short-paper

An Experimental Analysis of Windows Log Events Triggered by Malware

Authors:

Arpan Man Sainju,

Travis AtkisonAuthors Info & Claims

ACMSE '17: Proceedings of the 2017 ACM Southeast Conference

Pages 195 - 198

https://doi.org/10.1145/3077286.3077295

Published: 13 April 2017 Publication History

Abstract

According to the 2016 Internet Security Threat Report by Symantec, there are around 431 million variants of malware known. This effort focuses on malware used for spying on user's activities, remotely controlling devices, and identity and credential theft within a Windows based operating system. As Windows operating systems create and maintain a log of all events that are encountered, various malware are tested on virtual machines to determine what events they trigger in the Windows logs. The observations are compiled into Operating System specific lookup tables that can then be used to find the tested malware on other computers with the same Operating System.

References

[1]

2004. State of Connecticut v. Amero case 2004. (2004). https://en.wikipedia.org/wiki/Connecticut_v._Amero.

[2]

2016. Agobot. (2016). https://en.wikipedia.org/wiki/Agobot.

[3]

2016. ZeroAccess botnet. (2016). https://en.wikipedia.org/wiki/ZeroAccess_botnet.

[4]

2016. Zeus (malware). (2016). https://en.wikipedia.org/wiki/Zeus_(malware).

[5]

John Aycock. 2006. Computer viruses and malware. Vol. 22. Springer Science & Business Media.

Digital Library

[6]

M. Barwise. 2010. What is an internet worm? (2010). http://www.bbc.co.uk/webwise/guides/internet-worms.

[7]

Malware Protection Center. 2016. Randsomware. (2016). https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx.

[8]

Dennis Distler and Charles Hornat. 2007. Malware analysis: An introduction. SANS Institute InfoSec Reading Room (2007).

[9]

Toshihisa Fujii, William L Call, and Abhijit P Rane. 1999. Error management system for supporting the identification and logging of error messages. (April 6 1999). US Patent 5,892,898.

[10]

S. Gettis. 2003. Backdoor.Gaobot. (2003). https://www.symantec.com/securit_response/writeup.jsp?docid=2003-080607-5215-99.

[11]

A. Gudmundsson. 2002. W32.Kelz.E@mm. (2002). https://www.symantec.com/security_response/writeup.jsp?docid=2002-011716-2500-99.

[12]

Lorine A Hughes and Gregory J DeLone. 2007. Viruses, worms, and trojan horses: Serious crimes, nuisance, or both? Social science computer review 25, 1 (2007), 78--98.

Digital Library

[13]

S. Karpe. 2013. Trojan.Bladabindi. (2013). https://www.symantec.com/security_response/writeup.jsp?docid=2013-072415-3728-99.

[14]

Lizard Labs. 2016. Log Parser Lizard. (2016). http://www.lizard-labs.com/log_parser_lizard.aspx.

[15]

Malwarebytes. 2016. Pacman's Portal. (2016). http://www.pacs-portal.co.uk.

[16]

Robert A Milford. 2011. Method for transforming and consolidating fields in log records from logs generated on different operating systems. (Dec. 27 2011). US Patent 8,086,650.

[17]

Michelle D Mullinix. 2013. An Analysis of Microsoft Event Logs. Ph.D. Dissertation. Utica College.

[18]

B. Nahorney and N. Falliere. 2010. Trojan.Zbot. (2010). https://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99.

[19]

L. Rocha. 2015. Digital Forensics - Supertimeline and Event Logs. https://countuponsecurity.com/2015/11/23/digital-forensics-supertimeline-event-logs-part-i/.

[20]

Seref Sagiroglu and Gurol Canbek. 2009. Keyloggers. IEEE technology and society magazine 28, 3 (2009), 10--17.

[21]

Ramendra K Sahoo, Adam J Oliner, Irina Rish, Manish Gupta, José E Moreira, Sheng Ma, Ricardo Vilalta, and Anand Sivasubramaniam. 2003. Critical event prediction for proactive management in large-scale computer clusters. In Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 426--435.

Digital Library

[22]

S. Sevcenco. 2003. Backdoor.Graybird. (2003). https://www.symantec.com/security_response/writeup.jsp?docid=2003-040217-2506-99.

[23]

J. Shearer. 2011. Trojan.Zeroaccess. (2011). https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99.

[24]

J. Shearer and H. Lau. 2005. Trojan.Mdropper. (2005). https://www.symantec.com/security_response/writeup.jsp?docid=2005-031911-0600-99.

[25]

Cristina Simache, Mohamed Kaâniche, and Ayda Saidane. 2002. Event Log based Dependability Analysis of Windows NT and 2K Systems. In PRDC, Vol. 2. Citeseer, 311.

