Search results for "Malware"

showing 10 items of 32 documents

Detection of algorithmically generated malicious domain names using masked N-grams

2019

Abstract Malware detection is a challenge that has increased in complexity in the last few years. A widely adopted strategy is to detect malware by means of analyzing network traffic, capturing the communications with their command and control (C&C) servers. However, some malware families have shifted to a stealthier communication strategy, since anti-malware companies maintain blacklists of known malicious locations. Instead of using static IP addresses or domain names, they algorithmically generate domain names that may host their C&C servers. Hence, blacklist approaches become ineffective since the number of domain names to block is large and varies from time to time. In this paper, we i…

0209 industrial biotechnologyDomain generation algorithmComputer scienceGeneral Engineering02 engineering and technologycomputer.software_genreBlacklistComputer Science ApplicationsRandom forestDomain (software engineering)020901 industrial engineering & automationArtificial IntelligenceServer0202 electrical engineering electronic engineering information engineeringMalware020201 artificial intelligence & image processingData miningcomputerHost (network)Block (data storage)Expert Systems with Applications
researchProduct

Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot

2020

Memory acquisition is a tool used in advanced forensics and malware analysis. Various methods of memory acquisition exist. Such solutions are ranging from tools based on dedicated hardware to software-only solutions. We proposed a hypervisor based memory acquisition tool. [22]. Our method supports ASLR and Modern operating systems which is an innovation compared to past methods [27, 36]. We extend the hypervisor assisted memory acquisition by adding mass storage device honeypots for the malware to cross and propose hiding the hypervisor using bluepill technology.

021110 strategic defence & security studiesAtomicitySoftware_OPERATINGSYSTEMSHoneypotComputer science0211 other engineering and technologiesHypervisor02 engineering and technologycomputer.software_genreVirtualizationMemory forensicsMass storage0202 electrical engineering electronic engineering information engineeringOperating systemMalware020201 artificial intelligence & image processingMalware analysiscomputer
researchProduct

Agent-Based Model to Study and Quantify the Evolution Dynamics of Android Malware Infection

2014

[EN] In the last years the number of malware Apps that the users download to their devices has risen. In this paper, we propose an agentbased model to quantify the Android malware infection evolution, modeling the behavior of the users and the different markets where the users may download Apps. The model predicts the number of infected smartphones depending on the type of malware. Additionally, we will estimate the cost that the users should afford when the malware is in their devices. We will be able to analyze which part is more critical: the users, giving indiscriminate permissions to the Apps or not protecting their devices with antivirus software, or the Android platform, due to the v…

Agent-based modelSoftware_OPERATINGSYSTEMSArticle SubjectApplied Mathematicslcsh:MathematicsComputer securitycomputer.software_genrelcsh:QA1-939ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSAndroid malwareMalwareAndroid (operating system)MATEMATICA APLICADAcomputerAnalysisMathematics
researchProduct

Exploring Lightweight Deep Learning Solution for Malware Detection in IoT Constraint Environment

2022

The present era is facing the industrial revolution. Machine-to-Machine (M2M) communication paradigm is becoming prevalent. Resultantly, the computational capabilities are being embedded in everyday objects called things. When connected to the internet, these things create an Internet of Things (IoT). However, the things are resource-constrained devices that have limited computational power. The connectivity of the things with the internet raises the challenges of the security. The user sensitive information processed by the things is also susceptible to the trusability issues. Therefore, the proliferation of cybersecurity risks and malware threat increases the need for enhanced security in…

Computer Networks and CommunicationsHardware and ArchitectureControl and Systems EngineeringSignal ProcessingElectrical and Electronic EngineeringInternet of Things; deep learning; natural language processing; RNN; LSTM; malware detectionVDP::Matematikk og Naturvitenskap: 400::Informasjons- og kommunikasjonsvitenskap: 420Electronics; Volume 11; Issue 24; Pages: 4147
researchProduct

Hypervisor-assisted dynamic malware analysis

2021

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transp…

Computer engineering. Computer hardwareSoftware_OPERATINGSYSTEMSvirtualisointiComputer Networks and CommunicationsComputer scienceContext (language use)Static program analysiscomputer.software_genreTK7885-7895Artificial IntelligenceComponent (UML)Overhead (computing)tietoturvaMalware analysiskyberturvallisuusbusiness.industryHypervisorQA75.5-76.95haittaohjelmatComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSTask (computing)Electronic computers. Computer scienceEmbedded systemMalwarebusinesscomputerSoftwareInformation SystemsCybersecurity
researchProduct

