Privacy theft malware multi-process collaboration analysis

Authors

  • Lejun Fan,

    1. Research Center of Web Data Science and Engineering, Institute of Computing Technology, Chinese Academy of Science, Beijing, China
    Search for more papers by this author
  • Yuanzhuo Wang,

    Corresponding author
    1. Research Center of Web Data Science and Engineering, Institute of Computing Technology, Chinese Academy of Science, Beijing, China
    • Correspondence: Yuanzhuo Wang, Institute of Computing Technology, Chinese Academy of Science, Beijing, China.

      E-mail: wangyuanzhuo@ict.ac.cn

    Search for more papers by this author
  • Xueqi Cheng,

    1. Research Center of Web Data Science and Engineering, Institute of Computing Technology, Chinese Academy of Science, Beijing, China
    Search for more papers by this author
  • Jinming Li,

    1. Research Center of Web Data Science and Engineering, Institute of Computing Technology, Chinese Academy of Science, Beijing, China
    Search for more papers by this author
  • Shuyuan Jin

    1. Research Center of Web Data Science and Engineering, Institute of Computing Technology, Chinese Academy of Science, Beijing, China
    Search for more papers by this author

ABSTRACT

Privacy theft malware has become a serious and challenging problem to cyber security. Previous methods are of different categories: one focuses on the outbound network traffic and the other one dives into the inside information flow of the program. We incorporate dynamic behavior analysis with network traffic analysis and present an abstract model called Privacy Petri Net (PPN), which is more applicable to various kinds of malware and more understandable to users. In consideration of the multi-process technique adopted by new malware, we also model the collaborative behaviors between different malicious functionality modules with PPN. We apply our approach to real-world malware, and the experiment result shows that our approach can effectively find categories, content, source, and destination of the privacy theft behavior of the malware sample. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary