The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We present the MASSE architecture, a YARA-based open source client-server malware detection platform. MASSE includes highly effective automated syntactic malware detection rule generation for the clients based on a server-side modular malware detection system. Multiple techniques are used to make MASSE effective at detecting malware while keeping it from disrupting users and hindering reverse-engineering...
Malicious software poses a great risk to critical infrastructure. Researchers have proposed numerous ways to analyze malware behavior in order to understand and respond to this threat. However, only little attention has been paid to the organization of the malware analysis process itself. In this paper we present the Malware Analysis and Storage System (MASS), a novel framework for malware analysis...
Devices infected with malicious software typically form botnet armies under the influence of one or more command and control (C&C) servers. The botnet problem reached such levels where federal law enforcement agencies have to step in and take actions against botnets by disrupting (or “taking down”) their C&Cs, and thus their illicit operations. Lately, more and more private companies have...
With the growth of the known malware to more than 600 millions according to AVTest this year, every security solution developed different methods for detecting malicious content. Whether this method consists in signature based detection, emulation, heuristics or different techniques of machine learning, one thing remains a constant in this procedure: a need for a cleanset — a large collection of clean...
With the development of cyber threats on the Internet, the number of malware, especially unknown malware, is also dramatically increasing. Since all of malware cannot be analyzed by analysts, it is very important to find out new malware that should be analyzed by them. In order to cope with this issue, the existing approaches focused on malware classification using static or dynamic analysis results...
There is no doubt that security issues are on the rise and defense mechanisms are becoming one of the leading subjects for academic and industry experts. In this paper, we focus on the security domain and envision a new way of looking at the security life cycle. We utilize our vision to propose an asset-based approach to countermeasure zero day attacks. To evaluate our proposal, we built a prototype...
In recent years, smart phone becomes more and more popular. At the same time, the security threat of smart phone is growing. According to “Motive Security Labs Malware Report-H1 2015” [1] report, the number of Android malware is growing year by year. Many researchers focus on the security of Android applications based on permission. Felt et al. [2] designed the stowaway tool to detect the application's...
Nowadays, the attacks on the Internet are becoming more complex, advanced and concealed. A large number of security threats arise. The signature-based detection technology is efficient and simple which is widely used for malicious codes detection system. In this paper, we firstly focus on the principle of the method, and summarize the specific steps to implement it, especially feature extraction,...
Ransomware has become the most threatening malware which takes out money from their victims by threatening them that they have been caught accessing illegal websites or in other illegitimate activities. Ransomware has not spared even a single operating system. Windows, IOS, Android and even Linux have been attacked by ransomware and none of them was able to protect its users from its threat. Since...
With the continuous and rapid increase in quantity and diversity of Smartphone application usage, the storage of sensitive personal and even financial information of the users is also being augmented. It creates motivation for developers of malicious applications to put more effort on discovering ways to identify and exploit the vulnerabilities of utility applications and grab the sensitive information...
Development and dissemination of malicious software requires the creation of new methods for their detection. Therefore we began to use proactive technologies that use the test program to detect the presence of certain symptoms, often occurring in malware. Dynamic analysis of the studied program launched for execution. There is a study of how the program interacts with the software environment that...
The paper deals with the increase of protection systems' efficiency by means of the Honeypot technology. The design principles of this technology are described. We propose several ways of the file storages effective organization. Plans of collecting statistical information on malefactor's actions are discussed. Also the efficiency of the suggested approach is estimated.
Malware is an international software disease. Research shows that the effect of malware is becoming chronic. To protect against malware detectors are fundamental to the industry. The effectiveness of such detectors depends on the technology used. Therefore, it is paramount that the advantages and disadvantages of each type of technology are scrutinized analytically. This study's aim is to scrutinize...
Cross site scripting (XSS) is a kind of common attack nowadays. The attack patterns with the new technical like HTML5 that makes detection task getting harder and harder. In this paper, we focus on the browser detection mechanism integrated with HTML5 and CORS properties to detect XSS attacks with the rule based filter by using browser extensions. Further, we also present a model of composition pattern...
Cloud Computing is the key technology of today's cyber world which provides online provisioning of resources on demand and pay per use basis. Malware attacks such as virus, worm and rootkits etc. are some threats to virtual machines (VMs) in cloud environment. In this paper, we present a system call analysis approach to detect malware attacks which maliciously affect the legitimate programs running...
HTTP is recognized as the most widely used protocol on the Internet when development of applications is transferred more and more onto the web. Therefore, malicious developers trend to exploit HTTP as a communication media environment to spread forbidden actions. Detection of malicious HTTP communication is a really huge challenging job since the malicious HTTP communication is transparently merged...
Nowadays, there are significant amounts of malware codes that are created every day. However, the majority of these samples (malware) are variations of other malware that have been already identified. Therefore, most of the analyzed malware have similar structure among them. In this investigation, we will present a technic to extract features throughout different abstraction levels in order to classify...
With the rapid advancement of technology today, smartphones become more and more powerful and attract a huge amount of users with new features provided by mobile device operating systems such as Android. However, due to its security vulnerability, hackers and cybercriminals constantly attack Android mobile devices. Thus, research on effective and efficient mobile threat analysis becomes an emerging...
In recent years, the use of smart devices is becoming increasingly popular. All kinds of mobile applications are emerging. In addition to the official market, there are also many ways to allow users to download the mobile app. As unidentified instances of malware grow day by day, off-the-shelf malware detection methods identify malicious programs mainly with extracted signatures of codes, which only...
Botnet is a collection of infected computers i.e. collection of zombie PCs which are remotely controlled by a single person or a group so called botmaster. In the recent years, botnets are becoming stealthier in nature by implanting certain techniques to hide themselves such as fast flux or DGA algorithms to generate the domain names. Generally, the class of botnet can be categorized into two major...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.