Your search keyword '"Cryptovirology"' showing total 13 results

1. Anatomy of targeted attacks with smart malware

Author

Şerif Bahtiyar

Subjects

Software_OPERATINGSYSTEMS, Cyber-collection, Computer Networks and Communications, Computer science, Multiple attack, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Information system, Malware, Leverage (statistics), Set (psychology), computer, Expansive, Information Systems

Abstract

The expansive connectivity of information systems has set the stage for pervasive malware to leverage multiple attack vectors and propagation methods. In doing so, this malware has taken on the complexity and richness of the very society it endeavors to control. Defending against it is therefore exceptionally difficult because defense systems have no autonomy in perceiving threats of complex malware and reacting against it. In this paper, smart malware model is defined as emerging complex malware that may be used by defense systems to perceive complex malware and reacting to its attacks. A targeted attack is also presented to show the difficulty of defending systems against smart malware. It is also compared with conventional malware to analyze malware types. Moreover, a numerical study about smart malware is presented to evaluate the proposed model in a more precise manner. The comparison and the numerical study show that our model can be used to perceive smart malware autonomously by automated tools. Copyright © 2017 John Wiley & Sons, Ltd.

Published

2016

2. Improving malware detection using multi-view ensemble learning

Author

Junfeng Wang and Jinrong Bai

Subjects

Software_OPERATINGSYSTEMS, Exploit, Computer Networks and Communications, Computer science, Opcode, Byte, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Ensemble learning, Constant false alarm rate, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Feature (computer vision), 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Data mining, computer, Information Systems

Abstract

The huge influx of new malware is created every day, and those malware have not been previously seen in the wild. Current anti-virus software uses byte signature to identify known malware and has little hope of identifying new malware. Researchers have proposed several malware detection methods based on byte n-grams, opcode n-grams, and format information, and those methods partially capture the distinguishable information between benign and malicious programs. In this study, we design two schemes to incorporate the aforementioned three single-view features and fully exploit complementary information of those features to discover the true nature of a program. Two datasets are used to evaluate new malware detection performance and generalization performance of the proposed schemes. Experimental results indicate that the proposed schemes increase the detection rate of new malware, improve the generalization performance of learning model, and reduce the false alarm rate to 0%. Because malware is hard to disguise itself in every feature view, the proposed schemes are more robust and not easy to be deceived. Copyright © 2016 John Wiley & Sons, Ltd.

Published

2016

3. Smart malware detection on Android

Author

Mihai Carabas, Gary Gibson, Razvan Deaconescu, Lucian Mogosanu, Bogdan Marin, Valentin-Gabriel Voiculescu, and Laura Gheorghe

Subjects

Learning classifier system, Computer Networks and Communications, Computer science, media_common.quotation_subject, computer.software_genre, Computer security, Cryptovirology, Malware, Android (operating system), computer, Classifier (UML), Mobile device, Private information retrieval, Information Systems, Reputation, media_common

Abstract

Nowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current commercial antivirus solutions use static signatures for malware detection, which may fail to detect different variants of the same malware and zero-day attacks. In this paper, we present a behavior-based, dynamic analysis security solution, called Android Malware Detection System, for detecting both well-known and zero-day malware. The proposed solution uses a machine learning classifier in order to differentiate between the behaviors of legitimate and malicious applications. In addition, it uses the application statistics for determining its reputation. The final decision is based on a combination of the classifier's result and the application reputation. The solution includes a unique and extensive set of data collectors, which gather application-specific data that describe the behavior of the monitored application. We evaluated our solution on a set of legitimate and malicious applications and obtained a high accuracy of 0.985. Our system is able to detect zero-day malware samples that are not detected by current commercial solutions. Our solution outperforms other similar solutions running on mobile devices. Copyright © 2015 John Wiley & Sons, Ltd.

Published

2015

4. An effective behavior-based Android malware detection system

Author

Jing Zhang, Xiaodong Lin, and Shihong Zou

Subjects

Software_OPERATINGSYSTEMS, Cyber-collection, Computer Networks and Communications, business.industry, Computer science, Decision tree, computer.software_genre, Computer security, Machine learning, Cryptovirology, Naive Bayes classifier, Malware, Behavioral analytics, Artificial intelligence, Android (operating system), business, Asprox botnet, computer, Information Systems

