The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity

Enrico Mariconti, Jeremiah Onaolapo, Gordon Ross, Gianluca Stringhini

Research output: Contribution to conferencePaperpeer-review

Abstract / Description of output

Malware samples are created at a pace that makes it difficult for analysis to keep up. When analyzing an unknown malware sample, it is important to assess its capabilities to determine how much damage it can make to its victims, and perform prioritization decisions on which threats should be dealt with first. In a corporate environment, for example, a malware infection that is able to steal financial information is much more critical than one that is sending email spam, and should be dealt with the highest priority. In this paper we present a statistical approach able to determine causality relations between a specific trigger action (e.g., a user visiting a certain website in the browser) and a malware sample. We show that we can learn the typology of a malware sample by presenting it with a number of trigger actions commonly performed by users, and studying to which events the malware reacts. We show that our approach is able to correctly infer causality relations between information stealing malware and login events on websites, as well as between adware and websites containing advertisements.
Original languageEnglish
Number of pages8
Publication statusPublished - Aug 2017
Event10th USENIX Workshop on Cyber Security Experimentation and Test - Vancouver, Canada
Duration: 14 Aug 2017 → …

Conference

Conference10th USENIX Workshop on Cyber Security Experimentation and Test
Abbreviated titleCSET '17
Country/TerritoryCanada
CityVancouver
Period14/08/17 → …

Fingerprint

Dive into the research topics of 'The Cause of All Evils: Assessing Causality Between User Actions and Malware Activity'. Together they form a unique fingerprint.

Cite this