An Experimental Analysis of Windows Log Events Triggered by Malware

According to the 2016 Internet Security Threat Report by Symantec, there are around 431 million variants of malware known. This effort focuses on malware used for spying on user's activities, remotely controlling devices, and identity and credential theft within a Windows based operating system. As Windows operating systems create and maintain a log of all events that are encountered, various malware are tested on virtual machines to determine what events they trigger in the Windows logs. The observations are compiled into Operating System specific lookup tables that can then be used to find the tested malware on other computers with the same Operating System.

[1]  L. Hughes,et al.  Viruses, Worms, and Trojan Horses: Serious Crimes, Nuisance, or Both? , 2007 .

[2]  Michelle D. Mullinix An analysis of Microsoft event logs , 2013 .

[3]  M. Gribaudo,et al.  2002 , 2001, Cell and Tissue Research.

[4]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[5]  Seref Sagiroglu,et al.  Keyloggers: Increasing Threats to Computer Security and Privacy , 2009, IEEE Technol. Soc. Mag..

[6]  Mohamed Kaâniche,et al.  Event log based dependability analysis of Windows NT and 2K systems , 2002, 2002 Pacific Rim International Symposium on Dependable Computing, 2002. Proceedings..

[7]  A. James 2010 , 2011, Philo of Alexandria: an Annotated Bibliography 2007-2016.

[8]  Anand Sivasubramaniam,et al.  Critical event prediction for proactive management in large-scale computer clusters , 2003, KDD '03.