The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Even though promising results have been obtained from existing research on bots and associated command and control channels, there is little research in exploring the ways on how bots are created and distributed by adversaries. Consequently, innovative methods that help determine the linkage between the rogue programs and adversaries are imperative for mitigating and combating botnet attacks. Recent...
In this paper we're dealing with the problem of detecting malware using behaviour model. For better malware description we have divided this model into two parts — malware spreading model and malware statistical behavioural model. Spreading models are typical epidemiological models like SI model, advanced SIR and SEIR models and empiric file spreading model. In statistical behavioural model we're...
This document gives an overview over current research within the security group at Friedrich-Alexander-University Erlangen-Nuremberg, Germany, and attempts to describe the future research roadmap of the group. This roadmap is structured around the landscape of cyber crime with its three main groups of actors (attackers, users and investigators) and their main activities and deficits: attack and evasion...
In order to exterminate a botnet, we have to trace a botnet and arrest its botmaster. In this paper, we make a model of communication pattern of a C&C server that sends/receives packets to/from the botmaster. Then we discuss how botmaster trace back can be achieved. We describe which communication patterns we should focus on to find the botmaster or upper C&C servers. Furthermore, we propose...
We will focus in this paper to improve the level of intrusion detection system (IDS). This improvement is based on three research areas: classification of attacks, generation of attack scenarios and finally evaluation methods. We will discuss in this article the second area, which consists on the research of meaningful scenarios in order to minimize false and positive alerts reported by an IDS. We...
The last decade has witnessed the emergence of a plethora of approaches for securing financial transactions over the Internet. During the same period, attacks have matured from isolated exploits to an organized e-criminal industry. In the midst of this evolution stood the End User, whose instances have often been neglected under the assumption that refunding financial losses is all that mattered....
Given the proliferation of malware and malicious activities, the integrity of communication systems is an ever growing concern. In this work, we propose StaticTrust, an integrity measurement framework which enables a system to evaluate the integrity and state of a remote client prior to providing trusted communication services. StaticTrust is designed for a specific class of network devices that have...
In July 2009, surprising large-scale Distributed Denial-of-Service (DDoS) attacks simultaneously targeted US and South Korean government, military, and commercial websites. Initial speculation was that this was well-designed cyber warfare from North Korea, but the truth is still unknown. What was even more surprising was how these critical infrastructures were still vulnerable after a decade of research...
Botnets are a combination of cyber attack, infection, and dissemination, and they become one of the most severe threats on the Internet. Cross the Internet, the infected host might launch any kind of attacks such as DDoS (Distributed Denial-of-Service) or Phishing. Comparing with botnets using other command-and-control (C&C) channels, web-based botnets are difficult to detect, because the C&C...
We propose a trusted computing module based secure electronic transaction architecture, which uses trusted equipment as the identity authentication and transaction authorization terminal. The framework binds authentication and authorization in e-transaction operations and guarantee the secure sensitive operation is executed properly in an isolated, trusted, auditable environment. Our approach thwarts...
The following topics are dealt with: Malware; code reverse engineering tools; anti-spam techniques; anti-phishing techniques; social networking; cloud computing; and wireless mobile devices.
Nowadays, botnets are among the topmost network threats by combining innovative hacking capabilities. This is due to the fact that they are constantly improved by hackers to become more resilient against detection and debugging techniques. In this respect, we analyze one of the most prominent botnets, namely Mariposa, which infected more than 13 million computers that are located in more than 190...
In this paper, we present our reverse engineering results for the Zeus crimeware toolkit which is one of the recent and powerful crimeware tools that emerged in the Internet underground community to control botnets. Zeus has reportedly infected over 3.6 million computers in the United States. Our analysis aims at uncovering the various obfuscation levels and shedding the light on the resulting code...
As we can see from the recent cyber terrors, the cyber terror is becoming more complicated, intelligent, and causing more damage. To react more effectively to the future cyber terrors, it will be necessary to anticipate new cyber terror techniques and devise the preventive measures for the possible vulnerabilities of the system before the hackers actually disable the system. This paper designs and...
The Internet and the Web have brought about a revolution in the way people live, obtain information, and interact with others. They have also brought about major changes in governance and commerce. Unfortunately, just as in the offline world, the transgressions of a minority of the people inhabiting the online world have made it costly and unhappy for the great majority of the people. This paper reviews...
Modern attacks are being made against client side applications, such as web browsers, which most users use to surf and communicate on the internet. Client honeypots visit and interact with suspect web sites in order to detect and collect information about malware to protect users from malicious websites or to allow security professionals to investigate malicious content. This paper will present the...
Phishing is a combination of social engineering and technical deception to steal consumer's personal identity data and financial account credentials. Even though there are numerous methods reported to avoid Phishing each method has its own limitations. The proposed method addresses one of the limitations in Transaction Authentication Number method. The proposed method was implemented and tested in...
Financial botnets, those specifically aimed at carrying out financial fraud, represent a well-known threat for banking institutions all around the globe. Unfortunately, these malicious networks are responsible for huge economic losses or for conducting money laundering operations. Contrary to DDoS and spam malware, the stealthy nature of financial botnets requires new techniques and novel research...
Web content plays an important role in the contemporary information economy. Even though web content is used to generate advertising revenues for authors, and serves as an important reference and knowledge discovery resource for readers, proving original authorship and preventing plagiarism are not easy on the Internet. This paper presents the design and analysis of an automatic cryptography based...
We present behavioral pattern analysis of fast flux service networks (FFSNs) using our database of FFSNs collected over a period of 12 months with our real-time fast flux network detection algorithm [1]. FFSNs exploit a network of compromised machines (zombies) for illegal activities such as spam campaigns, phishing scams and malware delivery using DNS record manipulation techniques. Our results,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.