Your search keyword '"malicious code"' showing total 533 results

1. Sustainability of Web Application Security Using Obfuscation: Techniques and Effects

Author

AlSufaian, Raghad A., AlQahtani, Khaireya H., AlAjmi, Rana M., AlMoussa, Roa A., AlGhamdi, Rahaf A., Saqib, Nazar A., Abdus Salam, Asiya, Kacprzyk, Janusz, Series Editor, Hamdan, Allam, editor, and Aldhaen, Esra Saleh, editor

Published

2024

2. MARCO ZERO: AS ORIGENS DA GUERRA CIBERNÉTICA ORQUESTRADA PELOS ESTADOS UNIDOS PARA ATINGIR A REPÚBLICA ISLÂMICA DO IRÃ (2007-2010).

Author

Casalunga, Fernando H., Munhoz Svartman, Eduardo, and Cardoso Reis, Bruno

Subjects

INFORMATION technology, INFRASTRUCTURE (Economics), NON-state actors (International relations), CYBERSPACE, MILITARY science, IRANIANS, CYBERTERRORISM, NUCLEAR accidents

Abstract

Copyright of Relações Internacionais is the property of Relacoes Internacionais and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

3. Log Poisoning Attacks in IoT: Methodologies, Evasion, Detection, Mitigation, and Criticality Analysis

Author

Haitham Ameen Noman, Osama M. F. Abu-Sharkh, and Sinan Ameen Noman

Subjects

Cyber attacks, log poisoning, log injection, Internet of Things (IoT), malicious code, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Log poisoning is a cyber-attack where adversaries manipulate systems’ log files to conceal their activities or execute malicious codes. This paper thoroughly examines log poisoning attacks, focusing on demonstrating methodologies applied to prevalent Internet of Things (IoT) platforms, such as the Raspberry Pi. We introduce a novel technique that circumvents the protective mechanisms of Linux-based devices, which truncates the injected malicious code in sensitive log files. Furthermore, a novel persistence technique that allows the attacker to maintain a persistent connection with the Linux-based target device was introduced. Moreover, we propose an evasive technique that enables adversaries to effectively conceal their log poisoning attacks by executing them through encrypted tunnels using a virtual private network (VPN). Through Intrusion Modes and Criticality Analysis (IMECA), we analyze the severity and potential impact of these attacks and propose mitigation strategies to avoid the occurrence of such attacks in order to maintain the confidentiality, integrity, and reliability of IoT ecosystems. To counteract the threat, we design a Python script that detects and mitigates log poisoning attacks, specifically against malicious codes injected into logs, without requiring the log file to be set as executable.

Published

2024

4. Enhancing Malicious Code Detection With Boosted N-Gram Analysis and Efficient Feature Selection

Author

Nastooh Taheri Javan, Majid Mohammadpour, and Seyedakbar Mostafavi

Subjects

Boosting, classifier ensemble, feature selection, genetic algorithms, malicious code, N-gram analysis, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

A fundamental challenge in virology research lies in effectively detecting malicious code. N-gram analysis has become a cornerstone technique, but selecting the most informative features, especially for longer n-grams, remains crucial for efficient detection. This paper addresses this challenge by introducing a novel feature extraction method that leverages both adjacent and non-adjacent bi-grams, providing a richer set of information for malicious code identification. Additionally, we propose a computationally efficient feature selection approach that utilizes a genetic algorithm combined with Boosting principles. Our experimental results show that this detection system significantly outperforms existing methods in virus detection accuracy. The system improves detection accuracy by 15% and reduces false positives by 20% compared to traditional n-gram techniques. Additionally, it cuts computational overhead by about 30%, making it suitable for real-time applications. These advancements demonstrate the effectiveness and practicality of our approach. Future research will focus on applying our methods to polymorphic viruses and other malware to further enhance their robustness and applicability.

