To see the other types of publications on this topic, follow the link: Malware persistence.
Journal articles on the topic 'Malware persistence'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 27 journal articles for your research on the topic 'Malware persistence.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Gittins, Zane, and Michael Soltys. "Malware Persistence Mechanisms." Procedia Computer Science 176 (2020): 88–97. http://dx.doi.org/10.1016/j.procs.2020.08.010.
Full text
2
Shang, Yilun. "Optimal Control Strategies for Virus Spreading in Inhomogeneous Epidemic Dynamics." Canadian Mathematical Bulletin 56, no. 3 (2013): 621–29. http://dx.doi.org/10.4153/cmb-2012-007-2.
Full textAbstract:
Abstract.In this paper, we study the spread of virus/worm in computer networks with a view to addressing cyber security problems. Epidemic models have been applied extensively to model the propagation of computer viruses, which characterize the fact that infected machines may spread malware to other hosts connected to the network. In our framework, the dynamics of hosts evolves according to a modified inhomogeneous Susceptible-Infectious-Susceptible (SIS) epidemic model with time-varying transmission rate and recovery rate. The infection of computers is subject to direct attack as well as propagation among hosts. Based on optimal control theory, optimal attack strategies are provided by minimizing the cost (equivalently maximizing the profit) of the attacker. We present a threshold function of the fraction of infectious hosts, which captures the dynamically evolving strategies of the attacker and reflects the persistence of virus spreading. Moreover, our results indicate that if the infectivity of a computer worm is low and the computers are installed with antivirus software with high reliability, the intensity of attacks incurred will likely be low. This agrees with our intuition.
3
Xiao, Kaiming, Cheng Zhu, Junjie Xie, Yun Zhou, Xianqiang Zhu, and Weiming Zhang. "Dynamic Defense against Stealth Malware Propagation in Cyber-Physical Systems: A Game-Theoretical Framework." Entropy 22, no. 8 (2020): 894. http://dx.doi.org/10.3390/e22080894.
Full textAbstract:
Stealth malware is a representative tool of advanced persistent threat (APT) attacks, which poses an increased threat to cyber-physical systems (CPS) today. Due to the use of stealthy and evasive techniques, stealth malwares usually render conventional heavy-weight countermeasures inapplicable. Light-weight countermeasures, on the other hand, can help retard the spread of stealth malwares, but the ensuing side effects might violate the primary safety requirement of CPS. Hence, defenders need to find a balance between the gain and loss of deploying light-weight countermeasures, which normally is a challenging task. To address this challenge, we model the persistent anti-malware process as a shortest-path tree interdiction (SPTI) Stackelberg game with both static version (SSPTI) and multi-stage dynamic version (DSPTI), and safety requirements of CPS are introduced as constraints in the defender’s decision model. The attacker aims to stealthily penetrate the CPS at the lowest cost (e.g., time, effort) by selecting optimal network links to spread, while the defender aims to retard the malware epidemic as much as possible. Both games are modeled as bi-level integer programs and proved to be NP-hard. We then develop a Benders decomposition algorithm to achieve the Stackelberg equilibrium of SSPTI, and design a Model Predictive Control strategy to solve DSPTI approximately by sequentially solving an 1+δ approximation of SSPTI. Extensive experiments have been conducted by comparing proposed algorithms and strategies with existing ones on both static and dynamic performance metrics. The evaluation results demonstrate the efficiency of proposed algorithms and strategies on both simulated and real-case-based CPS networks. Furthermore, the proposed dynamic defense framework shows its advantage of achieving a balance between fail-secure ability and fail-safe ability while retarding the stealth malware propagation in CPS.
4
Bibi, Iram, Adnan Akhunzada, Jahanzaib Malik, Muhammad Khurram Khan, and Muhammad Dawood. "Secure Distributed Mobile Volunteer Computing with Android." ACM Transactions on Internet Technology 22, no. 1 (2022): 1–21. http://dx.doi.org/10.1145/3428151.
