Using Dynamic Taint Approach for Malware Threat

P. Wang, W-H. Lin, W-J. Chao, Kuo-Ming Chao, C-C. Lo

Research output: Contribution to conferencePaper

2 Citations (Scopus)

Abstract

Most existing approaches focus on examining the values are dangerous for information flow within inter-suspicious modules of cloud applications (apps) in a host by using malware threat analysis, rather than the risk posed by suspicious apps were connected to the cloud computing server. Accordingly, this paper proposes a taint propagation analysis model incorporating a weighted spanning tree analysis scheme to track data with taint marking using several taint checking tools. In the proposed model, Android programs perform dynamic taint propagation to analyse the spread of and risks posed by suspicious apps were connected to the cloud computing server. In determining the risk of taint propagation, risk and defence capability are used for each taint path for assisting a defender in recognising the attack results against network threats caused by malware infection and estimate the losses of associated taint sources. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach. Our approach verified the details of an attack sequence for malware infection by incorporating a finite state machine (FSM) to appropriately reflect the real situations at various configuration settings and safeguard deployment. The experimental results proved that the threat analysis model allows a defender to convert the spread of taint propagation to loss and practically estimate the risk of a specific threat by using behavioural analysis with real malware infection.
Original languageEnglish
Pages408 - 416
DOIs
Publication statusPublished - 2015
EventIEEE 12th International Conference on e-Business Engineering - Beijing, China
Duration: 23 Oct 201525 Oct 2015

Conference

ConferenceIEEE 12th International Conference on e-Business Engineering
Abbreviated titleICEBE
CountryChina
CityBeijing
Period23/10/1525/10/15

Fingerprint

Cloud computing
Servers
Finite automata
Malware

Keywords

  • Dynamic taint propagation
  • Finite state machine
  • Malware behavioural analysis
  • Threat analysis

Cite this

Wang, P., Lin, W-H., Chao, W-J., Chao, K-M., & Lo, C-C. (2015). Using Dynamic Taint Approach for Malware Threat. 408 - 416. Paper presented at IEEE 12th International Conference on e-Business Engineering, Beijing, China. https://doi.org/10.1109/ICEBE.2015.75

Using Dynamic Taint Approach for Malware Threat. / Wang, P.; Lin, W-H.; Chao, W-J.; Chao, Kuo-Ming; Lo, C-C.

2015. 408 - 416 Paper presented at IEEE 12th International Conference on e-Business Engineering, Beijing, China.

Research output: Contribution to conferencePaper

Wang, P, Lin, W-H, Chao, W-J, Chao, K-M & Lo, C-C 2015, 'Using Dynamic Taint Approach for Malware Threat' Paper presented at IEEE 12th International Conference on e-Business Engineering, Beijing, China, 23/10/15 - 25/10/15, pp. 408 - 416. https://doi.org/10.1109/ICEBE.2015.75
Wang P, Lin W-H, Chao W-J, Chao K-M, Lo C-C. Using Dynamic Taint Approach for Malware Threat. 2015. Paper presented at IEEE 12th International Conference on e-Business Engineering, Beijing, China. https://doi.org/10.1109/ICEBE.2015.75
Wang, P. ; Lin, W-H. ; Chao, W-J. ; Chao, Kuo-Ming ; Lo, C-C. / Using Dynamic Taint Approach for Malware Threat. Paper presented at IEEE 12th International Conference on e-Business Engineering, Beijing, China.
@conference{b80c0243fbfb450e95f68c4b80fbcd61,
title = "Using Dynamic Taint Approach for Malware Threat",
abstract = "Most existing approaches focus on examining the values are dangerous for information flow within inter-suspicious modules of cloud applications (apps) in a host by using malware threat analysis, rather than the risk posed by suspicious apps were connected to the cloud computing server. Accordingly, this paper proposes a taint propagation analysis model incorporating a weighted spanning tree analysis scheme to track data with taint marking using several taint checking tools. In the proposed model, Android programs perform dynamic taint propagation to analyse the spread of and risks posed by suspicious apps were connected to the cloud computing server. In determining the risk of taint propagation, risk and defence capability are used for each taint path for assisting a defender in recognising the attack results against network threats caused by malware infection and estimate the losses of associated taint sources. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach. Our approach verified the details of an attack sequence for malware infection by incorporating a finite state machine (FSM) to appropriately reflect the real situations at various configuration settings and safeguard deployment. The experimental results proved that the threat analysis model allows a defender to convert the spread of taint propagation to loss and practically estimate the risk of a specific threat by using behavioural analysis with real malware infection.",
keywords = "Dynamic taint propagation, Finite state machine, Malware behavioural analysis, Threat analysis",
author = "P. Wang and W-H. Lin and W-J. Chao and Kuo-Ming Chao and C-C. Lo",
year = "2015",
doi = "10.1109/ICEBE.2015.75",
language = "English",
pages = "408 -- 416",
note = "IEEE 12th International Conference on e-Business Engineering, ICEBE ; Conference date: 23-10-2015 Through 25-10-2015",

}

TY - CONF

T1 - Using Dynamic Taint Approach for Malware Threat

AU - Wang, P.

AU - Lin, W-H.

AU - Chao, W-J.

AU - Chao, Kuo-Ming

AU - Lo, C-C.

PY - 2015

Y1 - 2015

N2 - Most existing approaches focus on examining the values are dangerous for information flow within inter-suspicious modules of cloud applications (apps) in a host by using malware threat analysis, rather than the risk posed by suspicious apps were connected to the cloud computing server. Accordingly, this paper proposes a taint propagation analysis model incorporating a weighted spanning tree analysis scheme to track data with taint marking using several taint checking tools. In the proposed model, Android programs perform dynamic taint propagation to analyse the spread of and risks posed by suspicious apps were connected to the cloud computing server. In determining the risk of taint propagation, risk and defence capability are used for each taint path for assisting a defender in recognising the attack results against network threats caused by malware infection and estimate the losses of associated taint sources. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach. Our approach verified the details of an attack sequence for malware infection by incorporating a finite state machine (FSM) to appropriately reflect the real situations at various configuration settings and safeguard deployment. The experimental results proved that the threat analysis model allows a defender to convert the spread of taint propagation to loss and practically estimate the risk of a specific threat by using behavioural analysis with real malware infection.

AB - Most existing approaches focus on examining the values are dangerous for information flow within inter-suspicious modules of cloud applications (apps) in a host by using malware threat analysis, rather than the risk posed by suspicious apps were connected to the cloud computing server. Accordingly, this paper proposes a taint propagation analysis model incorporating a weighted spanning tree analysis scheme to track data with taint marking using several taint checking tools. In the proposed model, Android programs perform dynamic taint propagation to analyse the spread of and risks posed by suspicious apps were connected to the cloud computing server. In determining the risk of taint propagation, risk and defence capability are used for each taint path for assisting a defender in recognising the attack results against network threats caused by malware infection and estimate the losses of associated taint sources. Finally, a case of threat analysis of a typical cyber security attack is presented to demonstrate the proposed approach. Our approach verified the details of an attack sequence for malware infection by incorporating a finite state machine (FSM) to appropriately reflect the real situations at various configuration settings and safeguard deployment. The experimental results proved that the threat analysis model allows a defender to convert the spread of taint propagation to loss and practically estimate the risk of a specific threat by using behavioural analysis with real malware infection.

KW - Dynamic taint propagation

KW - Finite state machine

KW - Malware behavioural analysis

KW - Threat analysis

U2 - 10.1109/ICEBE.2015.75

DO - 10.1109/ICEBE.2015.75

M3 - Paper

SP - 408

EP - 416

ER -