Published

2024

5. A New Malicious Code Classification Method for the Security of Financial Software.

Author

Xiaonan Li, Qiang Wang, Conglai Fan, Wei Zhan, and Mingliang Zhang

Subjects

FINANCE software, MALWARE, CONVOLUTION codes, INTERNET security, COMPUTER networks

Abstract

The field of finance heavily relies on cybersecurity to safeguard its systems and clients from harmful software. The identification of malevolent code within financial software is vital for protecting both the financial system and individual clients. Nevertheless, present detection models encounter limitations in their ability to identify malevolent code and its variations, all while encompassing a multitude of parameters. To overcome these obstacles, we introduce a lean model for classifying families of malevolent code, formulated on Ghost-DenseNet-SE. This model integrates the Ghost module, DenseNet, and the squeeze-and-excitation (SE) channel domain attention mechanism. It substitutes the standard convolutional layer in DenseNet with the Ghost module, thereby diminishing the model's size and augmenting recognition speed. Additionally, the channel domain attention mechanism assigns distinctive weights to feature channels, facilitating the extraction of pivotal characteristics of malevolent code and bolstering detection precision. Experimental outcomes on the Malimg dataset indicate that the model attained an accuracy of 99.14% in discerning families of malevolent code, surpassing AlexNet (97.8%) and The visual geometry group network (VGGNet) (96.16%). The proposed model exhibits reduced parameters, leading to decreased model complexity alongside enhanced classification accuracy, rendering it a valuable asset for categorizing malevolent code. [ABSTRACT FROM AUTHOR]

Published

2024

6. Suppression of Malicious Code Propagation in Software-Defined Networking.

Author

Li, Fengjiao and Ren, Jianguo

Subjects

TRAFFIC monitoring, LYAPUNOV functions, ORDER picking systems, COMPUTER simulation, COMPARATIVE studies, SOFTWARE-defined networking

Abstract

The flexibility and programmability of SDN enable dynamic and automated network configuration and traffic routing. However, this also provides more avenues for malicious code propagation, leading to serious risks such as service disruptions and privacy breaches. To address this problem, we first designed three modules to suppress malicious code propagation: the abnormal traffic detection module, the malicious code analysis module, and the abnormal traffic tracing module. Then, the sharing mechanism is introduced. In order to analyze the process of malicious code propagation more clearly, based on the above strategy, this paper introduces the warning node into the classical SIR model, which can be exploited for studying how to control malicious code propagation to prevent large-scale outbreaks. The propagation threshold and equilibrium point of the proposed model are obtained through calculations. By constructing a Lyapunov function, the equilibrium point is proven stable. Finally, numerical simulation results indicate that when the detection rate reaches 90%, approximately 86.3% fewer nodes are infected at the peak point. Through comparative analysis, our system demonstrates optimal performance, validating the effectiveness of the analytical results. [ABSTRACT FROM AUTHOR]

Published

2024

7. Malware Attacks Detection in IoT Using Recurrent Neural Network (RNN).

Author

Alsadhan, Abeer Abdullah, Al-Atawi, Abdullah A., karamti, Hanen, Jameel, Abid, Zada, Islam, and Nguyen, Tan N.

Subjects

RECURRENT neural networks, INTERNET of things, COMPUTER performance, MACHINE learning

Abstract

IoT (Internet of Things) devices are being used more and more in a variety of businesses and for a variety of tasks, such as environmental data collection in both civilian and military situations. They are a desirable attack target for malware intended to infect specific IoT devices due to their growing use in a variety of applications and their increasing computational and processing power. In this study, we investigate the possibility of detecting IoT malware using recurrent neural networks (RNNs). RNN is used in the proposed method to investigate the execution operation codes of ARM-based Internet of Things apps (OpCodes). To train our algorithms, we employ a dataset of IoT applications that includes 281 malicious and 270 benign pieces of software. The trained model is then put to the test using 100 brand-new IoT malware samples across three separate LSTM settings. Model exposure was not previously conducted on these samples. Detecting newly crafted malware samples with 2-layer neurons had the highest accuracy (98.18%) in the 10-fold cross validation experiment. A comparison of the LSTMtechnique to other machine learning classifiers shows that it yields the best results. [ABSTRACT FROM AUTHOR]

Published

2024

8. A Study on AI Profiling Technology of Malicious Code Meta Information

Author

Kim, Dongcheol, Kim, Taeyeon, Kim, Jinsool, Gim, Gwangyong, Kacprzyk, Janusz, Series Editor, and Lee, Roger, editor

Published

2023

9. Unsupervised Anomaly Detection Method Based on DNS Log Data

Author

Jiarong, Wang, Zhongtian, Liang, Fazhi, Qi, Tian, Yan, Jiahao, Liu, Caiqiu, Zhou, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Wang, Wei, editor, Mu, Jiasong, editor, Liu, Xin, editor, and Na, Zhenyu, editor