Full textAbstract:
Volunteer Computing provision of seamless connectivity that enables convenient and rapid deployment of greener and cheaper computing infrastructure is extremely promising to complement next-generation distributed computing systems. Undoubtedly, without tactile Internet and secure VC ecosystems, harnessing its full potentials and making it an alternative viable and reliable computing infrastructure is next to impossible. Android-enabled smart devices, applications, and services are inevitable for Volunteer computing. Contrarily, the progressive developments of sophisticated Android malware may reduce its exponential growth. Besides, Android malwares are considered the most potential and persistent cyber threat to mobile VC systems. To secure Android-based mobile volunteer computing, the authors proposed MulDroid, an efficient and self-learning autonomous hybrid (Long-Short-Term Memory, Convolutional Neural Network, Deep Neural Network) multi-vector Android malware threat detection framework. The proposed mechanism is highly scalable with well-coordinated infrastructure and self-optimizing capabilities to proficiently tackle fast-growing dynamic variants of sophisticated malware threats and attacks with 99.01% detection accuracy. For a comprehensive evaluation, the authors employed current state-of-the-art malware datasets (Android Malware Dataset, Androzoo) with standard performance evaluation metrics. Moreover, MulDroid is compared with our constructed contemporary hybrid DL-driven architectures and benchmark algorithms. Our proposed mechanism outperforms in terms of detection accuracy with a trivial tradeoff speed efficiency. Additionally, a 10-fold cross-validation is performed to explicitly show unbiased results.
5
Waliulu, Raditya Faisal, and Teguh Hidayat Iskandar Alam. "Reverse Engineering Analysis Statis Forensic Malware Webc2-Div." Insect (Informatics and Security): Jurnal Teknik Informatika 4, no. 1 (2019): 15. http://dx.doi.org/10.33506/insect.v4i1.223.
Full textAbstract:
At this paper focus on Malicious Software also known as Malware APT1 (Advance Persistent Threat) codename WEBC2-DIV the most variants malware has criteria consists of Virus, Worm, Trojan, Adware, Spyware, Backdoor either Rootkit. Although, malware could avoidance scanning antivirus but reverse engineering could be know how dangerous malware infect computer client. Lately, malware attack as a form espionage (cyberwar) one of the most topic on security internet, because of has massive impact. Forensic malware becomes indicator successful user to realized about malware infect. This research about reverse engineering. A few steps there are scanning, suspected packet in network and analysis of malware behavior and disassembler body malware.
6
Laurenza, Giuseppe, Riccardo Lazzeretti, and Luca Mazzotti. "Malware Triage for Early Identification of Advanced Persistent Threat Activities." Digital Threats: Research and Practice 1, no. 3 (2020): 1–17. http://dx.doi.org/10.1145/3386581.
Full text
7
Hofer-Schmitz, Katharina, Ulrike Kleb, and Branka Stojanović. "The Influences of Feature Sets on the Detection of Advanced Persistent Threats." Electronics 10, no. 6 (2021): 704. http://dx.doi.org/10.3390/electronics10060704.
Full textAbstract:
This paper investigates the influences of different statistical network traffic feature sets on detecting advanced persistent threats. The selection of suitable features for detecting targeted cyber attacks is crucial to achieving high performance and to address limited computational and storage costs. The evaluation was performed on a semi-synthetic dataset, which combined the CICIDS2017 dataset and the Contagio malware dataset. The CICIDS2017 dataset is a benchmark dataset in the intrusion detection field and the Contagio malware dataset contains real advanced persistent threat (APT) attack traces. Several different combinations of datasets were used to increase variety in background data and contribute to the quality of results. For the feature extraction, the CICflowmeter tool was used. For the selection of suitable features, a correlation analysis including an in-depth feature investigation by boxplots is provided. Based on that, several suitable features were allocated into different feature sets. The influences of these feature sets on the detection capabilities were investigated in detail with the local outlier factor method. The focus was especially on attacks detected with different feature sets and the influences of the background on the detection capabilities with respect to the local outlier factor method. Based on the results, we could determine a superior feature set, which detected most of the malicious flows.
8
Márquez Díaz, Jairo Eduardo. "Armas cibernéticas. Malware inteligente para ataques dirigidos." Ingenierías USBMed 8, no. 2 (2017): 48–57. http://dx.doi.org/10.21500/20275846.2955.