Abstract

With the rapid growth of Android applications and malware, it has become a challenge to distinguish malware from a huge number of applications. The use of behavioral analytics is one of the most promising approaches because of its accuracy and resilience to malware variants. In this paper, we propose a behavior-based malware detection system. Firstly, it uses Android APIs and libc Bionic libc function calls along with their arguments to describe sensitive application behaviors. Secondly, it conducts behavior analysis and malware detection using machine learning techniques, including Support Vector Machine, Naive Bayes, and Decision Tree. The experiments are conducted with 1136 real-world samples that are composed of various types of malware and benign applications. The evaluation results show that our system can effectively detect Android malware. In addition, we compare our system with the other behavior-based malware detection system, and the comparison results show the advantage of our system on malware detection. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014

5. Frequent sub-graph mining for intelligent malware detection

Author

Hooman Raesi and Mojtaba Eskandari

Subjects

Common code, Computer Networks and Communications, Computer science, media_common.quotation_subject, Feature extraction, Learning models, computer.software_genre, Graph, Programming style, Cryptovirology, Control flow, Malware, Data mining, computer, Information Systems, media_common

Abstract

Malware is a serious threat that has caused catastrophic disasters in recent decades. To deal with this issue, various approaches have been proposed. One effective and widely used method is signature-based detection. However, there is a substantial problem in detecting new instances; therefore, this method is solely useful for second malware attacks. In addition, owing to the rapid proliferation of malware and the significant human effort requirement to extract signatures, this approach is an inadequate solution; thus, an intelligent malware detection system is required. One of the major phases of such a system is feature extraction, used to construct a learning model. This paper introduces an approach to generate a group of semantic signatures, represented by a set of learning models, in which various features indicate the different programming styles of the execution files. A set of these signatures is obtained by mining frequent sub-graphs, common code sub-structures employed for malware writing, in a group of control flow graphs. The experimental results depict an improved F-measure rate in comparison with the classic graph-based approach. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014

6. A dynamic malware analyzer against virtual machine aware malicious software

Author

Tankut Acarman and Abdurrahman Pektaş

Subjects

Software_OPERATINGSYSTEMS, Cyber-collection, Computer Networks and Communications, Computer science, Windows Registry, Evasion (network security), computer.software_genre, Computer security, Obfuscation (software), Cryptovirology, Virtual machine, Malware, Malware analysis, computer, Information Systems

Abstract

Nowadays, cyber-world is being enriched by a large variety of digital information technology-based services. An increasing rate of remote and mobile usage leads to a remarkable dependency on information security. Analysis and detection of malicious software or so-called malware is a challenging task due to the introduction of advanced obfuscation techniques by malware authors. In this study, we mainly concentrate on anti-virtual machine evasion techniques to provide secure and reproducible environments for malware analysis and its implementation issues. Malwares are identified on the basis of their behaviors by taking precautions related to the anti-virtual machine detection techniques. The dynamic malware analyzer tool is deployed to execute anti-virtual machine-aware malware samples in VMware environment. Dynamic malware analyzer monitors system resources such as connections, processes, windows registry, and file operations. Success ratio of detection is tested by using public malware sets with an accuracy of 92%. The effectiveness and success of the behavior-based malware analyzer tool is exploited and current state of the art of malware detection schemes is presented. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

7. Secure and transparent network traffic replay, redirect, and relay in a dynamic malware analysis environment

Author

Yu-Sung Wu, Tzung-Bi Shih, Yuan-Cheng Lai, and Ying-Dar Lin

Subjects

business.product_category, Computer Networks and Communications, Computer science, business.industry, Botnet, Computer security, computer.software_genre, Internet security, law.invention, Cryptovirology, Relay, law, Internet access, Malware, The Internet, Malware analysis, business, computer, Information Systems

Abstract

Dynamic analysis is typically performed in a closed network environment to prevent the malware under analysis from attacking machines on the Internet. However, many of today's malwares require Internet connectivity to operate and to be thoroughly analyzed in a closed network environment. We propose a secure and transparent network environment that allows the malware in a dynamic analysis environment to have seemingly unrestricted Internet access in a secure manner. Our environment transparently dispatches malicious network traffic to compatible decoys while allowing harmless control traffic to have Internet access. We use 12 real-world malware samples, which involve Internet connections, to evaluate the effectiveness of the proposed environment. The evaluation shows that the proposed environment can allow malware to exhibit more network activities than a closed network environment and can even outperform the baseline open network environment in some cases. In the meantime, Internet security is maintained by the dispatching of attack and propagation traffic to decoys inside the analysis environment. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