Published

2023

10. Dynamic and Unified Approach to Distinguish Malicious URL Using LSTM

Author

Velmurugan, A., Albert Mayan, J., Nagarajan, G., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Maurya, Sudhanshu, editor, Peddoju, Sateesh K., editor, Ahmad, Badlishah, editor, and Chihi, Ines, editor

Published

2023

11. Malicious code within model detection method based on model similarity

Author

Degang WANG, Yi SUN, Chuanxin ZHOU, Qi GAO, Fan YANG

Subjects

federated learning, model, model similarity, malicious code, detection, Electronic computers. Computer science, QA75.5-76.95

Abstract

The privacy of user data in federated learning is mainly protected by exchanging model parameters instead of source data.However, federated learning still encounters many security challenges.Extensive research has been conducted to enhance model privacy and detect malicious model attacks.Nevertheless, the issue of risk-spreading through malicious code propagation during the frequent exchange of model data in the federated learning process has received limited attention.To address this issue, a method for detecting malicious code within models, based on model similarity, was proposed.By analyzing the iterative process of local and global models in federated learning, a model distance calculation method was introduced to quantify the similarity between models.Subsequently, the presence of a model carrying malicious code is detected based on the similarity between client models.Experimental results demonstrate the effectiveness of the proposed detection method.For a 178MB model containing 0.375MB embedded malicious code in a training set that is independent and identically distributed, the detection method achieves a true rate of 82.9% and a false positive rate of 1.8%.With 0.75MB of malicious code embedded in the model, the detection method achieves a true rate of 96.6% and a false positive rate of 0.38%.In the case of a non-independent and non-identically distributed training set, the accuracy of the detection method improves as the rate of malicious code embedding and the number of federated learning training rounds increase.Even when the malicious code is encrypted, the accuracy of the proposed detection method still achieves over 90%.In a multi-attacker scenario, the detection method maintains an accuracy of approximately 90% regardless of whether the number of attackers is known or unknown.

Published

2023

12. 基于模型相似度的模型恶意代码夹带检测方法.

Author

汪德刚, 孙奕, 周传鑫, 高琦, and 杨帆

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

13. Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations.

Author

Noman, Haitham Ameen and Abu-Sharkh, Osama M. F.

Subjects

*INTERNET of things, *IEEE 802.11 (Standard), *REVERSE engineering, *INFRASTRUCTURE (Economics), *DATA security failures, *APPLICATION software

Abstract

The Internet of Things (IoT) has transformed various domains in our lives by enabling seamless communication and data exchange between interconnected devices, necessitating robust networking infrastructure. This paper presents a comprehensive analysis of code injection attacks in IoT, focusing on the wireless domain. Code injection attacks exploit security weaknesses in applications or software and can have severe consequences, such as data breaches, financial losses, and denial of service. This paper discusses vulnerabilities in IoT systems and examines how wireless frames in state-of-the-art wireless technologies, which serve IoT applications, are exposed to such attacks. To demonstrate the severity of these threats, we introduce a comprehensive framework illustrating code injection attacks in the wireless domain. Several code injection attacks are performed on Wireless Fidelity (Wi-Fi) devices operating on an embedded system commonly used in IoT applications. Our proof of concept reveals that the victims' devices become further exposed to a full range of cyber-attacks following a successful severe code injection attack. We also demonstrate three scenarios where malicious codes had been detected inside the firmware of wireless devices used in IoT applications by performing reverse engineering techniques. Criticality analysis is conducted for the implemented and demonstrated attacks using Intrusion Modes and Criticality Analysis (IMECA). By understanding the vulnerabilities and potential consequences of code injection attacks on IoT networks and devices, researchers and practitioners can develop more secure IoT systems and better protect against these emerging threats. [ABSTRACT FROM AUTHOR]

Published

2023

14. Dissecting Applications Uninstallers and Removers: Are They Effective?

Author

Botacin, Marcus, Grégio, André, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Susilo, Willy, editor, Chen, Xiaofeng, editor, Guo, Fuchun, editor, Zhang, Yudi, editor, and Intan, Rolly, editor

Published

2022

15. A Learning-Based Feature Extraction Method for Detecting Malicious Code

Author

Ruan, Zhiqiang, Zhou, Lixin, Luo, Haibo, Ye, Xiucai, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Sun, Xingming, editor, Zhang, Xiaorui, editor, Xia, Zhihua, editor, and Bertino, Elisa, editor

