The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms...
The number of security incidents is increasing and many of them are derived from malware activities. However, recent malware have become so sophisticated that commercial anti-virus software is not capable of detecting 100% of them. NTT Global Threat Intelligence Report shows that more than half of malware are not detected by commercial antivirus software [1]. Nowadays, post-infection countermeasure...
System call analysis is a behavioral malware detection technique that is popular due to its promising detection results and ease of implementation. This study describes a system that uses system call analysis to detect malware that evade traditional defenses. The system monitors executing processes to identify compromised hosts in production environments. Experimental results compare the effectiveness...
Malware analysis on the Android platform has been an important issue as the platform became prevalent. The paper proposes a malware detection approach based on static analysis and machine learning techniques. By conducting SVM training on two different feature sets, malicious-preferred features and normal-preferred features, we built a hybrid-model classifier to improve the detection accuracy. With...
In recent years, the damage caused by botnets has increased and become a big problem. To solve this problem, we proposed a method to detect unjust C&C servers by using Hayashi's quantification theory class II. This method is able to detect unjust C&C servers, even if they are not included in a blacklist. However, it was predicted that the detection rate for this method decreases with...
As information technology improves, the Internet is involved in every area in our daily life. When the mobile devices and cloud computing technology start to play important parts of our life, they have become more susceptible to attacks. In recent years, phishing and malicious websites have increasingly become serious problems in the field of network security. Attackers use many approaches to implant...
In this paper, we propose Segugio, a novel defense system that allows for efficiently tracking the occurrence of new malware-control domain names in very large ISP networks. Segugio passively monitors the DNS traffic to build a machine-domain bipartite graph representing who is querying what. After labelling nodes in this query behavior graph that are known to be either benign or malware-related,...
Organizations and governments consider security as a must-have due to the increasing rate of attacks which is threatening both security and privacy. In this paper, we present a survey of IDPS which led us to perform a classification of methods depending on the techniques used in intrusions detection and prevention systems. We also discuss the advantages and drawbacks of these methods. Afterwards,...
We develop a version of spectral clustering and empirically study its performance when applied to behavior-based malware clustering. In 2011, a behavior-based malware clustering algorithm was reported by Rieck et al. We hypothesize that, owing to the more complex nature of our algorithm, it will exhibit higher accuracy than Rieck's but will require greater run-time. Through experiments using three...
Malware proliferation has become a serious threat to the Internet in recent years. Most of the current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze. However, estimating malware functions has been difficult due to the...
Cloud networks underpin most of todays' socio-economical Information Communication Technology (ICT) environments due to their intrinsic capabilities such as elasticity and service transparency. Undoubtedly, this increased dependence of numerous always-on services with the cloud is also subject to a number of security threats. An emerging critical aspect is related with the adequate identification...
The proposed framework represents a static analysis framework to classify the Android malware. From each Android .apk file, three distinct features likely (a) opcodes (b) methods and (c) permissions are extracted. Analysis of Variance (X-ANOVA) is used to rank features that have high difference in variance in malware and benign training set. To achieve this conventional ANOVA was modified; and a novel...
This paper proposes a novel method of detecting packed executable files using steganalysis, primarily targeting the detection of obfuscated malware through packing. Considering that over 80% of malware in the wild is packed, detection accuracy and low false negative rates are important properties of malware detection methods. Experimental results outlined in this paper reveal that the proposed approach...
We present a new method of classifying previously unseen Android applications as malware or benign. The algorithm starts with a large set of features: the frequencies of all possible n-byte sequences in the application's byte code. Principal components analysis is applied to that frequency matrix in order to reduce it to a low-dimensional representation, which is then fed into any of several classification...
Malicious program or malware is a computer program which was written intentionally to harm computing system. Malware protection involves several sub-tasks namely Monitoring, Prevention, Analysis, Detection, Removal and Recovery. This paper proposes a static heuristic based scoring system that gives a maliciousness score to portable executable files. Malicious score can be used at different stage of...
An opcode behavior based method is proposed to detect malware. Opcode behaviors are represented as opcode sequences from a decompiled executable. To accurately describe the malware behaviors, we construct the opcode running tree to simulate the dynamic execution of a program, and opcode n-grams are extracted to represent the features of an executable. The experimental results show that the opcode...
One of the common methods in the area of combating with malwares is the use of opcodes-sequence exist in the malwares' assembly code. In this study, a new method has been used based on the structural classification of opcodes to detect malwares and its efficiency has also been put into investigation compared to the opcodes method. For this purpose, two different methods are to be applied for eliciting...
Metamorphic virus detection is one of the most challenging tasks of antivirus software and the most difficult ones are among known viruses. In this article we have used Bayesian network to recognize these kinds of viruses. The body of these virusesis made of assembly codes. At first opcodes are extracted as 1-gram from virus body, these opcodes are known as the characteristics of Bayesian network...
Using runtime execution artifacts to identify malware and its associated “family” is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, use of these fine-granularity data points makes these techniquse computationally expensive. Moreover, the signatures and heuristics this...
In light of their rapid growth, there is a pressing need to develop analysis and decision solutions whether or not. However, most of protections are limited understanding of these mobile malware and sophisticated analyzing. In this paper, we propose a method of analyzing and deciding malware on the basis of similarity with existing malware families on the popular platform, Android. We focus on the...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.