Upload
mdevtalk
View
199
Download
1
Embed Size (px)
Citation preview
Zrod nové technologie!
Watchdog
SEEMP
Sphinx
CPU Shield
Instruction Shield
Behavioral Shield
QMPQSSP
Příklad
BEHAVIOR_CALLBACK [time=57931, pn=com.reptilicus, pid=4763, uid=10303,
result=null, foreground=false, behaviorVector=[2510.440918037377, 0.0, 3232.0, 0.0,
1428.0, 0.0, ~, 0.0, 2.0, 0.0, ~, 0.0, 0.05291005292964923, 0.0, 3.0, 0.0, 1.0, 0.0, ~, 0.0,
1.0, 0.0, 1.0, 0.0, ~, 0.0, 0.07610499858856201, 0.0, 62.0, 0.0, ~, 0.0, 14.0, 3.0, 0.0, ~, 0.0,
3.0, 0.0, ~, 0.0]
VECTOR_VALUE [COMM1_BG: 2510.440918037377]
VECTOR_VALUE [COMM2_BG: 3232.0]
VECTOR_VALUE [ACCESSUI_FG: 1428.0]
VECTOR_VALUE [ACCESSLOCATION1_BG: 2.0]
VECTOR_VALUE [PROCESSLOCATIONINFO1_FG: 0.05291005292964923]
VECTOR_VALUE [PROCESSLOCATIONINFO2_BG: 3.0]
VECTOR_VALUE [ACCESSUISETTINGS_FG: 1.0]
VECTOR_VALUE [ACCESSTEXTENTRYSETTINGS_FG: 1.0]
VECTOR_VALUE [ACCESSAUDIOSETTINGS_FG: 1.0]
VECTOR_VALUE [DATATRANSFER1_BG: 0.07610499858856201]
VECTOR_VALUE [DATATRANSFER2_BG: 62.0]
VECTOR_VALUE [FULLSCREENWINDOW1_FG: 14.0]
VECTOR_VALUE [ACCESSOPERATORINFO1_BG: 3.0]
VECTOR_VALUE [PROCESSOPERATORINFO1_BG: 3.0]
Model• Soubor pravidel (vážené součty)
• Bepečně uložen v TrustZone
• Možné různé přístupy modelování chování:
• Detekce malware
• Detekce anomálií
• Senzitivita detekcí:
• malware/narušení soukromí/podezřelý...