Published

2022

16. Machine Learning in Automated Detection of Ransomware: Scope, Benefits and Challenges

Author

Thangapandian, Vani, Xhafa, Fatos, Series Editor, Misra, Sanjay, editor, and Arumugam, Chamundeswari, editor

Published

2022

17. Machine Learning Capability in the Detection of Malicious Agents

Author

Sharma, Anurag, Das, Puja Archana, Ijaz, Muhammad Fazal, Rana, Abu ul Hassan S., Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zhang, Junjie James, Series Editor, Dhar, Sourav, editor, Mukhopadhyay, Subhas Chandra, editor, Sur, Samarendra Nath, editor, and Liu, Chuan-Ming, editor

Published

2022

18. Malicious code in the cloud

Author

Dragan Z. Damjanović

Subjects

malicious code, cloud, malware, intelligence, Military Science, Engineering (General). Civil engineering (General), TA1-2040

Abstract

Introduction/purpose: The paper analyzes the impact of malicious codes in the cloud. Malicious code is an unauthorized piece of code that violates the integrity of an application and infrastructure to cause certain effects, such as security breaches, spread of infections, and data infiltration from the computer with the help of malicious software - this is a simple form of data theft which can lead to disastrous consequences in all segments of society, especially when it comes to national security. To overcome this challenge, it is necessary to detect holes in the safety of cloud environments and repair them before the attackers use these vulnerabilities to bypass the integrated cloud infrastructure. Methods: Structural analysis, functional analysis, comparative analysis, synthesis. Results: There are many factors for collecting, comparing, and delivering intelligence data on cloud threats. Cloud applications are increasingly being targeted because their use to store and share data with mobile application hosting has been increased exponentially, enabling industrial automation and business information monitoring and procurement. In addition, billions of devices on the Internet use the cloud infrastructure as a background for processing and transmitting large data sets. Malicious code is easily distributed due to the ease of sharing documents and files via the cloud. Conclusion: As cloud technologies are taking a central place in the world of digital transformation, the threat to the cloud environment is expected to grow exponentially. This means that organizations need to ensure that the cyber security position of the cloud infrastructure they possess is robust and mature enough to combat all relevant security threats in order to minimize business risks. Understanding the nature of practical security controls and how they are assessed enables organizations to build a practical approach to security and privacy in the cloud.

Published

2022

19. Malicious code dynamic traffic camouflage detection based on deep reinforcement learning in power system

Author

Xiaoqiang Tang and Bingzhe He

Subjects

Reinforcement learning, Malicious code, Dynamic traffic, Camouflage detection, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In order to solve the problem that malicious code intrudes into software in various forms, which leads to its security performance degradation and cannot be used normally, this paper proposes a malicious code dynamic traffic camouflage detection method based on deep reinforcement learning in power system. The average mutual information between codes is calculated by deep reinforcement learning, and the weighted information gain of each code type feature is obtained. Different types of code feature set classifiers are generated, and an optimal classifier is output for each type of code feature set. The features are reduced by Linear Discriminant Analysis (LDA), and the network code is classified according to the extracted features. The potential malicious code is detected according to the explicit rules of deep reinforcement learning. Simulation results show that the detection method can improve the accuracy of malicious code classification, and the detection performance is increased to about 35%.

Published

2022

20. Effective Ransomware Detection Using Entropy Estimation of Files for Cloud Services.

Author

Lee, Kyungroul, Lee, Jaehyuk, Lee, Sun-Young, and Yim, Kangbin

Subjects

*RANSOMWARE, *CLOUD computing, *CLOUD storage, *ENTROPY, *BIG data, *DATA integrity

Abstract

A variety of data-based services such as cloud services and big data-based services have emerged in recent times. These services store data and derive the value of the data. The reliability and integrity of the data must be ensured. Unfortunately, attackers have taken valuable data as hostage for money in attacks called ransomware. It is difficult to recover original data from files in systems infected by ransomware because they are encrypted and cannot be accessed without keys. There are cloud services to backup data; however, encrypted files are synchronized with the cloud service. Therefore, the original file cannot be restored even from the cloud when the victim systems are infected. Therefore, in this paper, we propose a method to effectively detect ransomware for cloud services. The proposed method detects infected files by estimating the entropy to synchronize files based on uniformity, one of the characteristics of encrypted files. For the experiment, files containing sensitive user information and system files for system operation were selected. In this study, we detected 100% of the infected files in all file formats, with no false positives or false negatives. We demonstrate that our proposed ransomware detection method was very effective compared to other existing methods. Based on the results of this paper, we expect that this detection method will not synchronize with a cloud server by detecting infected files even if the victim systems are infected with ransomware. In addition, we expect to restore the original files by backing up the files stored on the cloud server. [ABSTRACT FROM AUTHOR]

