The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Many promising malware research projects focus on malware behaviour analysis, however, in the end they tend to build new detection systems and stick to measuring detection ratios. Our approach focuses on malware behavioural analysis for defining (characterising) malicious software on rather high level of abstraction, in order to break the endless cycle of evolving malware and malware analysts trying...
Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring...
Both the operational and academic security communities have used dynamic analysis sandboxes to execute malware samples for roughly a decade. Network information derived from dynamic analysis is frequently used for threat detection, network policy, and incident response. Despite these common and important use cases, the efficacy of the network detection signal derived from such analysis has yet to...
The Internet economy is based on free access to content in exchange of viewing advertisements that might lead to online purchases. Advertisements represent an important source of revenue to Advertising companies. Those companies employ every possible technique and trick to maximize clicks and visits to advertisers' websites. Modern websites exchange advertisement contents from ads' providers (such...
The number of malicious applications, their diversity and complexity is continuously growing. To provide the best protection against these advanced threats, there is a need to develop proactive detection solutions, that are able to detect malware based on their behavior. One of the essential concerns when developing such solutions is identifying specific actions based on which malicious applications...
Malicious software, or malware, continues to be a problem for computer users, corporations, and governments. Previous research [1] has explored training file-based, malware classifiers using a two-stage approach. In the first stage, a malware language model is used to learn the feature representation which is then input to a second stage malware classifier. In Pascanu et al. [1], the language model...
Recently, rise of smartphone use for daily activities is phenomenal and the security of mobile platforms is receiving great attention by the security community. Unlike servers and workstations, the mobile system deals with personal information including locations, emails, social activities, and even photos. Therefore, privacy concern is the most important matter to every user. Many adversarial attempts...
Real time Malware detection is still a big challenge; although considerable research showed advances of design and build systems that can automatically predicate the maliciousness of specific file, program, or website, Malware is continuously growing in terms of numbers and maliciousness. Web-based Malware detection is also growing with the expansion of the Internet and the availability of higher...
The increase in smartphone usage is providing impetus to malicious actors to target these devices via malware injection. This can be seen in the increasing number of malware identified in the past few years. Android, being the most commonly used platform and one that provides an open architecture, makes it the most common target for malware developers. One possible method to identify malicious code...
Diverse antivirus engines have different naming rules for Android malwares, so that they return detection results of the same application in different expression forms. This paper researches the naming methods of the malwares by the engines, and institutes a standardized naming rule for the malwares which is easy to understand. This paper also designs a method to standardize the Android application's...
Distribution of smartphone apps represents a major risk for tomorrow. Alternative app stores filled by pirated content create a dangerous substrate for the diffusion of tricky apps. We present in this paper a dedicated Crawling Engine conceived to protect distribution of genuine apps.
Shellcodes are malicious code fragments which are usually executed after exploitation of particular vulnerability. Such shellcodes can be packed within a binary in a form of payload and executed on the targeted machine. Detection and analysis of these malicious code fragments is very important, however, it is still a challenging problem due to the use of different evasion techniques. Furthermore,...
In recent years, the drive-by malware space has undergone significant consolidation. Today, the most common source of drive-by downloads are so-called exploit kits (EKs). This paper presents Kizzle, the first prevention technique specifically designed for finding exploit kits. Our analysis shows that while the JavaScript delivered by kits varies greatly, the unpacked code varies much less, due to...
Malware authors have been using websites to distribute their products as a way to evade spam filters and classic anti-virus engines. Yet there has been relatively little work in modeling the behaviors and temporal properties of websites, as most research focuses on detecting whether a website distributes malware. In this paper we ask: How does web-based malware spread? We conduct an extensive study...
Protecting critical files in file systems is very important to computer systems. To protect critical files, the VMI-based Real-time File-system Monitor tools are promising options. However, these tools are always operation-based and introduce high overhead. The operation-based approaches intercept some kind of file operation to monitor critical files. The selected file operation is intercepted by...
In today's modern world, a simple malware attack can result catastrophically and can cause havoc. In spite of numerous types of antiviruses available in the market, there is a dearth in detection techniques of these antiviruses. This paper proposes a complete system, which is a combination of conventional and new techniques for detecting malware. We first evaluate the antiviruses against 10,000+ malware...
Botnets are a class of internet attacks having different characteristics as compared to the normal internet attacks. One of the features that uniquely characterize a botnet attack is that "the infected machine (Bot) is being remotely controlled by an entity called "Botmaster". The Botmaster remotely controls these infected systems through "Command and Control" servers (C&C)...
Botnets are widely considered one of the most dangerous threats on the internet due to their modular and adaptive nature which makes them difficult to defend against. In contrast to previous generations of malicious codes, botnets have a command and control (C2) infrastucture which allows them to be remotely controlled by their masters. A command and control infrastructure based on Internet Relay...
When a Zero day malware crops up and with the advent of polymorphism and obfuscation, such malware poses a serious threat to unsuspecting victims of such attack. In this paper we will analyze the current scenario of such a malware threat that is obfuscated and polymorphic in nature against different malware analysis tools employing different techniques. A mutation engine is created to create the obfuscated...
With the proliferation of Internet access across the globe, as well as the advancement of many new devices and next generation networks, there is no surprise that malware infection via web browsing is still one of the most significant threats to Internet users today. Over the past several years we have also seen the increase in advanced targeted attacks against corporations which steal intellectual...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.