Full textAbstract:
En este artículo se muestra un análisis sobre el malware denominado Amenaza Persistente Avanzada o APT, el cual se ha clasificado por autoridades internacionales, como una de las primeras ciberarmas que puede comprometer seriamente las infraestructuras críticas de una nación. Esto se debe en gran parte, a los nuevos desarrollos de sistemas intrusivos más avanzados, que incorporan tecnologías y algoritmos dinámicos, que buscan integrar la inteligencia artificial y los algoritmos genéticos, entre otros, para hacer mucho más complejos y completos los programas a la hora de efectuar un escaneo de los protocolos de red y/o registros, robo de información, espionaje o ataques dirigidos, donde el sigilo y la furtividad son factores clave para ello, haciéndolos indetectables, y cuya permanencia puede ser indefinida al interior de un sistema informático o red. Dicho esto, las diversas técnicas de ataque de este tipo de malware, pone entre dicho las barreras y sistemas de protección actuales, tanto lógicas como físicas, y además, con la futura incorporación de algoritmos neuroevolutivos en sus código fuente, las herramientas, protocolos y políticas de seguridad de la información van a requerir ser revaluadas muy pronto.
9
Li, Shudong, Qianqing Zhang, Xiaobo Wu, Weihong Han, and Zhihong Tian. "Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques." Security and Communication Networks 2021 (September 6, 2021): 1–12. http://dx.doi.org/10.1155/2021/9396141.
Full textAbstract:
In recent years, the popularity of IoT (Internet of Things) applications and services has brought great convenience to people's lives, but ubiquitous IoT has also brought many security problems. Among them, advanced persistent threat (APT) is one of the most representative attacks, and its continuous outbreak has brought unprecedented security challenges for the large-scale deployment of the IoT. However, important research on analyzing the attribution of APT malware samples is still relatively few. Therefore, we propose a classification method for attribution organizations with APT malware in IoT using machine learning. It aims to mark the real attacking organization entities to better identify APT attack activity and protect the security of IoT. This method performs feature representation and feature selection based on APT behavior data obtained from devices in the Internet of Things and selects the features with a high degree of differentiation among organizations. Then, it trains a multiclass model named SMOTE-RF that can better deal with imbalance and multiclassification problems. Our experiments on real dynamic behavior data are combined to verify the effectiveness of the method proposed in this paper for attribution analysis of APT malware samples and achieve good performance. Our method could identify the organization behind complex APT attacks in IoT devices and services.
10
LIU, Jing, Pei Dai XIE, Meng Zhu LIU, and Yong Jun WANG. "Having an Insight into Malware Phylogeny: Building Persistent Phylogeny Tree of Families." IEICE Transactions on Information and Systems E101.D, no. 4 (2018): 1199–202. http://dx.doi.org/10.1587/transinf.2017edl8172.
Full text
11
Niu, Weina, Xiaosong Zhang, GuoWu Yang, Jianan Zhu, and Zhongwei Ren. "Identifying APT Malware Domain Based on Mobile DNS Logging." Mathematical Problems in Engineering 2017 (2017): 1–9. http://dx.doi.org/10.1155/2017/4916953.
Full textAbstract:
Advanced Persistent Threat (APT) is a serious threat against sensitive information. Current detection approaches are time-consuming since they detect APT attack by in-depth analysis of massive amounts of data after data breaches. Specifically, APT attackers make use of DNS to locate their command and control (C&C) servers and victims’ machines. In this paper, we propose an efficient approach to detect APT malware C&C domain with high accuracy by analyzing DNS logs. We first extract 15 features from DNS logs of mobile devices. According to Alexa ranking and the VirusTotal’s judgement result, we give each domain a score. Then, we select the most normal domains by the score metric. Finally, we utilize our anomaly detection algorithm, called Global Abnormal Forest (GAF), to identify malware C&C domains. We conduct a performance analysis to demonstrate that our approach is more efficient than other existing works in terms of calculation efficiency and recognition accuracy. Compared with Local Outlier Factor (LOF), k-Nearest Neighbor (KNN), and Isolation Forest (iForest), our approach obtains more than 99% F-M and R for the detection of C&C domains. Our approach not only can reduce data volume that needs to be recorded and analyzed but also can be applicable to unsupervised learning.
