Feb. 2013D. P. (Daniel P. Bovet and M. Cesati, Understanding the Linux kernel. United States of America: O’Reilly, 2002.CGFM, “Comando Conjunto Cibernético,” 2018. [Online]. Available: http://www.ccoc.mil.co/.[Accessed: 13-Aug-2018].PONAL, “CSIRT - Equipo de Respuesta a Incidentes Informáticos.” [Online]. Available: https://cc-csirt.policia.gov.co/Sandbox. [Accessed: 13-Aug-2018].Cuckoo sandboxData scienceMachine learningMalware analysisSandboxingCiencia de datosAprendizaje de máquinaAnálisis de malwareLICENSElicense.txttext/plain1881https://repositorio.escuelaing.edu.co/bitstream/001/1474/1/license.txt5a7ca94c2e5326ee169f979d71d0f06eMD51open accessORIGINALBuilding malware classificators usable by State security agencies.pdfapplication/pdf438812https://repositorio.escuelaing.edu.co/bitstream/001/1474/2/Building%20malware%20classificators%20usable%20by%20State%20security%20agencies.pdfb9cf6ca9b33560cb28d3d5af6458a8cdMD52metadata only accessTEXTBuilding malware classificators usable by State security agencies.pdf.txtBuilding malware classificators usable by State security agencies.pdf.txtExtracted texttext/plain54572https://repositorio.escuelaing.edu.co/bitstream/001/1474/3/Building%20malware%20classificators%20usable%20by%20State%20security%20agencies.pdf.txt28800026a093c9f65f174dc1460b9573MD53open accessTHUMBNAILBuilding malware classificators usable by State security agencies.pdf.jpgBuilding malware classificators usable by State security agencies.pdf.jpgGenerated Thumbnailimage/jpeg17379https://repositorio.escuelaing.edu.co/bitstream/001/1474/4/Building%20malware%20classificators%20usable%20by%20State%20security%20agencies.pdf.jpgfab134ab52ef9daa01af418ff1f03f1eMD54open access001/1474oai:repositorio.escuelaing.edu.co:001/14742021-10-01 17:35:15.139metadata only accessRepositorio Escuela Colombiana de Ingeniería Julio Garavitorepositorio.eci@escuelaing.edu.coU0kgVVNURUQgSEFDRSBQQVJURSBERUwgR1JVUE8gREUgUEFSRVMgRVZBTFVBRE9SRVMgREUgTEEgQ09MRUNDScOTTiAiUEVFUiBSRVZJRVciLCBPTUlUQSBFU1RBIExJQ0VOQ0lBLgoKQXV0b3Jpem8gYSBsYSBFc2N1ZWxhIENvbG9tYmlhbmEgZGUgSW5nZW5pZXLDrWEgSnVsaW8gR2FyYXZpdG8gcGFyYSBwdWJsaWNhciBlbCB0cmFiYWpvIGRlIGdyYWRvLCBhcnTDrWN1bG8sIHZpZGVvLCAKY29uZmVyZW5jaWEsIGxpYnJvLCBpbWFnZW4sIGZvdG9ncmFmw61hLCBhdWRpbywgcHJlc2VudGFjacOzbiB1IG90cm8gKGVuICAgIGFkZWxhbnRlIGRvY3VtZW50bykgcXVlIGVuIGxhIGZlY2hhIAplbnRyZWdvIGVuIGZvcm1hdG8gZGlnaXRhbCwgeSBsZSBwZXJtaXRvIGRlIGZvcm1hIGluZGVmaW5pZGEgcXVlIGxvIHB1YmxpcXVlIGVuIGVsIHJlcG9zaXRvcmlvIGluc3RpdHVjaW9uYWwsIAplbiBsb3MgdMOpcm1pbm9zIGVzdGFibGVjaWRvcyBlbiBsYSBMZXkgMjMgZGUgMTk4MiwgbGEgTGV5IDQ0IGRlIDE5OTMsIHkgZGVtw6FzIGxleWVzIHkganVyaXNwcnVkZW5jaWEgdmlnZW50ZQphbCByZXNwZWN0bywgcGFyYSBmaW5lcyBlZHVjYXRpdm9zIHkgbm8gbHVjcmF0aXZvcy4gRXN0YSBhdXRvcml6YWNpw7NuIGVzIHbDoWxpZGEgcGFyYSBsYXMgZmFjdWx0YWRlcyB5IGRlcmVjaG9zIGRlIAp1c28gc29icmUgbGEgb2JyYSBlbiBmb3JtYXRvIGRpZ2l0YWwsIGVsZWN0csOzbmljbywgdmlydHVhbDsgeSBwYXJhIHVzb3MgZW4gcmVkZXMsIGludGVybmV0LCBleHRyYW5ldCwgeSBjdWFscXVpZXIgCmZvcm1hdG8gbyBtZWRpbyBjb25vY2lkbyBvIHBvciBjb25vY2VyLgpFbiBtaSBjYWxpZGFkIGRlIGF1dG9yLCBleHByZXNvIHF1ZSBlbCBkb2N1bWVudG8gb2JqZXRvIGRlIGxhIHByZXNlbnRlIGF1dG9yaXphY2nDs24gZXMgb3JpZ2luYWwgeSBsbyBlbGFib3LDqSBzaW4gCnF1ZWJyYW50YXIgbmkgc3VwbGFudGFyIGxvcyBkZXJlY2hvcyBkZSBhdXRvciBkZSB0ZXJjZXJvcy4gUG9yIGxvIHRhbnRvLCBlcyBkZSBtaSBleGNsdXNpdmEgYXV0b3LDrWEgeSwgZW4gY29uc2VjdWVuY2lhLCAKdGVuZ28gbGEgdGl0dWxhcmlkYWQgc29icmUgw6lsLiBFbiBjYXNvIGRlIHF1ZWphIG8gYWNjacOzbiBwb3IgcGFydGUgZGUgdW4gdGVyY2VybyByZWZlcmVudGUgYSBsb3MgZGVyZWNob3MgZGUgYXV0b3Igc29icmUgCmVsIGRvY3VtZW50byBlbiBjdWVzdGnDs24sIGFzdW1pcsOpIGxhIHJlc3BvbnNhYmlsaWRhZCB0b3RhbCB5IHNhbGRyw6kgZW4gZGVmZW5zYSBkZSBsb3MgZGVyZWNob3MgYXF1w60gYXV0b3JpemFkb3MuIEVzdG8gCnNpZ25pZmljYSBxdWUsIHBhcmEgdG9kb3MgbG9zIGVmZWN0b3MsIGxhIEVzY3VlbGEgYWN0w7phIGNvbW8gdW4gdGVyY2VybyBkZSBidWVuYSBmZS4KVG9kYSBwZXJzb25hIHF1ZSBjb25zdWx0ZSBlbCBSZXBvc2l0b3JpbyBJbnN0aXR1Y2lvbmFsIGRlIGxhIEVzY3VlbGEsIGVsIENhdMOhbG9nbyBlbiBsw61uZWEgdSBvdHJvIG1lZGlvIGVsZWN0csOzbmljbywgCnBvZHLDoSBjb3BpYXIgYXBhcnRlcyBkZWwgdGV4dG8sIGNvbiBlbCBjb21wcm9taXNvIGRlIGNpdGFyIHNpZW1wcmUgbGEgZnVlbnRlLCBsYSBjdWFsIGluY2x1eWUgZWwgdMOtdHVsbyBkZWwgdHJhYmFqbyB5IGVsIAphdXRvci5Fc3RhIGF1dG9yaXphY2nDs24gbm8gaW1wbGljYSByZW51bmNpYSBhIGxhIGZhY3VsdGFkIHF1ZSB0ZW5nbyBkZSBwdWJsaWNhciB0b3RhbCBvIHBhcmNpYWxtZW50ZSBsYSBvYnJhIGVuIG90cm9zIAptZWRpb3MuRXN0YSBhdXRvcml6YWNpw7NuIGVzdMOhIHJlc3BhbGRhZGEgcG9yIGxhcyBmaXJtYXMgZGVsIChsb3MpIGF1dG9yKGVzKSBkZWwgZG9jdW1lbnRvLiAKU8OtIGF1dG9yaXpvIChhbWJvcykK |