Published

2023

21. Classification and Analysis of Malicious Code Detection Techniques Based on the APT Attack.

Author

Lee, Kyungroul, Lee, Jaehyuk, and Yim, Kangbin

Subjects

ANOMALY detection (Computer security), SECURITY systems, SECURITY management, CORPORATION reports, CLASSIFICATION

Abstract

According to the Fire-eye's M-Trends Annual Threat Report 2022, there are many advanced persistent threat (APT) attacks that are currently in use, and such continuous and specialized APT attacks cause serious damages attacks. As APT attacks continue to be active, there is a need for countermeasures to detect new and existing malicious codes. An APT attack is a type of intelligent attack that analyzes the target and exploits its vulnerabilities. It attempts to achieve a specific purpose, and is persistent in continuously attacking and threatening the system. With this background, this paper analyzes attack scenarios based on attack cases by malicious code, and surveys and analyzes attack techniques used in attack cases. Based on the results of the analysis, we classify and analyze malicious code detection techniques into security management systems, pattern-based detection, heuristic-based detection, reputation-based detection, behavior-based detection, virtualization-based detection, anomaly detection, data analysis-based detection (big data-based, machine learning-based), and others. This paper is expected to serve as a useful reference for detecting and preventing malicious codes. Specifically, this article is a surveyed review article. [ABSTRACT FROM AUTHOR]

Published

2023

22. Advances in Cyber Security Paradigm: A Review

Author

Qureshi, Shahana Gajala, Shandilya, Shishir Kumar, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Abraham, Ajith, editor, Shandilya, Shishir K., editor, Garcia-Hernandez, Laura, editor, and Varela, Maria Leonilde, editor

Published

2021

23. Research on a Malicious Code Detection Method Based on Convolutional Neural Network in a Domestic Sandbox Environment

Author

Xing, Jianhua, Sheng, Hong, Zheng, Yuning, Li, Wei, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cheng, Jieren, editor, Tang, Xiangyan, editor, and Liu, Xiaozhang, editor

Published

2021

24. An ensemble framework for interpretable malicious code detection.

Author

Cheng, Jieren, Zheng, Jiachen, and Yu, Xiaomei

Subjects

COMPUTER security, KNOWLEDGE graphs, COMPUTER networks

Abstract

Malicious code is an ever‐growing security threats to computer systems and networks, while malware detection provides effective defense against malicious codes. In this paper, a brief overview is presented on currently prevalent methods to detect malicious codes, including signature‐based methods, behavioral‐based detection and machine learning (ML) based ones. More specifically, the potentially effective malicious features are summarized and the novel methods using ML are deeply discussed. Furthermore, an ensemble interpretable framework is explored for automatic and efficient malicious code detection. Based on the knowledge graph of malware, the novel framework inclines to achieve robust malware detection even confronted with unseen malicious codes. Finally, both advantages and disadvantages are discussed and experimental results are outlined to verify the effectiveness of the novel methods. [ABSTRACT FROM AUTHOR]

Published

2022

25. An Experimental Approach to Unravel Effects of Malware on System Network Interface

Author

Subairu, Sikiru Olanrewaju, Alhassan, John, Misra, Sanjay, Abayomi-Alli, Olusola, Ahuja, Ravin, Damasevicius, Robertas, Maskeliunas, Rytis, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Hirche, Sandra, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Liang, Qilian, Series Editor, Martin, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Möller, Sebastian, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zhang, Junjie James, Series Editor, Jain, Vanita, editor, Chaudhary, Gopal, editor, Taplamacioglu, M. Cengiz, editor, and Agarwal, M. S., editor

Published

2020

26. Impact Analysis of Resilience Against Malicious Code Attacks via Emails.

Author

Chulwon Lee and Kyungho Lee

Subjects

RANSOMWARE, SPAM email, SPAM filtering (Email), EMAIL security, MALWARE, EMAIL spoofing, COVID-19 pandemic, SOCIAL networks

