A Cryptographic Provenance Verification Approach for Host-Based Malware Detection

Free registration required

Executive Summary

This paper presents a malware detection approach by focusing on the characteristic behaviors of human users. The paper explores the human-malware differences and utilizes them to aid the detection of infected hosts. There are two main research challenges in this study: one is how to select characteristic behavior features, and the other is how to prevent malware forgeries. The paper addresses both questions in this paper. A cryptographic provenance verification technique is described. Its two applications are demonstrated in keystroke-based bot identification and rootkit traffic detection. Specifically, the paper first presents the design and implementation of a remote authentication framework called TUBA for monitoring a user's typing patterns and verifying their integrity.

  • Format: PDF
  • Size: 338 KB