The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In the field of malware analysis, two basic types, which are static analysis and dynamic analysis, are involved in the process of understanding on how particular malware functions. By using dynamic analysis, malware researchers could collect API call sequences that are very valuable sources of information for identifying malware behavior. The proposed malware classification procedures introduced in...
Domain generation algorithms (DGAs) automatically generate large numbers of domain names in DNS domain fluxing for the purpose of command-and-control (C&C) communication. DGAs are immune to static prevention methods like blacklisting and sinkholing. Detection of DGAs in a live stream of queries in a DNS server is referred to as inline detection. Most of the previous approaches in the literature...
The prevalence of Android platform has attracted adversaries to craft malicious payloads for illegal profit. Such malicious artifacts are frequently reused and embedded in benign, paid apps to lure victims that the apps have been cracked for free. To discover these fraudulent apps, administrators of app markets desire an automated scanning process to maintain the health of app ecosystem. However,...
The large number of malicious files that are produced daily outpaces the current capacity of malware analysis and detection. For example, Intel Security Labs reported that during the second quarter of 2016, their system found more than 40M of new malware [1]. The damage of malware attacks is also increasingly devastating, as witnessed by the recent Cryptowall malware that has reportedly generated...
We introduce a methodology for efficient monitoring of processes running on hosts in a corporate network. The methodology is based on collecting streams of system calls produced by all or selected processes on the hosts, and sending them over the network to a monitoring server, where machine learning algorithms are used to identify changes in process behavior due to malicious activity, hardware failures,...
Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying Ransomwares have accelerated their growth and expansion in the field of mobile phones and IOT. In the following article, an optimal approach is presented that transforms the sequence of...
Despite widespread use of commercial anti-virus products, the number of malicious files detected on home and corporate computers continues to increase at a significant rate. Recently, anti-virus companies have started investing in machine learning solutions to augment signatures manually designed by analysts. A malicious file's determination is often represented as a hierarchical structure consisting...
Smartphone» have become a prime target for cyber criminals. Android being the market leader is the major target of malicious attackers. Covert techniques used by the malware make them hard to detect with signature based methods. In this paper, we present AndroPIn — a novel Android based malware detection tool using Permissions and Intents. The proposed framework overcomes the limitation of stealthy...
During the last years, the use of Domain Generation Algorithms (DGAs) has increased with the aim of improving the resiliency of communication between bots and Command and Control (C&C) infrastructure. In this paper, we report on an effective DGA-detection algorithm based on a single network monitoring. The first step of the proposed method is the detection of a bot looking for the C&C and...
Identifying families of malware is today considered a fundamental problem in the context of computer security. The correct mapping of a malicious sample to a known family simplifies its analysis and allows experts to focus their efforts only on those samples presenting unknown characteristics or behaviours, thus improving the efficiency of the malware analysis process. Grouping malware in families...
With the proliferation of Android-based devices, malicious apps have increasingly found their way to user devices. Many solutions for Android malware detection rely on machine learning; although effective, these are vulnerable to attacks from adversaries who wish to subvert these algorithms and allow malicious apps to evade detection. In this work, we present a statistical analysis of the impact of...
Smartphones are increasingly used in everyday life. They execute complex software and store sensitive and private data of users. At the same time, malware targeting mobile devices is growing. There are various Android malware detection methods in the literature, most of which are based on permissions. However, the permission-based methods are usually subverted by some bypass techniques such as over-claim...
Lateral movement-based attacks are increasingly leading to compromises in large private and government networks, often resulting in information exfiltration or service disruption. Such attacks are often slow and stealthy and usually evade existing security products. To enable effective detection of such attacks, we present a new approach based on graph-based modeling of the security state of the target...
Currently, mobile botnet attacks have shifted from computers to smartphones due to its functionality, ease to exploit, and based on financial intention. Mostly, it attacks Android due to its popularity and high usage among end users. Every day, more and more malicious mobile applications (apps) with the botnet capability have been developed to exploit end users' smartphones. Therefore, this paper...
As the malware threat landscape is constantly evolving and over one million new malware strains are being generated every day [1], early automatic detection of threats constitutes a top priority of cybersecurity research, and amplifies the need for more advanced detection and classification methods that are effective and efficient. In this paper, we present the application of machine learning algorithms...
In recent years, researchers have shown that deep learning (DL) can be used to construct highly accurate models to solve many problems. However, training DL models requires large datasets and vast amounts of computation. With millions of malware variants being created every day, we contend that there is plenty of data to build deep learning models to classify malicious applications. However, finding...
Recently, Convolutional neural network (CNN) architectures in deep learning have achieved significant results in the field of computer vision. To transform this performance toward the task of intrusion detection (ID) in cyber security, this paper models network traffic as time-series, particularly transmission control protocol / internet protocol (TCP/IP) packets in a predefined time range with supervised...
Since malware has caused serious damages and evolving threats to computer and Internet users, its detection is of great interest to both anti-malware industry and researchers. In recent years, machine learning-based systems have been successfully deployed in malware detection, in which different kinds of classifiers are built based on the training samples using different feature representations. Unfortunately,...
Long short-term memory recurrent neural network (LSTM-RNN) have witnessed as a powerful approach for capturing long-range temporal dependencies in sequences of arbitrary length. This paper seeks to model a large set of Android permissions particularly the permissions from Normal, Dangerous, Signature and Signature Or System categories within a large number of Android application package (APK) files...
Malicious domains play a vital component in various cyber crimes. Most of the prior works depend on DNS A (address) records to detect the malicious domains, which are directly resolved to IP addresses. In this paper, we propose a malicious domain detection method focusing on the domains that are not resolved to IP addresses directly but only appear in DNS CNAME (canonical name) records. This kind...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.