Building malware classificators usable by State security agencies

Sandboxing has been used regularly to analyze software samples and determine if these contain suspicious properties or behaviors. Even if sandboxing is a powerful technique to perform malware analysis, it requires that a malware analyst performs a rigorous analysis of the results to determine the na...

Full description

Autores:
Useche-Peláez, David Esteban
Díaz-López, Daniel Orlando
Sepúlveda-Alzate, Daniela
Cabuya-Padilla, Diego Edison
Tipo de recurso:
Fecha de publicación:
2018
Institución:
Universidad Santo Tomás
Repositorio:
Repositorio Institucional USTA
Idioma:
spa
OAI Identifier:
oai:repository.usta.edu.co:11634/36191
Acceso en línea:
http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072
http://hdl.handle.net/11634/36191
Palabra clave:
Rights
License
Copyright (c) 2018 ITECKNE
id SANTTOMAS2_00967cdace69a6788190f3dbbb4960d3
oai_identifier_str oai:repository.usta.edu.co:11634/36191
network_acronym_str SANTTOMAS2
network_name_str Repositorio Institucional USTA
repository_id_str
spelling Useche-Peláez, David EstebanDíaz-López, Daniel OrlandoSepúlveda-Alzate, DanielaCabuya-Padilla, Diego Edison2021-09-24T13:17:51Z2021-09-24T13:17:51Z2018-12-07http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/207210.15332/iteckne.v15i2.2072http://hdl.handle.net/11634/36191Sandboxing has been used regularly to analyze software samples and determine if these contain suspicious properties or behaviors. Even if sandboxing is a powerful technique to perform malware analysis, it requires that a malware analyst performs a rigorous analysis of the results to determine the nature of the sample: goodware or malware. This paper proposes two machine learning models able to classify samples based on signatures and permissions obtained through Cuckoo sandbox, Androguard and VirusTotal. The developed models are also tested obtaining an acceptable percentage of correctly classified samples, being in this way useful tools for a malware analyst. A proposal of architecture for an IoT sentinel that uses one of the developed machine learning model is also showed. Finally, different approaches, perspectives, and challenges about the use of sandboxing and machine learning by security teams in State security agencies are also shared.El sandboxing ha sido usado de manera regular para analizar muestras de software y determinar si estas contienen propiedades o comportamientos sospechosos. A pesar de que el sandboxing es una técnica poderosa para desarrollar análisis de malware, esta requiere que un analista de malware desarrolle un análisis riguroso de los resultados para determinar la naturaleza de la muestra: goodware o malware. Este artículo propone dos modelos de aprendizaje automáticos capaces de clasificar muestras con base a un análisis de firmas o permisos extraídos por medio de Cuckoo sandbox, Androguard y VirusTotal. En este artículo también se presenta una propuesta de arquitectura de centinela IoT que protege dispositivos IoT, usando uno de los modelos de aprendizaje automáticos desarrollados anteriormente. Finalmente, diferentes enfoques y perspectivas acerca del uso de sandboxing y aprendizaje automático por parte de agencias de seguridad del Estado también son aportados.application/pdfspaUniversidad Santo Tomás. Seccional Bucaramangahttp://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072/1612ITECKNE; Vol 15 No 2 (2018); 107-121ITECKNE; Vol 15 No 2 (2018); 107-1212339-34831692-1798Copyright (c) 2018 ITECKNEhttp://purl.org/coar/access_right/c_abf2Building malware classificators usable by State security agenciesConstrucción de clasificadores de malware para agencias de seguridad del Estadoinfo:eu-repo/semantics/articlehttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_2df8fbb111634/36191oai:repository.usta.edu.co:11634/361912023-07-14 16:20:58.553metadata only accessRepositorio Universidad Santo Tomásnoreply@usta.edu.co
dc.title.spa.fl_str_mv Building malware classificators usable by State security agencies
dc.title.alternative.eng.fl_str_mv Construcción de clasificadores de malware para agencias de seguridad del Estado
title Building malware classificators usable by State security agencies
spellingShingle Building malware classificators usable by State security agencies
title_short Building malware classificators usable by State security agencies
title_full Building malware classificators usable by State security agencies
title_fullStr Building malware classificators usable by State security agencies
title_full_unstemmed Building malware classificators usable by State security agencies
title_sort Building malware classificators usable by State security agencies
dc.creator.fl_str_mv Useche-Peláez, David Esteban
Díaz-López, Daniel Orlando
Sepúlveda-Alzate, Daniela
Cabuya-Padilla, Diego Edison
dc.contributor.author.none.fl_str_mv Useche-Peláez, David Esteban
Díaz-López, Daniel Orlando
Sepúlveda-Alzate, Daniela
Cabuya-Padilla, Diego Edison
description Sandboxing has been used regularly to analyze software samples and determine if these contain suspicious properties or behaviors. Even if sandboxing is a powerful technique to perform malware analysis, it requires that a malware analyst performs a rigorous analysis of the results to determine the nature of the sample: goodware or malware. This paper proposes two machine learning models able to classify samples based on signatures and permissions obtained through Cuckoo sandbox, Androguard and VirusTotal. The developed models are also tested obtaining an acceptable percentage of correctly classified samples, being in this way useful tools for a malware analyst. A proposal of architecture for an IoT sentinel that uses one of the developed machine learning model is also showed. Finally, different approaches, perspectives, and challenges about the use of sandboxing and machine learning by security teams in State security agencies are also shared.
publishDate 2018
dc.date.issued.none.fl_str_mv 2018-12-07
dc.date.accessioned.none.fl_str_mv 2021-09-24T13:17:51Z
dc.date.available.none.fl_str_mv 2021-09-24T13:17:51Z
dc.type.coarversion.fl_str_mv http://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.coar.fl_str_mv http://purl.org/coar/resource_type/c_2df8fbb1
dc.type.drive.none.fl_str_mv info:eu-repo/semantics/article
dc.identifier.none.fl_str_mv http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072
10.15332/iteckne.v15i2.2072
dc.identifier.uri.none.fl_str_mv http://hdl.handle.net/11634/36191
url http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072
http://hdl.handle.net/11634/36191
identifier_str_mv 10.15332/iteckne.v15i2.2072
dc.language.iso.none.fl_str_mv spa
language spa
dc.relation.none.fl_str_mv http://revistas.ustabuca.edu.co/index.php/ITECKNE/article/view/2072/1612
dc.relation.citationissue.spa.fl_str_mv ITECKNE; Vol 15 No 2 (2018); 107-121
dc.relation.citationissue.eng.fl_str_mv ITECKNE; Vol 15 No 2 (2018); 107-121
dc.relation.citationissue.none.fl_str_mv 2339-3483
1692-1798
dc.rights.eng.fl_str_mv Copyright (c) 2018 ITECKNE
dc.rights.coar.fl_str_mv http://purl.org/coar/access_right/c_abf2
rights_invalid_str_mv Copyright (c) 2018 ITECKNE
http://purl.org/coar/access_right/c_abf2
dc.format.mimetype.none.fl_str_mv application/pdf
dc.publisher.eng.fl_str_mv Universidad Santo Tomás. Seccional Bucaramanga
institution Universidad Santo Tomás
repository.name.fl_str_mv Repositorio Universidad Santo Tomás
repository.mail.fl_str_mv noreply@usta.edu.co
_version_ 1782026401093779456