12
Kim, Dohoon, Donghee Choi, and Jonghyun Jin. "Method for Detecting Core Malware Sites Related to Biomedical Information Systems." Computational and Mathematical Methods in Medicine 2015 (2015): 1–8. http://dx.doi.org/10.1155/2015/756842.
Full textAbstract:
Most advanced persistent threat attacks target web users through malicious code within landing (exploit) or distribution sites. There is an urgent need to block the affected websites. Attacks on biomedical information systems are no exception to this issue. In this paper, we present a method for locating malicious websites that attempt to attack biomedical information systems. Our approach uses malicious code crawling to rearrange websites in the order of their risk index by analyzing the centrality between malware sites and proactively eliminates the root of these sites by finding the core-hub node, thereby reducing unnecessary security policies. In particular, we dynamically estimate the risk index of the affected websites by analyzing various centrality measures and converting them into a single quantified vector. On average, the proactive elimination of core malicious websites results in an average improvement in zero-day attack detection of more than 20%.
13
Sarkunavathi, A., and V. Srinivasan. "A Detailed Study on Advanced Persistent Threats: A Sophisticated Threat." Asian Journal of Computer Science and Technology 7, S1 (2018): 90–95. http://dx.doi.org/10.51983/ajcst-2018.7.s1.1797.
Full textAbstract:
In the present world computer networks are used to store sensitive information and to provide services for organizations and society. The growth of internet and the increased use of computers in society along with smart devices lead to the increase in cyber crimes and persistent attacks. The most complex and advanced attacks are targeted attacks which are specifically aimed at companies or governments to accomplish the predetermined goals such as economic advantages, strategic benefits, getting control of sensitive information. Hackers try to access sensitive data from cyber space and there by become as advanced malware developers for the security systems. One type of such attack is Advanced Persistent Threats (APT) which targets the governmental institutions, military, multinational enterprises, financial industry, manufacturing and banks. The approach that is followed by the attackers are repeated attempts using different methods such as , stealth approach, adapting to the existing defense mechanisms, stealthily infiltrating the network to avoid any suspicions like involving in sleep modes before commencing any attack. The effects of these attacks are ex-filtration of key intelligence property, stoppage of fundamental services, and destruction of critical infrastructure. This paper is about the detailed study of Advanced Persistent threats to provide an idea about the advanced attacks.
14
Jeng, Tzung-Han, Yi-Ming Chen, Chien-Chih Chen, and Chuan-Chiang Huang. "MD-MinerP: Interaction Profiling Bipartite Graph Mining for Malware-Control Domain Detection." Security and Communication Networks 2020 (October 29, 2020): 1–20. http://dx.doi.org/10.1155/2020/8841544.
Full textAbstract:
Despite the efforts of information security experts, cybercrimes are still emerging at an alarming rate. Among the tools used by cybercriminals, malicious domains are indispensable and harm from the Internet has become a global problem. Malicious domains play an important role from SPAM and Cross-Site Scripting (XSS) threats to Botnet and Advanced Persistent Threat (APT) attacks at large scales. To ensure there is not a single point of failure or to prevent their detection and blocking, malware authors have employed domain generation algorithms (DGAs) and domain-flux techniques to generate a large number of domain names for malicious servers. As a result, malicious servers are difficult to detect and remove. Furthermore, the clues of cybercrime are stored in network traffic logs, but analyzing long-term big network traffic data is a challenge. To adapt the technology of cybercrimes and automatically detect unknown malicious threats, we previously proposed a system called MD-Miner. To improve its efficiency and accuracy, we propose the MD-MinerP here, which generates more features with identification capabilities in the feature extraction stage. Moreover, MD-MinerP adapts interaction profiling bipartite graphs instead of annotated bipartite graphs. The experimental results show that MD-MinerP has better area under curve (AUC) results and found new malicious domains that could not be recognized by other threat intelligence systems. The MD-MinerP exhibits both scalability and applicability, which has been experimentally validated on actual enterprise network traffic.
15
S, Preetha, P. Lalasa, and Pradeepa R. "A Comprehensive Overview on Cybersecurity: Threats and Attacks." Regular issue 10, no. 8 (2021): 98–106. http://dx.doi.org/10.35940/ijitee.h9242.0610821.