8. Privacy theft malware multi-process collaboration analysis

Author

Lejun Fan, Jinming Li, Xueqi Cheng, Shuyuan Jin, and Yuanzhuo Wang

Subjects

Traffic analysis, Computer Networks and Communications, Privacy software, Process (engineering), Computer science, Sample (statistics), Petri net, computer.software_genre, Computer security, Inside information, Cryptovirology, World Wide Web, Malware, computer, Information Systems

Abstract

Privacy theft malware has become a serious and challenging problem to cyber security. Previous methods are of different categories: one focuses on the outbound network traffic and the other one dives into the inside information flow of the program. We incorporate dynamic behavior analysis with network traffic analysis and present an abstract model called Privacy Petri Net PPN, which is more applicable to various kinds of malware and more understandable to users. In consideration of the multi-process technique adopted by new malware, we also model the collaborative behaviors between different malicious functionality modules with PPN. We apply our approach to real-world malware, and the experiment result shows that our approach can effectively find categories, content, source, and destination of the privacy theft behavior of the malware sample. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

9. Malware detection by applying knowledge discovery processes to application metadata on the Android Market (Google Play)

Author

Peter Teufl, Andreas Fitzek, Stefan Kraxberger, Clemens Orthacker, Michaela Ferk, and Daniel Hein

Subjects

Traffic analysis, Computer Networks and Communications, Computer science, Computer security, computer.software_genre, World Wide Web, Cryptovirology, Metadata, Knowledge extraction, Software inspection, Malware, Malware analysis, Android (operating system), computer, Information Systems

Abstract

Recent smartphone platforms based on new operating systems, such as iOS, Android, or Windows Phone, have been a huge success in recent years and open up many new opportunities. Unfortunately, 2011 also showed us that the new technologies and the privacy-related data on smartphones are also increasingly interesting for attackers. Especially, the Android platform has been the favorite target for malware, mainly because of the openness of the platform, the ability to install applications from other sources than the Android Market, and the significant gains in market share. Although the processes of detecting and analyzing malware are well known from the PC world, where the arms race between attackers and defenders has continued for the past 15years, they cannot be directly applied to smartphone platforms because of differences in the hardware and software architectures. In this paper, we first give an overview of the current malware situation on smartphone platforms with a special focus on Android and explain relevant malware detection and analysis methods. It turns out that most of the current malware relies on the installation by the user, who represents the last line of defense in malware detection. With these conclusions, we then present a new malware detection method that focuses on the information that the user is able to see prior to the installation of an application-the metadata within the platform's software market. Depending on the platform, this includes the application's description, its permissions, the ratings, or information about the developer. To analyze these data, we use sophisticated knowledge discovery processes and lean statistical methods. By presenting a wide range of examples based on real application metadata extracted from the Android Market, we show the possibilities of the new method. With the possibilities, we argue that it should be an essential part of a complete malware analysis/detection chain that includes other well-known methods such as network traffic analysis, or static, or dynamic code inspection. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

10. A proactive approach to intrusion detection and malware collection

Author

Sheng-Tzong Cheng, Ruei Yu Zeng, and Chia-Mei Chen

Subjects

Software_OPERATINGSYSTEMS, Honeypot, Computer Networks and Communications, Computer science, Botnet, Intrusion detection system, Computer security, computer.software_genre, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Attack patterns, Malware, Malware analysis, computer, Asprox botnet, Information Systems

Abstract

Network continues to be under various attacks every day. One common attack is to use password guessing to intrude a machine and then to inject malware or botnet for future control. To develop counter measures, honeypot technique, which simulates a real system, is often used for capturing attack patterns, malware or botnet, and malware download sites. However, neither low-interaction nor medium-interaction honeypot could simulate well the behaviors in a true system as a result of the inborn restrictions in the technology so that the honeypot might be discovered by an attacker or malware. This study proposes a new honeypot system, Jingu, which is constructed with a true environment plus protection mechanism from being circumvented. The proposed high-interactive honeypot system, Jingu, can achieve the following goals: (1) not be perceived by attackers; (2) to protect against being attacked; (3) to record and learn attack behaviors; (4) to capture malware; and (5) to collect valuable information for detection purpose. Jingu has been deployed on a real network for 2 years. Comparing with the low-interactive honeypot, honeyd, Jingu can successfully catch attack behaviors as well as can capture malware. The results show that the proposed system is able to block real attacks and to collect valuable information for future detection and malware analysis. Copyright © 2012 John Wiley & Sons, Ltd.

