Interactive, Visual-aided Tools To Analyze Malware Behavior

Malicious software attacks can disrupt information systems, violating security principles of availability, confidentiality and integrity. Attackers use malware to gain control, steal data, keep access and cover traces left on the compromised systems. The dynamic analysis of malware is useful to obtain an execution trace that can be used to assess the extent of an attack, to do incident response and to point to adequate counter-measures. An analysis of the captured malware can provide analysts with information about its behavior, allowing them to review the malicious actions performed during its execution on the target. The behavioral data gathered during the analysis consists of filesystem and network activity traces; a security analyst would have a hard time sieving through a maze of textual event data in search of relevant information. We present a behavioral event visualization framework that allows for an easier realization of the malicious chain of events and for quickly spotting interesting actions performed during a security compromise. Also, we analyzed more than 400 malware samples from different families and showed that they can be classified based on their visual signature. Finally, we distribute one of our tools to be freely used by the community. © 2012 Springer-Verlag.7336 LNCSPART 4302313Universidade Federal da Bahia (UFBA),Universidade Federal do Reconcavo da Bahia (UFRB),Universidade Estadual de Feira de Santana (UEFS),University of Perugia,University of Basilicata (UB)Buehlmann, S., Liebchen, C., Joebox: A Secure Sandbox Application for Windows to Analyse the Behaviour of Malware, , http://www.joebox.orgClam Antivirus, , http://www.clamav.netConti, G., Dean, E., Sinda, M., Sangster, B., Visual Reverse Engineering of Binary and Data Files (2008) LNCS, 5210, pp. 1-17. , Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. Springer, HeidelbergEick, S.G., Steffen, J.L., Sumner Jr., E.E., Seesoft-A Tool for Visualizing Line Oriented Software Statistics (1992) IEEE Transactions on Software Engineering, 18 (11), pp. 957-968Grégio, A.R.A., Oliveira, I.L., Dos Santos, R.D.C., Cansian, A.M., De Geus, P.L., Malware distributed collection and pre-classification system using honeypot technology (2009) Proceedings of SPIE, 7344, pp. 73440B-73440B10Grégio, A.R.A., Fernandes Filho, D.S., Afonso, V.M., Dos Santos, R.D.C., Jino, M., De Geus, P.L., Behavioral analysis of malicious code through network traffic and system call monitoring (2011) Proceedings of SPIE, 8059, pp. 80590O-80590O10http://dionaea.carnivore.it, The Honeynet ProjectKruegel, C., Kirda, E., Bayer, U., Ttanalyze: A tool for analyzing malware Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference (2006)MBS Tool. Malicious Behavior's Spiral - Beta Version, , http://www.las.ic.unicamp.br/~gregio/mbsProvos, N., Holz, T., (2007) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, , Addison-Wesley ProfessionalProvos, N., Honeyd - A Virtual Honeypot Daemon 10th DFNCERT Workshop (2003)Quist, D., Liebrock, L., Visualizing Compiled Executables for Malware Analysis (2009) Proceedings of the Workshop on Visualization for Cyber Security, pp. 27-32Read, H., Xynos, K., Blyth, A., Presenting DEViSE: Data Exchange for Visualizing Security Events (2009) IEEE Computer Graphics and Applications, 29, pp. 6-11http://www.threatexpert.comTrinius, P., Holz, T., Gobel, J., Freiling, F.C., Visual analysis of malware behavior using treemaps and thread graphs (2009) International Workshop on Visualization for Cyber Security(VizSec), pp. 33-3

Physical and chemical attributes of archaeological soils developed from shell middens in the Região dos Lagos, Rio de Janeiro, Brazil

In prehistoric times, innumerous shell middens, called "sambaquis", consisting mainly of remains of marine organisms, were built along the Brazilian coast. Although the scientific community took interest in these anthropic formations, especially since the nineteenth century, their pedological context is still poorly understood. The purpose of this study was to characterize and identify the physical and chemical changes induced by soil-forming processes, as well as to compare the morphology of shell midden soils with other, already described, anthropogenic soils of Brazil. Four soil profiles developed from shell middens in the Região dos Lagos - RJ were morphologically described and the physical and chemical properties determined. The chemical analysis showed that Ca, Mn, Mg, and particularly P and Zn are indicators of anthropic horizons of midden soils, as in the Amazon Dark Earths (Terras Pretas de Índio). After the deposition of P-rich material, P reaction and leaching can mask or disturb the evidence of in situ man-made strata, but mineralogical and chemical studies of phosphate forms can elucidate the apparent complexity. Lower phosphate-rich strata without direct anthropic inputs indicate P leaching and precipitation in secondary forms. The total and bioavailable contents of Ca, Mg, Zn, Mn, Cu, P, and organic C of midden soils were much higher than of regional soils without influence of ancient human settlements, demonstrating that the high fertility persisted for long periods, at some sites for more than 4000 years. The physical analysis showed that wind-blown sand contributed significantly to increase the sand fraction in the analyzed soils (texture classes sand, sandy loam and sandy clay loam) and that the aeolian sand accumulation occurred simultaneously with the midden formation