The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Binary classification is one of the most frequent studies in applied machine learning problems in various domains, from medicine to biology to meteorology to malware analysis. Many researchers use some performance metrics in their classification studies to report their success. However, the literature has shown a widespread confusion about the terminology and ignorance of the fundamental aspects behind...
With the emerging Internet of Things (IoT) technologies, malware spreading over increasingly connected networks becomes a new security concern. To capture the heterogeneous nature of the IoT networks, we propose a continuous-time Susceptible-Infected-Recovered (SIR) epidemic model with two types of malware for heterogeneous populations over a large network of devices. The malware control mechanism...
Limited write endurance is one of major obstacles to adopt Phase Change Memories (PCMs) in practice as future main memory. Considering process variation (PV) and non-uniform write intensity, PCM cells with low endurance (i.e. weak cells) can wear out in seconds under intensive writes. To prolong PCMs' lifetime, many PV-aware wear leveling schemes have been proposed following a common idea: intensive...
Twitter, an Internet based social networking application has gained a tremendous popularity as a means of convenient social networking. The inherent structure and possibility of rapid information propagation provides an opportunity for adversaries to use Twitter as a medium to spread malware. It is critical to examine the data dissemination process in Twitter in terms of speed and reachability. Existing...
To assess cybersecurity capabilities in developing countries, governments need to develop a social influence strategy. The main aim is to explore the social influence in the cyberworld and its ability to improve the cybersecurity capabilities in cyberspace' users. Developing countries are from the most source and target of cybercrime in the world, however, their poor infrastructures make them as an...
Android malware detection has been a popularresearch topic due to non-negligible amount of malwaretargeting the Android operating system. In particular, thenaive Bayes generative classifier is a common techniquewidely adopted in many papers. However, we found thatthe naive Bayes classifier performs badly in ContagioMalware Dump dataset, which could result from theassumption that no feature dependency...
In security sensitive applications, there is a crafty adversary component which intends to mislead the detection system. The presence of an adversary component conflicts with the stationary data assumption that is a common assumption in most machine learning methods. Since machine learning methods are not inherently adversary-aware, it necessitates to investigate security evaluation of machine learning...
Infamous recent cyber attacks on businesses and governments have demonstrated that even the best contemporary security systems can not prevent well-resourced adversaries from infiltrating their networks and gaining access to sensitive information. Stealthy malware can spread through a network undetected by utilizing zero-day exploits to propagate and hiding malicious behavior in normal activity, potentially...
Cyber-attacks in mobile tactical networks are increasingly being recognized as a threat to mission assurance and tactical capability. Some recent cyber-attacks have exploited short-range radio communication such as Bluetooth to propagate malware, thereby circumventing traditional cyber network defenses and evading detection. The spread of such self-propagating malware in mobile tactical networks is...
Since our last paper, cyber attacks have shown no evidence of declining in frequency or sophistication. We claim that applying isolation zones is an effective way to defend cyber systems; our team proposes a simulation and mathematical model that provide numerical data that supports this claim. This paper extends our earlier cyber zone defense (CZD) framework in two critical ways. First, we relax...
In recent years, the expanding smartphone market has become an increasingly attractive target for malicious attacks. This has motivated the continuous development of models to understand the behavior of smartphone malware and describe its spatial propagation. One of possible communication channels for the penetration of mobile malware is the Bluetooth interface, where the malware infects devices in...
The paper presents results of a study of malware spreading in heterogeneous networks using epidemiological modeling framework. The model is one of the first to incorporate heterogeneity among the three components of the network: software, hardware and network type. This model also allows for both cyber and non-cyber-related impact on the mission. The unified approach taken in this study aggregates...
We address an increasingly critical problem of identifying the potential signatures for identifying a given family of malware or unwanted software (i.e., or generally any corpus of artifacts of unknown provenance). We address this with a novel methodology designed to create an entire and complete maps of software code clones (copy features in data). We report on a practical methodology, which employs...
In this paper, we present a new mathematical epidemiological model of a malware targeting Private Branch eXchanges (PBX). Although the term PBX is old, we argue that traditional PBXs are still extensively used, along the modern VoIP systems, forming part of most nations' critical infrastructure. The proposed model is based on graph theory and generic epidemiological models. Through this model we are...
In this work, a mathematical model has been developed to analyze the spread of a distributed attack on critically targeted resources in a network using firewall security coefficient. The model provides an epidemic framework with two sub-frameworks to consider the difference between the overall behavior of the attacking population and the targeted population. The targeted population and attacking population...
Mobile networks are vulnerable to signaling attacks and storms that are caused by traffic patterns that overload the control plane, and differ from distributed denial of service attacks in the Internet since they directly affect the control plane, and also reserve wireless bandwidth and network resources without actually using them. Such storms can result from malware and mobile botnets, as well as...
Computer virus is a rapidly evolving threat to the computing community. These viruses fall into different categories and it is generally believed that metamorphic viruses are extremely difficult to detect. The first step to effectively combat a virus is to successfully classify it's family so that past experience can be readily applied to understand it's functionality and apply the right strategy...
Among most of the cyber attacks that occured, the most drastic are advanced persistent threats. APTs are differ from other attacks as they have multiple phases, often silent for long period of time and launched by adamant, well-funded opponents. These targeted attacks mainly concentrated on government agencies and organizations in industries, as are those involved in international trade and having...
In recent years, the damage caused by botnets has increased and become a big problem. To solve this problem, we proposed a method to detect unjust C&C servers by using Hayashi's quantification theory class II. This method is able to detect unjust C&C servers, even if they are not included in a blacklist. However, it was predicted that the detection rate for this method decreases with...
This paper presents a model to evaluate and select security countermeasures from a pool of candidates. The model performs industrial evaluation and simulations of the financial and technical impact associated to security countermeasures. The financial impact approach uses the Return On Response Investment (RORI) index to compare the expected impact of the attack when no response is enacted against...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.