Published

2012

11. What you see predicts what you get-lightweight agent-based malware detection

Author

Gang Xu, Ilona Murynets, Christopher Van Wart, Jeffrey Bickford, and Wei Wang

Subjects

Short Message Service, Computer Networks and Communications, Computer science, business.industry, Computer security, computer.software_genre, Mobile malware, law.invention, Cryptovirology, Bluetooth, law, Malware, Multimedia Messaging Service, Android (operating system), business, computer, Mobile device, Information Systems, Computer network

Abstract

Because of the always connected nature of mobile devices, as well as the unique interfaces they expose, such as short message service (SMS), multimedia messaging service (MMS), and Bluetooth, classes of mobile malware tend to propagate using means unseen in the desktop world. In this paper, we propose a lightweight malware detection system on mobile devices to detect, analyze, and predict malware propagating via SMS and MMS messages. We deploy agents in the form of hidden contacts on the device to capture messages sent from malicious applications. Once captured, messages can be further analyzed to identify a message signature as well as potentially a signature for the malicious application itself. By feeding the observed messages over time to a latent space model, the system can estimate the current dynamics and predict the future state of malware propagation within the mobility network. One distinct feature of our system is that it is lightweight and suitable for wide deployment. The system shows a good performance even when only 10% of mobile devices are equipped with three agents on each device. Moreover, the model is generic and independent of malware propagation schemes. We prototype the system on the Android platform in a universal mobile telecommunications system laboratory network to demonstrate the feasibility of deploying agents on mobile devices as well as collecting and blocking malware-carrying messages within the mobility network. We also show that the proposed latent space model estimates the state of malware propagation accurately, regardless of the propagation scheme. Copyright © 2012 John Wiley & Sons, Ltd.

Published

2012

12. MalPEFinder: fast and retrospective assessment of data breaches in malware attacks

Author

Shun-Te Liu and Yi-Ming Chen

Subjects

Computer Networks and Communications, business.industry, Computer science, Information technology, Data breach, computer.file_format, Computer security, computer.software_genre, Cryptovirology, Malware, Executable, False positive rate, business, computer, Scope (computer science), Information Systems, Portable Executable

Abstract

A successful data breach is often caused by malware installed by attackers. In a large-scale computer environment, it is difficult and costly for information technology managers to identify the victims and to assess the scope of the data breach when a malware attack occurs. Therefore, a quick and retrospective mechanism that can find victims is required. One such technology is Search. However, most search techniques are not designed for searching executable files; indeed, they become worse in identifying malware files because of polymorphism and/or metamorphism. In this paper, we propose a portable executable format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware-related files retrospectively. Based on these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. Furthermore, the possibly breached files also can be identified. A MalPEFinder prototype has been implemented on the hadoop platform in order to perform three functions: (i) searching retrospectively; (ii) protecting evidence against tampering; and (iii) dealing with future data growth. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous splunk tool. Copyright © 2011 John Wiley & Sons, Ltd.

Published

2011

13. Monitoring, analysis, and filtering system for purifying network traffic of known and unknown malicious content

Author

Yuval Fledel, Dennis Potashnik, Yuval Elovici, Robert Moskovitch, and Asaf Shabtai

Subjects

Computer Networks and Communications, Computer science, Network security, business.industry, Process (computing), Internet traffic, Computer security, computer.software_genre, Cryptovirology, Identification (information), Upload, Malware, The Internet, Data mining, business, computer, Information Systems

Abstract

The early detection, alert and response (eDare) framework is presented in this paper. The goal of this framework is to address the risks stemming from malicious software propagating via networks operated by Internet/network service providers (ISP/NSP). To achieve this goal, eDare employs network-based traffic scanning appliances that enable sanitation of Internet traffic of known malware. Remaining traffic is extracted and various types of algorithms are invoked in an attempt to detect instances of previously un-encountered malware and to generate a unique and simple byte-string signature for such malware. That signature is immediately uploaded to the aforementioned network traffic scanners. To augment judgments of the algorithms, human experts are consulted for assistance in classifying files suspected of being malware about which the automatic detection algorithms are not sufficiently decisive. Finally, collaborative feedback and tips from end-users are meshed into the identification process. This makes tackling of suspect files, whose impact can be assessed on a large, distributed scale, possible. The system incorporates static and behavioral analysis of malware and novel automatic signature generation algorithm. eDare was implemented and tested using an evaluation environment especially developed for that purpose. The results suggest that eDare can detect and remove unknown malware effectively. Copyright © 2010 John Wiley & Sons, Ltd.

Published

2010