Evaluation of Ensemble Machine Learning Methods in Mobile Threat Detection

2017

The rapid growing trend of mobile devices continues to soar causing massive increase in cyber security threats. Most pervasive threats include ransom-ware, banking malware, premium SMS fraud. The solitary hackers use tailored techniques to avoid detection by the traditional antivirus. The emerging need is to detect these threats by any flow-based network solution. Therefore, we propose and evaluate a network based model which uses ensemble Machine Learning (ML) methods in order to identify the mobile threats, by analyzing the network flows of the malware communication. The ensemble ML methods not only protect over-fitting of the model but also cope with the issues related to the changing be…

Computer scienceintrusion detection0211 other engineering and technologiesDecision tree02 engineering and technologycomputer.software_genreComputer securitymobiililaitteet0202 electrical engineering electronic engineering information engineeringsupervised machine learningSoarAndroid (operating system)tietoturvata113021110 strategic defence & security studiesta213business.industrymobile threatsensemble methods020206 networking & telecommunicationsFlow networkEnsemble learninganomaly detectionmachine learningkoneoppiminenMalwareThe InternetbusinesscomputerMobile device
researchProduct

Understanding the inward emotion-focused coping strategies of individual users in response to mobile malware threats

2021

According to coping theory, individuals cope with information system threats by adopting either problem-focused coping (PFC) or emotion-focused coping (EFC). However, little is known about EFC in the information security (ISec) literature. Moreover, there is potential confusion regarding the meaning of some EFC strategies. Hence, ISec scholars and practitioners may (i) have a narrow view of EFC or (ii) confuse it with other concepts. In this study, we offer one response to this issue. We first address the ambiguity regarding EFC before differentiating five inward EFC strategies and assessing them empirically in the mobile malware context. To the best of our knowledge, this study is the firs…

Coping (psychology)vaikutuksetApplied psychologyuhatasenteetMobile malwareCoping theoryArts and Humanities (miscellaneous)tunteetDevelopmental and Educational PsychologyInformation systemtietoturvariskittietojärjestelmättorjuntaturvallisuusEmotion focusedprotection motivation theoryselviytyminenGeneral Social SciencestietoturvakäyttäytyminenHuman-Computer InteractionhaittaohjelmatProtection motivation theoryinformation security behaviourPsychologyinward emotion-focused copingcoping theory
researchProduct

Eliciting Information on the Vulnerability Black Market from Interviews

2010

Threats to computing prompted by software vulnerabilities are abundant and costly for those affected. Adding to this problem is the emerging vulnerability black markets (VBMs), since they become places to trade malware and exploits. VBMs are discussed based on information derived from interviews with security researchers. The effort is enriched by further examination of documents surrounding the disclosure of four selected vulnerabilities cases. The result suggests that the VBMs is bifurcated into two distinct parts; the skilled-hacker and the script-kiddie VBMs with a possible link between them, where the latter become places to sell malware or exploit kits after the zero day vulnerability…

ExploitComputer sciencebusiness.industryInternet privacycomputer.software_genreComputer securitySoftware qualityElectronic mailComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSMalwareBlack marketbusinesscomputerZero-day attackVulnerability (computing)2010 Fourth International Conference on Emerging Security Information, Systems and Technologies
researchProduct

A Study of a Social Behavior inside the Online Black Markets

2010

Illegal activities in cyberspace involving software vulnerabilities have resulted in tangible damage on computer-based environments. Lately, online black market sites for trading stolen goods, credentials, malware and exploit kits have been intensively examined. The market players are identifiably a group of loosely tied individuals but posses shared interests. However, their social behavior has only been discussed in a limited manner. This paper examines the arrangement of the market insiders’ social behavior that enables such forums to continue or discontinue their operation and become a meaningful threat to security. The results reveal that particular formal and informal regulations and …

Exploitbusiness.industryComputer scienceInternet privacycomputer.software_genreComputer securitySoftwareMalwareThe InternetBlack marketbusinessCyberspacecomputerCyber threats2010 Fourth International Conference on Emerging Security Information, Systems and Technologies
researchProduct

Toward Optimal LSTM Neural Networks for Detecting Algorithmically Generated Domain Names

2021

Malware detection is a problem that has become particularly challenging over the last decade. A common strategy for detecting malware is to scan network traffic for malicious connections between infected devices and their command and control (C&C) servers. However, malware developers are aware of this detection method and begin to incorporate new strategies to go unnoticed. In particular, they generate domain names instead of using static Internet Protocol addresses or regular domain names pointing to their C&C servers. By using a domain generation algorithm, the effectiveness of the blacklisting of domains is reduced, as the large number of domain names that must be blocked g…

Feature engineeringGeneral Computer ScienceArtificial neural networkComputer sciencebusiness.industrymalwareDeep learningGeneral EngineeringDeep learningdomain generation algorithmscomputer.software_genreBlacklistDomain (software engineering)TK1-9971ServerMalwareGeneral Materials ScienceNetwork performanceArtificial intelligenceData miningElectrical engineering. Electronics. Nuclear engineeringbusinessLSTMcomputerIEEE Access
researchProduct