Abstract

The damage caused by malicious software is increasing owing to the COVID-19 pandemic, such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes. Recently, several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration. However, according to the latest research, there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems. Therefore, experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software. In accordance with this trend, we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email. Furthermore, we confirmed that resilience, backup, and restoration were effective factors in responding to phishing emails. In contrast, practical exercise and attack visualization were recognized as having little effect on malware attacks. In conclusion, our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks. [ABSTRACT FROM AUTHOR]

Published

2022

27. Framework for Malware Triggering Using Steganography.

Author

Almehmadi, Lamia, Basuhail, Abdullah, Alghazzawi, Daniyal, and Rabie, Osama

Subjects

CRYPTOGRAPHY, MALWARE, COMPUTER systems, CYBERTERRORISM, INFORMATION technology security, WATERMARKS

Abstract

Teaching offensive security (ethical hacking) is becoming a required component of information security curricula to develop better cybersecurity practitioners. Many academics and industry professionals believe that a good knowledge of the attacks a system can face is required to protect a system. The early detection of an attack is critical to effectively defending a system. We can't wait for threats to be discovered in the wild to begin planning our defenses. For our study, we designed and developed an offensive model that aims to remain concealed in an image until it reaches the target location. Our attack approach exploits image steganography, which involves embedding malicious code and a geolocation code into a digital image. This study aimed to discover new ways to attack computer systems and stimulate awareness of such attacks among browser developers, thus encouraging them to handle images with more care. In our experiments, both stego-image analysis and geolocation techniques are tested. Our experience has confirmed that converting indiscriminate attacks into targeted attacks is possible. [ABSTRACT FROM AUTHOR]

Published

2022

28. MALICIOUS CODE IN THE CLOUD.

Author

Damjanović, Dragan Z.

Subjects

INDUSTRIAL robots, COMMUNICATION infrastructure, DIGITAL transformation, BIG data, MALWARE

Abstract

Copyright of Military Technical Courier / Vojnotehnicki Glasnik is the property of Military Technical Courier / Vojnotehnicki Glasnik and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2022

29. Research on LAN Network Malicious Code Intrusion Active Defense Technology

Author

Ma, Lei, Kang, Ying-jian, Han, Hua, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin (Sherman), Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Gui, Guan, editor, and Yun, Lin, editor

Published

2019

30. Integrated Multi-featured Android Malicious Code Detection

Author

Yu, Qing, Zhao, Hui, Barbosa, Simone Diniz Junqueira, Editorial Board Member, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Yuan, Junsong, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Cheng, Xiaohui, editor, Jing, Weipeng, editor, Song, Xianhua, editor, and Lu, Zeguang, editor

Published

2019

31. Mitigation of Cross-Site Scripting Attacks in Mobile Cloud Environments

Author

Madhusudhan, R., Shashidhara, Barbosa, Simone Diniz Junqueira, Series Editor, Filipe, Joaquim, Series Editor, Kotenko, Igor, Series Editor, Sivalingam, Krishna M., Series Editor, Washio, Takashi, Series Editor, Yuan, Junsong, Series Editor, Zhou, Lizhu, Series Editor, Ghosh, Ashish, Series Editor, Thampi, Sabu M., editor, Madria, Sanjay, editor, Wang, Guojun, editor, Rawat, Danda B., editor, and Alcaraz Calero, Jose M., editor

Published

2019

32. A Comprehensive Survey on Ransomware Attack: A Growing Havoc Cyberthreat

Author

Tandon, Aditya, Nayyar, Anand, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Balas, Valentina Emilia, editor, Sharma, Neha, editor, and Chakrabarti, Amlan, editor

Published

2019

33. Classification and Analysis of Malicious Code Detection Techniques Based on the APT Attack

Author

Kyungroul Lee, Jaehyuk Lee, and Kangbin Yim

Subjects

malicious code, detection technique, attack scenario, attack technique, APT attack, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

According to the Fire-eye’s M-Trends Annual Threat Report 2022, there are many advanced persistent threat (APT) attacks that are currently in use, and such continuous and specialized APT attacks cause serious damages attacks. As APT attacks continue to be active, there is a need for countermeasures to detect new and existing malicious codes. An APT attack is a type of intelligent attack that analyzes the target and exploits its vulnerabilities. It attempts to achieve a specific purpose, and is persistent in continuously attacking and threatening the system. With this background, this paper analyzes attack scenarios based on attack cases by malicious code, and surveys and analyzes attack techniques used in attack cases. Based on the results of the analysis, we classify and analyze malicious code detection techniques into security management systems, pattern-based detection, heuristic-based detection, reputation-based detection, behavior-based detection, virtualization-based detection, anomaly detection, data analysis-based detection (big data-based, machine learning-based), and others. This paper is expected to serve as a useful reference for detecting and preventing malicious codes. Specifically, this article is a surveyed review article.

