The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The paper presents a new technique for unknown metamorphic viruses' detection. It is based on the analysis of the potentially suspicious behavior of the programs on the host. The novelty of the contribution is that, the analysis is performed via the comparison of the functional blocks of the disassembled code before and after program's emulation, which is executed within the modified emulators installed...
With the emerging Internet of Things (IoT) technologies, malware spreading over increasingly connected networks becomes a new security concern. To capture the heterogeneous nature of the IoT networks, we propose a continuous-time Susceptible-Infected-Recovered (SIR) epidemic model with two types of malware for heterogeneous populations over a large network of devices. The malware control mechanism...
Detection and removal of malware infections have always been significant concerns for every computer user. Countless people are victims of malicious programs per day all around the world despite substantial improvements in malware defense. Developing techniques to characterize the harm caused by these programs enables new defenses to counteract these behaviors. One way to create these metrics is to...
Mobile personal devices, such as smartphones, USB thumb drives, and sensors, are becoming essential elements of our modern lives. Their large-scale pervasive deployment within the population has already attracted many malware authors, cybercriminals, and even governments. Since the first demonstration of mobile malware by Marcos Velasco, millions of these have been developed with very sophisticated...
The analysis of the threats of identity theft and infection of websites indicates that antivirals are ineffective for websites, because hosting does not conduct continuous monitoring for viruses on their servers due to large amounts of user data, and RAID cannot save data, because they only duplicate them, and in the case of infection with a virus they merely memorize a changed file. We have developed...
The sophistication of novel strains of polymorphic viruses, such as Stuxnet, has increased over the last decade. Traditional tools such as anti-virus, firewalls, intrusion detection/prevention systems, etc. may be incapable of detecting such strains. As a result, new methods need to be introduced in order to detect this family of malware. Combining dynamic malware analysis techniques with machine...
In recent years, malicious software has affected and overshadowed personal computer and computer network securities. For this reason, searching for innovative solutions to detect malware has become increasingly important. In this paper, we develop a malware detection method using similarity measurement algorithms. The purpose of the proposed method is to improve the malware detection rate and detection...
Antivirus systems have difficulty in detecting polymorphic variants of known viruses without explicit signatures for such variants. Initial work on investigating efficient and effective string-based approaches for the automatic generation of signatures for the identification of some or all new polymorphic variants, was initially encouraging. That initial work was restricted by a number of experimental...
Recent research work shows that feature fusion technique is not widely used in computer virus detection. Viruses generated from kits like NGVCK are detected effectively using feature fusion approach. Our purpose is to examine various flavours of feature fusion approach in virus detection.
The security risks incurred by the spread of malware in computer and wireless networks can be reduced by the immunization of nodes, using security and antivirus patches. Malware, which captures personal and corporate confidential data, induces different damages, including costs generated by the necessity to compensate disclosure of private information, loss of money and social damage caused by loss...
Previous research has shown that hidden Markov model (HMM) is a compelling option for malware identification. However, some advanced metamorphic malware have proven to be more challenging to detect with these techniques. In this paper, we separated the importance of the some part of the malware files to train the HMMs aiming at extracting the significant sequences of malware opcodes. These parts have...
The proposed non-signature based system creates a meta feature space for the detection of metamorphic malware samples where three sets of features are extracted from the files: (a) branch opcodes (b) unigrams (c) bigrams. The feature space is initially pruned using Naïve Bayes method. After the rare feature elimination process, the relevant opcodes that are highly contributing towards the target class...
The increasing importance of networked control systems makes them inviting targets for cyber attacks. In a virus propagation attack, an adversary attempts to compromise a set of nodes in order to compromise their neighbors via software exploits. When the neighbor of a compromised node has already been compromised by a different virus, a newly-introduced virus can remove, co-exist with, or reinforce...
Most security researchers realize that the effectiveness of antivirus software (AV) is questionable at best. However, people in the general public still use it daily, perhaps for a lack of better alternatives. It is well-known that signature-based detection technique used in almost all commercial and non-commercial AV cannot be completely effective against zero-day malware. Many evaluations conducted...
Metamorphic virus detection is one of the most challenging tasks of antivirus software and the most difficult ones are among known viruses. In this article we have used Bayesian network to recognize these kinds of viruses. The body of these virusesis made of assembly codes. At first opcodes are extracted as 1-gram from virus body, these opcodes are known as the characteristics of Bayesian network...
In this article, a non-signature based statistical scanner for metamorphic malware detection, employing feature ranking methods like Term Frequency-Inverse Document Frequency-Class Frequency (TF-IDF-CF), Galavotti-Sebastiani-Simi Coefficient (GSS), Term Significance (TS) and Odds Ratio (OR) is proposed. Malware and benign models for classification are created by considering top ranked features obtained...
Since finding and extracting a fixed signature for metamorphic viruses is hard due to the fact that, their shape changes frequently. Virus writers by using obfuscation methods make their viruses undetectable, in order to disable anti viruses to detect them easily, which ends in metamorphic viruses. We used hidden Markov model to propose the Detection Sphere method. We used three elements of a string...
To unfold a solution for the detection of metamorphic viruses (obfuscated malware), we propose a non signature based approach using feature selection techniques such as Categorical Proportional Difference (CPD), Weight of Evidence of Text (WET), Term Frequency-Inverse Document Frequency (TF-IDF) and Term Frequency-Inverse Document Frequency-Class Frequency (TF-IDF-CF). Feature selection methods are...
Virus writers make their viruses undetectable by using obfuscation methods, which ends in metamorphic viruses. We propose a method named detection circle which is based on the hidden Markov Model theory. We have used three elements to characterize a family of viruses: string occurrence probability, specifically-located character occurrence probability, and the amount of virus similarities. For the...
Viruses and malwares spread around mobile networks with the rapid growth of smart cell phone users. In a mobile network, viruses and malwares can cause privacy data leakage and remote listening. Additionally, they can jam wireless servers by sending thousands of spam messages or track user location through GPS. Because of the potential damage of mobile viruses, it is important for us to gain a profound...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.