000078070 001__ 78070
000078070 005__ 20191122145059.0
000078070 0247_ $$2doi$$a10.1007/978-3-319-67180-2_57
000078070 0248_ $$2sideral$$a101558
000078070 037__ $$aART-2018-101558
000078070 041__ $$aeng
000078070 100__ $$aBotas, Á.
000078070 245__ $$aEmpirical study to fingerprint public malware analysis services
000078070 260__ $$c2018
000078070 5060_ $$aAccess copy available to the general public$$fUnrestricted
000078070 5203_ $$aThe evolution of malicious software (malware) analysis tools provided controlled, isolated, and virtual environments to analyze malware samples. Several services are found on the Internet that provide to users automatic system to analyze malware samples, as VirusTotal, Jotti, or ClamAV, to name a few. Unfortunately, malware is currently incorporating techniques to recognize execution onto a virtual or sandbox environment. When analysis environment is detected, malware behave as a benign application or even show no activity. In this work, we present an empirical study and characterization of automatic public malware analysis services. In particular, we consider 26 different services. We also show a set of features that allow to easily fingerprint these services as analysis environments. Finally, we propose a method to mitigate fingerprinting.
000078070 536__ $$9info:eu-repo/grantAgreement/ES/MINECO/TIN2014-58457-R$$9info:eu-repo/grantAgreement/ES/UZ/CUD2016-TEC-06
000078070 540__ $$9info:eu-repo/semantics/openAccess$$aby-nc-nd$$uhttp://creativecommons.org/licenses/by-nc-nd/3.0/es/
000078070 592__ $$a0.174$$b2018
000078070 593__ $$aControl and Systems Engineering$$c2018$$dQ3
000078070 593__ $$aComputer Science (miscellaneous)$$c2018$$dQ3
000078070 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/acceptedVersion
000078070 700__ $$0(orcid)0000-0001-7982-0359$$aRodríguez, R.J.
000078070 700__ $$aMatellán, V.
000078070 700__ $$aGarcía, J.F.
000078070 773__ $$g649 (2018), 589-599$$pAdv. intell. sys. comput.$$tAdvances in intelligent systems and computing$$x2194-5357
000078070 8564_ $$s400015$$uhttps://zaguan.unizar.es/record/78070/files/texto_completo.pdf$$yPostprint
000078070 8564_ $$s67006$$uhttps://zaguan.unizar.es/record/78070/files/texto_completo.jpg?subformat=icon$$xicon$$yPostprint
000078070 909CO $$ooai:zaguan.unizar.es:78070$$particulos$$pdriver
000078070 951__ $$a2019-11-22-14:47:45
000078070 980__ $$aARTICLE