Published

2023

34. On the undetectability of payloads generated through automatic tools: A human‐oriented approach.

Author

Carpentieri, Bruno, Castiglione, Arcangelo, Palmieri, Francesco, and Pizzolante, Raffaele

Subjects

OBSERVABILITY (Control theory), HAZARDS, ASSETS (Accounting)

Abstract

Nowadays, several tools have been proposed to support the operations performed during a security assessment process. In particular, it is a common practice to rely on automated tools to carry out some phases of this process in an automatic or semiautomatic way. In this article, we focus on tools for the automatic generation of custom executable payloads. Then, we will show how these tools can be transformed, through some human‐oriented modifications on the generated payloads, into threats for a given asset's security. The danger of such threats lies in the fact that they may not be detected by common antivirus (AVs). More precisely, in this article, we show a general approach to make a payload generated through automated tools run undetected by most AVs. In detail, we first analyze and explain most of the methods used by AVs to recognize malicious payloads and, for each one of them, we outline the relative strengths and flaws, showing how these flaws could be exploited using a general approach to evade AVs controls, by performing simple human‐oriented operations on the payloads. The testing activity we performed shows that our proposal is helpful in evading virtually all the most popular AVs on the market. Therefore, low‐skilled malicious users could easily use our approach. [ABSTRACT FROM AUTHOR]

Published

2021

35. A Cost-Effective Algorithm for Selecting Optimal Bandwidth to Clear Malicious Codes

Author

Jichao Bi, Xiaofan Yang, Wanping Liu, and Da-Wen Huang

Subjects

Cyber security, malicious code, bandwidth, node-level epidemic model, constrained optimization, tradeoff problem, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Malicious code has posed a severe threat to modern society. Delivering antivirus program to networks is an important task of a cybersecurity company. As the bandwidth resource in a company is limited and precious, cybersecurity companies have to make a tradeoff between the impact(i.e. the economic loss) of malicious codes and the bandwidth assigned to transmit the antivirus programs. This paper addresses the malicious code and bandwidth tradeoff(MCBT) problem. By developing a novel malicious code and antivirus program interacting model, the total loss, which is the sum of the bandwidth usage fee and the economic loss, is quantified. On this basis, the MCBT problem is modelled as a constrained optimization problem that we refer to as the MCBT model, where the independent variable stands for bandwidth, and the objective function stands for the total loss. Some optimal bandwidth is determined by solving the MCBT model. Based on this, we propose a heuristic algorithm named DOWNHILL, which outperforms random strategies. Finally, the influence of some factors on the optimal bandwidth and the corresponding optimal total loss is uncovered through numerical simulations. To our knowledge, this is the first time the MCBT problem is treated in this way.

Published

2020

36. DroidMark: A Lightweight Android Text and Space Watermark Scheme Based on Semantics of XML and DEX

Author

Zeng, Lingling, Ren, Wei, Lei, Min, Yang, Yu, Xhafa, Fatos, Series editor, Barolli, Leonard, editor, Zhang, Mingwu, editor, and Wang, Xu An, editor

Published

2018

37. Framework for Malware Triggering Using Steganography

Author

Lamia Almehmadi, Abdullah Basuhail, Daniyal Alghazzawi, and Osama Rabie

Subjects

cybersecurity, exploit delivery technique, geolocation, image hacking, malicious code, steganography, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Teaching offensive security (ethical hacking) is becoming a required component of information security curricula to develop better cybersecurity practitioners. Many academics and industry professionals believe that a good knowledge of the attacks a system can face is required to protect a system. The early detection of an attack is critical to effectively defending a system. We can’t wait for threats to be discovered in the wild to begin planning our defenses. For our study, we designed and developed an offensive model that aims to remain concealed in an image until it reaches the target location. Our attack approach exploits image steganography, which involves embedding malicious code and a geolocation code into a digital image. This study aimed to discover new ways to attack computer systems and stimulate awareness of such attacks among browser developers, thus encouraging them to handle images with more care. In our experiments, both stego-image analysis and geolocation techniques are tested. Our experience has confirmed that converting indiscriminate attacks into targeted attacks is possible.

