Amur G. Tokhtabayev, Batyrulan Aimyshev, Y. Seitkulov
{"title":"tBox: A system to protect a \"bad\" user from targeted and user-oriented attacks","authors":"Amur G. Tokhtabayev, Batyrulan Aimyshev, Y. Seitkulov","doi":"10.1109/ICAICT.2014.7035913","DOIUrl":null,"url":null,"abstract":"We introduce tBox system that enables protection from targeted and user-oriented attacks. Such attacks relay on users mistakes such as misinterpreting or ignoring security alerts, which leads to proliferation of malicious objects inside trusted perimeter of cyber-security systems (e.g. exclusion list of AV). These attacks include strategic web compromise, spear phishing, insider threat and social network malware. Moreover, targeted attacks often deliver zero-day malware that is made difficult to be detected, e.g. due to distributed malicious payload. The tBox system allows for protecting even a \"bad\" user who does not cooperate with security products. To accomplish this, tBox seamlessly transfers user activity with vulnerable applications into specific virtual environment that provides three key factors: user-activity isolation, behavior self-monitoring and security inheritance for user-carried objects. To provide self-monitoring, our team developed a novel technology for deep dynamic analysis of system-wide behavior, which allows for run-time recognition of malicious functionalities including obfuscated and distributed ones. We evaluate the tBox prototype with corpus of real malware families. Results show high efficiency of tBox in detecting and blocking malware while having low system overhead.","PeriodicalId":103329,"journal":{"name":"2014 IEEE 8th International Conference on Application of Information and Communication Technologies (AICT)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 8th International Conference on Application of Information and Communication Technologies (AICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAICT.2014.7035913","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
We introduce tBox system that enables protection from targeted and user-oriented attacks. Such attacks relay on users mistakes such as misinterpreting or ignoring security alerts, which leads to proliferation of malicious objects inside trusted perimeter of cyber-security systems (e.g. exclusion list of AV). These attacks include strategic web compromise, spear phishing, insider threat and social network malware. Moreover, targeted attacks often deliver zero-day malware that is made difficult to be detected, e.g. due to distributed malicious payload. The tBox system allows for protecting even a "bad" user who does not cooperate with security products. To accomplish this, tBox seamlessly transfers user activity with vulnerable applications into specific virtual environment that provides three key factors: user-activity isolation, behavior self-monitoring and security inheritance for user-carried objects. To provide self-monitoring, our team developed a novel technology for deep dynamic analysis of system-wide behavior, which allows for run-time recognition of malicious functionalities including obfuscated and distributed ones. We evaluate the tBox prototype with corpus of real malware families. Results show high efficiency of tBox in detecting and blocking malware while having low system overhead.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
