Search results for "haittaohjelmat"

showing 10 items of 10 documents

Hypervisor-assisted dynamic malware analysis

2021

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transp…

Computer engineering. Computer hardwareSoftware_OPERATINGSYSTEMSvirtualisointiComputer Networks and CommunicationsComputer scienceContext (language use)Static program analysiscomputer.software_genreTK7885-7895Artificial IntelligenceComponent (UML)Overhead (computing)tietoturvaMalware analysiskyberturvallisuusbusiness.industryHypervisorQA75.5-76.95haittaohjelmatComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSTask (computing)Electronic computers. Computer scienceEmbedded systemMalwarebusinesscomputerSoftwareInformation SystemsCybersecurity
researchProduct

Understanding the inward emotion-focused coping strategies of individual users in response to mobile malware threats

2021

According to coping theory, individuals cope with information system threats by adopting either problem-focused coping (PFC) or emotion-focused coping (EFC). However, little is known about EFC in the information security (ISec) literature. Moreover, there is potential confusion regarding the meaning of some EFC strategies. Hence, ISec scholars and practitioners may (i) have a narrow view of EFC or (ii) confuse it with other concepts. In this study, we offer one response to this issue. We first address the ambiguity regarding EFC before differentiating five inward EFC strategies and assessing them empirically in the mobile malware context. To the best of our knowledge, this study is the firs…

Coping (psychology)vaikutuksetApplied psychologyuhatasenteetMobile malwareCoping theoryArts and Humanities (miscellaneous)tunteetDevelopmental and Educational PsychologyInformation systemtietoturvariskittietojärjestelmättorjuntaturvallisuusEmotion focusedprotection motivation theoryselviytyminenGeneral Social SciencestietoturvakäyttäytyminenHuman-Computer InteractionhaittaohjelmatProtection motivation theoryinformation security behaviourPsychologyinward emotion-focused copingcoping theory
researchProduct

HyperIO: A Hypervisor-Based Framework for Secure IO

2023

Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output devices using a partial implementation of device drivers. We apply our approach using two security systems built on HyperIO: FireSafe and ClipCrypt. FireSafe is a web browser extension which allows a remote web server to display and receive sensitive user information securely. ClipCrypt enables the user to securely enter and view their confidential information in commodity Windows applications.

Fluid Flow and Transfer ProcessesvirtualisointiProcess Chemistry and Technologytrusted pathGeneral Engineeringtrusted path; virtualization; system security; browser security; malware protectionvirtualizationComputer Science Applicationsbrowser securityhaittaohjelmatjärjestelmänhallintatietosuojamalware protectionsystem securityGeneral Materials SciencetietoturvatietoverkotInstrumentationtietojärjestelmätApplied Sciences
researchProduct

ISAdetect

2020

Static and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors due to misreading op-codes for a wrong CPU architecture, these analysis tools must precisely identify the Instruction Set Architecture (ISA) of the object code under analysis. The variety of CPU architectures that modern security and reverse engineering tools must support is ever increasing due to massive proliferation of IoT devices and the diversity of firmware and malware targeting those devices. Recent studies concluded that falsely identifying the binary code's ISA ca…

Reverse engineeringprosessoritComputer scienceFirmware02 engineering and technologycomputer.file_formatcomputer.software_genrehaittaohjelmatInstruction setObject codeComputer engineering020204 information systemsEndianness0202 electrical engineering electronic engineering information engineeringMalwareesineiden internet020201 artificial intelligence & image processingBinary codeExecutabletietoturvacomputerProceedings of the Tenth ACM Conference on Data and Application Security and Privacy
researchProduct

Using Hypervisors to Overcome Structured Exception Handler Attacks

2019

Microsoft windows is a family of client and server operating systems that needs no introduction. Microsoft windows operating system family has a feature to handle exceptions by storing in the stack the address of an exception handler. This feature of Microsoft Windows operating system family is called SEH (Structured exception handlers). When using SEH the exception handler address is specifically located on the stack like the function return address. When an exception occurs the address acts as a trampoline and the EIP jumps to the SEH address. By overwriting the stack one can create a unique type of return oriented programming (ROP) exploit that force the instruction pointer to jump to a …

WindowshaittaohjelmatSEHapplication controlhypervisortietoturvarootkit
researchProduct

Verkkohuijausten tyypit sosiaalisessa mediassa

2017

Types of online scams in social media. In this thesis, types of online scams in social media are examined first by defining online scams and then applying the principles of them to social media setting. The thesis is a literature review in which it was found that in social media there are similar types of scams than outside of it. These types of scams were phishing scams, scams related to social engineering malware attacks and 419 -scams. There were a couple of scam scenarios that were not detected outside of social media context due to social networking site required as a platform for the scams. These were scams involving impersonation of celebrities or friends, services offering followers…

haittaohjelmatkirjallisuuskatsausidentiteettivarkausmalwaresocial mediasosiaalinen mediaonline scamphishingverkkourkintasocial networking site
researchProduct

Tietoturvan ylläpitämisen haasteet kotikontekstissa

2016

Tietoturva on tärkeä aihe, koska internetin käyttäjien määrä kasvaa yhä ja tietoturvauhat eivät ole vähenemässä. Päinvastoin, uusia uhkia havaitaan vuosittain tuhansia. Tietoturvan ylläpitämisessä tärkeä lenkki ohjelmistojen lisäksi on tietojärjestelmän käyttäjä itse. Paraskaan virustentorjunta ei välttämättä pelasta, jos käyttäjä lankeaa kalasteluhyökkäykseen. Tästä syystä tutkielmassa yritetään ymmärtää käyttäjiä, miten he toimivat ja miksi, jotta tietoturvaa voidaan parantaa ja kaikki voivat nauttia turvallisemmasta internetistä tulevaisuudessa. Tässä tutkielmassa huomataan, että iso osa käyttäjistä ei varaudu uhkiin erityisen hyvin ja monet suojakeinot jäävät käyttämättä. Lisäksi käyttä…

haittaohjelmatmobiililaitteettietoturvakäyttäytyminenvirustentorjuntaohjelmat
researchProduct

A Network-Based Framework for Mobile Threat Detection

2018

Mobile malware attacks increased three folds in the past few years and continued to expand with the growing number of mobile users. Adversary uses a variety of evasion techniques to avoid detection by traditional systems, which increase the diversity of malicious applications. Thus, there is a need for an intelligent system that copes with this issue. This paper proposes a machine learning (ML) based framework to counter rapid evolution of mobile threats. This model is based on flow-based features, that will work on the network side. This model is designed with adversarial input in mind. The model uses 40 timebased network flow features, extracted from the real-time traffic of malicious and…

ta113Computer scienceintrusion detectionmobile threatsFeature extractionEvasion (network security)concept-driftAdversaryComputer securitycomputer.software_genreFlow networkMobile malwareanomaly detectionVariety (cybernetics)haittaohjelmatmachine learningkoneoppiminenmobiililaitteetMalwaretietoturvacomputerHumanoid robot
researchProduct

Support vector machine integrated with game-theoretic approach and genetic algorithm for the detection and classification of malware

2013

Abstract. —In the modern world, a rapid growth of mali- cious software production has become one of the most signifi- cant threats to the network security. Unfortunately, wides pread signature-based anti-malware strategies can not help to de tect malware unseen previously nor deal with code obfuscation te ch- niques employed by malware designers. In our study, the prob lem of malware detection and classification is solved by applyin g a data-mining-based approach that relies on supervised mach ine- learning. Executable files are presented in the form of byte a nd opcode sequences and n-gram models are employed to extract essential features from these sequences. Feature vectors o btained are…

ta113Network securitybusiness.industryComputer scienceFeature vectorFeature extractionuhatBytecomputer.file_formatMachine learningcomputer.software_genrehaittaohjelmatSupport vector machineObfuscation (software)ComputingMethodologies_PATTERNRECOGNITIONnetworknetwork securityMalwareData miningArtificial intelligenceExecutabletietoturvabusinesscomputer2013 IEEE Globecom Workshops (GC Wkshps)
researchProduct

Kiristyshaittaohjelmien toiminta ja ehkäisy

2017

Kiristyishaittaohjelmat ovat nykyään huomattavan yleisiä, ja ne aiheuttavat iskiessään sekä taloudellisesti että toiminnallisesti vakavia vahinkoja. Tutkielmassa tutkittiin teoreettis-kvalitatiivisella kirjallisuusanalyysillä, millaisia piirteitä nykyaikaiset kiristyshaittaohjelmat sisältävät. Löydösten pohjalta pyrittiin muodostamaan luettelo hyvistä käytänteistä. Tärkeimpinä löydöksinä havaittiin selvä riippuvuus loppukäyttäjien puutteellisen ymmärryksen ja haittaohjelmien tartuntariskin välillä; sama yhteys havaittiin myös löysästi suojattujen ja päivittämättömien järjestelmien osalta. Nykyaikaiset kiristyshaittaohjelmat ovat löydösten perusteella kryptografisilta menetelmiltään hyvin teh…

torjuntatoimintaehkäisykiristyshaittaohjelmat
researchProduct