Published

2022

38. 结合局部优化卯自d的Android恶意家族椅测算法.

Author

杜森

Abstract

Copyright of Journal of Computer Engineering & Applications is the property of Beijing Journal of Computer Engineering & Applications Journal Co Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2021

39. An Analysis of the Nature of Spam as Cybercrime

Author

Alazab, Mamoun, Broadhurst, Roderic, Hakim, Simon, Series editor, Blackstone, Erwin A., Series editor, and Clark, Robert M., Series editor

Published

2017

40. Research on Malicious Code Analysis Method Based on Semi-supervised Learning

Author

He, Tingting, Xue, Jingfeng, Fu, Jianwen, Wang, Yong, Shan, Chun, Barbosa, Simone Diniz Junqueira, Series editor, Chen, Phoebe, Series editor, Filipe, Joaquim, Series editor, Kotenko, Igor, Series editor, Sivalingam, Krishna M., Series editor, Washio, Takashi, Series editor, Yuan, Junsong, Series editor, Zhou, Lizhu, Series editor, Xu, Ming, editor, Qin, Zheng, editor, Yan, Fei, editor, and Fu, Shaojing, editor

Published

2017

41. Scripting and Security in Computer Networks and Web Browsers

Author

Kizza, Joseph Migga, Sammes, A.J., Series editor, and Kizza, Joseph Migga

Published

2017

42. Real-Time Malicious Script Blocking Technology at the Host-Level

Author

Oh, SangHwan, Bae, HanChul, Park, Seongmin, Kim, HwanKuk, Xhafa, Fatos, Series editor, Barolli, Leonard, editor, and Yim, Kangbin, editor

Published

2017

43. Analysis on Attack Scenarios and Countermeasures for Self-driving Car and Its Infrastructures

Author

Lim, Dohyun, Park, Kitaek, Choi, Dongjun, Seo, Jungtaek, Xhafa, Fatos, Series editor, Barolli, Leonard, editor, and Yim, Kangbin, editor

Published

2017

44. Cognitive Countermeasures against BAD USB

Author

Lee, Yeunsu, Lee, Hyeji, Lee, Kyungroul, Yim, Kangbin, Xhafa, Fatos, Series editor, Barolli, Leonard, editor, and Yim, Kangbin, editor

Published

2017

45. Secure and Simple: Plug-and-Play Security

Author

Backofen, Dirk and Abolhassan, Ferri, editor

Published

2017

46. E-Commerce Security and Fraud Issues and Protections

Author

Turban, Efraim, Whiteside, Judy, King, David, Outland, Jon, Turban, Efraim, Whiteside, Judy, King, David, and Outland, Jon

Published

2017

47. Logical Attacks on Secured Containers of the Java Card Platform

Author

Volokitin, Sergei, Poll, Erik, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lemke-Rust, Kerstin, editor, and Tunstall, Michael, editor

Published

2017

48. MalProfiler: Automatic and Effective Classification of Android Malicious Apps in Behavioral Classes

Author

La Marra, Antonio, Martinelli, Fabio, Saracino, Andrea, Sheikhalishahi, Mina, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Cuppens, Frédéric, editor, Wang, Lingyu, editor, Cuppens-Boulahia, Nora, editor, Tawbi, Nadia, editor, and Garcia-Alfaro, Joaquin, editor

Published

2017

49. HTML

Author

Newmarch, Jan and Newmarch, Jan

Published

2017

50. Varen zagon nepreverjene programske kode v sistemu PIVO.

Author

Rojec, Žiga

Subjects

*ELECTRICAL engineering, *DISTANCE education, *SECURITY management, *STUDENTS

Abstract

PIVO (Programmer’s Interactive Excercise Environment) is an interactive online practicing tool for algorithmical thinking and programming developed at the Faculty of Electrical Engineering, University of Ljubljana, Slovenia. It is used for independent study, excercising and examination in programming courses. Through the sistem, a student aquires a task, develops a solution in his/hers personal working environment and submits the source code to the server. The code is compiled, run and tested in real time. The submitted code can be incomplete and potentially harmful to the server. This paper proposes techniques for untrusted code sandboxing based on built-in Linux security mechanisms. Using the techiques, PIVO serves multiple users safely and fast. Among the students, the PIVO environment is well accepted, its impacts and positive study improvements are measurable already after only a few semesters of usage. [ABSTRACT FROM AUTHOR]

Published

2021