Digital Library

[26]

B. Stillinger. 2013. The Importance of Digital Forensics. (2013). http://investigatesc.com/importance-digital-forensics/.

[27]

Symantec. 2016. Software Backdoor. (2016). http://www.pctools.com/security-news/software-backdoors/.

[28]

Symantec. 2016. What do computer virus do? (2016). http://www.pctools.com/security-news/what-do-computer-viruses-do/.

[29]

Symantec. 2016. What is Trojan Virus? (2016). http://www.pctools.com/security-news/what-is-a-trojan-virus/.

[30]

Technet.microsoft.com. 2016. Event Logs. (2016). https://technet.microsoft.com/en-us/library/cc722404(v=ws.11).aspx.

[31]

Technet.microsoft.com. 2016. Event Subscriptions. (2016). https://technet.microsoft.com/en-us/library/cc749183.aspx.

[32]

A. Thigpen and E. Chien. 2006. W32.Sality. (2006). https://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99.

Cited By

Hughes NZiemak EMartinez CStout P(2021)Toward a cost–benefit analysis of quality programs in digital forensic laboratories in the United StatesWIREs Forensic Science10.1002/wfs2.14224:1Online publication date: 13-May-2021
https://doi.org/10.1002/wfs2.1422
Meena AHubballi NSingh YBhatia VFranke K(2020)Network Security Systems Log Analysis for Trends and Insights: A Case Study2020 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)10.1109/ANTS50601.2020.9342776(1-6)Online publication date: 14-Dec-2020
https://dl.acm.org/doi/10.1109/ANTS50601.2020.9342776
Hernández Jiménez JGoseva-Popstojanova K(2020)Using Four Modalities for Malware Detection Based on Feature Level and Decision Level FusionAdvanced Information Networking and Applications10.1007/978-3-030-44041-1_117(1383-1396)Online publication date: 28-Mar-2020
https://doi.org/10.1007/978-3-030-44041-1_117
Show More Cited By

Recommendations

The Detection of 8 Type Malware botnet using Hybrid Malware Analysis in Executable File Windows Operating Systems
ICEC '15: Proceedings of the 17th International Conference on Electronic Commerce 2015

Nowadays a lot of botnet are being used for the purpose of cybercrime such as distributed denial of services (DDos) or information stealing. Botnet is a collection of computers connected through Internet that has been taken over by an attacker using ...
Windows Virus and Malware Troubleshooting
Malware Analysis: Tools and Techniques
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

Malicious code is a serious issue which regularly threatens the security of computer systems and act as a challenging task for cyber security& Information security personals. Malicious code is named differently according to their specification such as ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ACMSE '17: Proceedings of the 2017 ACM Southeast Conference

April 2017

275 pages

ISBN:9781450350242

DOI:10.1145/3077286

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

ACM SE '17

Sponsor:

ACM

ACM SE '17: SouthEast Conference

April 13 - 15, 2017

GA, Kennesaw, USA

Acceptance Rates

ACMSE '17 Paper Acceptance Rate 21 of 34 submissions, 62%;

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
338
Total Downloads

Downloads (Last 12 months)31
Downloads (Last 6 weeks)7

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hughes NZiemak EMartinez CStout P(2021)Toward a cost–benefit analysis of quality programs in digital forensic laboratories in the United StatesWIREs Forensic Science10.1002/wfs2.14224:1Online publication date: 13-May-2021
https://doi.org/10.1002/wfs2.1422
Meena AHubballi NSingh YBhatia VFranke K(2020)Network Security Systems Log Analysis for Trends and Insights: A Case Study2020 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)10.1109/ANTS50601.2020.9342776(1-6)Online publication date: 14-Dec-2020
https://dl.acm.org/doi/10.1109/ANTS50601.2020.9342776
Hernández Jiménez JGoseva-Popstojanova K(2020)Using Four Modalities for Malware Detection Based on Feature Level and Decision Level FusionAdvanced Information Networking and Applications10.1007/978-3-030-44041-1_117(1383-1396)Online publication date: 28-Mar-2020
https://doi.org/10.1007/978-3-030-44041-1_117
Zhdanov A(2019)Generation of Static YARA-Signatures Using Genetic Algorithm2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW.2019.00031(220-228)Online publication date: Jun-2019
https://doi.org/10.1109/EuroSPW.2019.00031
Hernandez Jimenez JGoseva-Popstojanova K(2018)The Effect on Network Flows-Based Features and Training Set Size on Malware Detection2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)10.1109/NCA.2018.8548325(1-9)Online publication date: Nov-2018
https://doi.org/10.1109/NCA.2018.8548325

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents