The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Rapidly evolving malware has become a major cybersecurity threat. Several feature‐engineering techniques have been proposed to defend against malware attacks. An entropy is a typical indicator used in identifying malware. Structural entropy is a sequence of entropy values where an entropy of a segment is calculated by the equation of the entropy itself. However, entropy‐based features are likely to...
The large number of malicious files that are produced daily outpaces the current capacity of malware analysis and detection. For example, Intel Security Labs reported that during the second quarter of 2016, their system found more than 40M of new malware [1]. The damage of malware attacks is also increasingly devastating, as witnessed by the recent Cryptowall malware that has reportedly generated...
In this paper, we examine the possibility to utilize the well-known approximations of Jaccard metric in order to reduce computational complexity of Edit Distance metric estimation. The scope of our analytical results is the representing strings rather than the original (raw) textual data, still in practice we obtained a solid indication that the results can be applied to (raw) strings that have low...
In recent years, researchers have shown that deep learning (DL) can be used to construct highly accurate models to solve many problems. However, training DL models requires large datasets and vast amounts of computation. With millions of malware variants being created every day, we contend that there is plenty of data to build deep learning models to classify malicious applications. However, finding...
Malware continues to be a critical concern for everyone from home users to enterprises. Today, most devices are connected through networks to the Internet. Therefore, malicious code can easily and rapidly spread. The objective of this paper is to examine how malicious portable executable (PE) files can be detected on the network by utilizing machine learning algorithms. The efficiency and effectiveness...
With the appearance and development of the technology of malicious codes and other unknown threats, information security has drawn people's attention. In this paper, we investigate on behavior-based detection which is different from traditional static detection technology. Firstly, we discuss the procedure in detail, especially feature extraction and classification. Several machine learning methods...
In a variety of Network-based Intrusion Detection System (NIDS) applications, one desires to detect groups of unknown attack (e.g., botnet) packet-flows, with a group potentially manifesting its atypicality (relative to a known reference “normal”/null model) on a low-dimensional subset of the full measured set of features used by the IDS. What makes this anomaly detection problem quite challenging...
We address an increasingly critical problem of identifying the potential signatures for identifying a given family of malware or unwanted software (i.e., or generally any corpus of artifacts of unknown provenance). We address this with a novel methodology designed to create an entire and complete maps of software code clones (copy features in data). We report on a practical methodology, which employs...
Previous work has shown that JavaScript malware can manipulate its internal code with relative ease using an approach known as Transcriptase. However, the resulting malware remained susceptible to software similarity based scoring techniques. In this research, we develop and analyze an advanced version of Transcriptase that is entirely practical and is not detectable using any of several scoring techniques...
Increased number of malware samples have created many challenges for Antivirus companies. One of these challenges is clustering the large number of malware samples they receive daily. Malware authors use malware generation kits to create different instances of the same malware. So most of these malicious samples are polymorphic instances of previously known malware family only. Clustering these large...
Marketplaces specializing in malicious hacking products - including malware and exploits - have recently become more prominent on the darkweb and deepweb. We scrape 17 such sites and collect information about such products in a unified database schema. Using a combination of manual labeling and unsupervised clustering, we examine a corpus of products in order to understand their various categories...
Host Based Intrusion Detection Systems (HIDS) are gaining traction in discovering malicious software inside a host operating system. In this paper, the authors have developed a new cognitive host based anomaly detection system based on supervised AdaBoost machine learning algorithm. Particularly, information fractal dimension based approach is incorporated in the original AdaBoost machine learning...
Smartphones are becoming more and more popular and, as a consequence, malware writers are increasingly engaged to develop new threats and propagate them through official and third-party markets. In addition to the propagation vectors, malware is also evolving quickly the techniques adopted for infecting victims and hiding their malicious nature to antimalware scanning. From SMS Trojans to legitimate...
Ransomware is a growing threat that encrypts auser's files and holds the decryption key until a ransom ispaid by the victim. This type of malware is responsible fortens of millions of dollars in extortion annually. Worse still, developing new variants is trivial, facilitating the evasion of manyantivirus and intrusion detection systems. In this work, we presentCryptoDrop, an early-warning detection...
Malware detection is a growing problem particularly on the Android mobile platform due to its increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for more effective techniques for detection and classification of Android malware. Hence,...
In general we categorize all malicious codes that potentially can harm a single or network of computers into malware groups. With great progress in enhancing virus development kit and various kind of malware appeared today, and increasing in number of web networks users, malwares spreading out rapidly in all aspect of computers systems. The main approach for finding and detecting malware today, is...
In this paper, a broad static analysis system to classify the android malware application is been proposed. The features like hardware components, permissions, application components, filtered intents, opcodes and number of smali files per application are used to generate the vector space model. Significant features are selected using Entropy based Category Coverage Difference criterion. The performance...
Portable Document Format (PDF) is used as a defacto standard for sharing documents. Even though pdf is a document description language, it has lot of features similar to programming language. With the addon support of JavaScript (Malicious script) and the facility to embed any file into a PDF document, creates a big potential for disastrous cyber attacks. From 2008 onwards, the malicious users are...
Advanced persistent attacks, incorporated by sophisticated malware, are on the rise against hosts, user applications and utility software. Modern malware hide their malicious payload by applying packing mechanism. Packing tools instigate code encryption to protect the original malicious payload. Packing is employed in tandem with code obfuscation/encryption/compression to create malware variants....
This paper proposes a novel method of detecting packed executable files using steganalysis, primarily targeting the detection of obfuscated malware through packing. Considering that over 80% of malware in the wild is packed, detection accuracy and low false negative rates are important properties of malware detection methods. Experimental results outlined in this paper reveal that the proposed approach...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.