Full textAbstract:
In the world of evolving technologies, we are being driven by online transaction, AI technologies and automated processes. With the increased use of technologies in our life, the cybercrimes have amplified. Various new attacks, tools and techniques have been developed which allow the attackers to access more complex and well-managed systems, creating damage and even remain untraceable. The statistics about cyber crime tell that as of 2021 January, google has registered around 2 million phishing websites. In 2019 around 93.6% of observed malware was polymorphic, which means it changes the code continuously to evade detection. According to FBI and internet crime complaint center 2020crime report has doubled compared to 2019. International Data Corporation predicts that global spending on cybersecurity solutions will reach $133.7 billion by 2022 as cyber threats continue to increase. Governments around the world have acknowledged to growing cyber-attacks by providing directions to organizations implementing efficient cybersecurity practices. Cybersecurity protects computer systems and networks from creating damage to hardware and software, information disclosure, theft and from the interference or misdirection of the services they provide. The need to understand different kinds of cybercrime. In order to develop necessary measures against cybercrime, we need to understand different kinds of cybercrime. Our paper gives you an overview of various types of cyber-crime like malware, phishing, zero-day exploit, Advanced Persistent Threat (APT). The study provides an overview to different preventive existing solutions proposal and methods to detect attack. A strong understanding of such attacks would benefit us to be cautious and develop effective solutions.
16
CRISTEA, Lavinia Mihaela. "Risks Associated with Threats Related to Disruptive Technologies in the Current Financial Systems Context." Audit Financiar 19, no. 161 (2021): 119–29. http://dx.doi.org/10.20869/auditf/2021/161/002.
Full textAbstract:
The subject of the study is the analysis of the risks associated with threats generated by disruptive technologies in the context of current financial information systems of the entities. The phenomenon of cybercrime, facilitated by the development of Artificial Intelligence, Deep Learning and the disruptive frequency of security incidents represents the foundation of this paper. The aim of the article is to integrate, compare and investigate the impact of disruptive technologies, current security risks and incidents, and to design measures in order to manage risk. The results of this paper highlight Advanced Persistent Threats (APTs), malware, ransomware, sabotage of external actors, third-party threats in the top 5 most common security incidents. The paper acknowledges the complexity of digitization and transposes a practical model of risk management. The paper contributes to informing stakeholders about the forced penetration of hackers into victims' devices, under the pretext of COVID-19.
17
Et.al, G. Swarnalatha. "Detect and Classify the Unpredictable Cyber-Attacks by using DNN Model." Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, no. 6 (2021): 74–81. http://dx.doi.org/10.17762/turcomat.v12i6.1269.
Full textAbstract:
Machine learning techniques are often used to develop IDS by detecting and deploying fast and automated network attacks to torpedoes and host standards. However, there are many problems, as severe attacks change all the time and occur at very high levels that require a lot of resolution. There are many malicious packages available for further investigation by the cybersecurity community. However, one completed study did not provide a complete analysis to apply different machine learning algorithms on different media packages. Because of the persistent methods of attack and the dynamic nature of malware, it is important to systematically update and approve malicious packages that are available to the public. This paper explores the DNN, a type of comprehensive learning model, promoting flexible and appropriate IDS for detecting and deploying expected and unpredictable online attacks. Sustainable industrial development and rapid development of attacks need evaluation for some data developed over the years using static and dynamic methods. This type of research can help determine the best algorithm to identify future attacks. Comparative data for some commonly available malware provides a comprehensive comparison of DNN experiences with other class machine learning classifications. The best network parameters and network topologies for DNN are selected using the KDDCup 99 package with this hyperparameter selection method. The DNN model, which works well on KDDCup 99, works on other data, such as the NSL-KDD memory test. Our DNN model teaches how to transfer IDS information functions from multicultural.Multidisciplinary representations in a variety of encryption. Complex tests have shown that DNN performs better than conventional machine learning classification. Finally, we present a large and hybrid DNN torrent structure called Scale-Hybrid-IDS-AlertNet, which can be used to effectively monitor the impact of network traffic and host-level events to warn directly about cyber-attacks.
18
Park, Jong Hyuk. "Symmetry-Adapted Machine Learning for Information Security." Symmetry 12, no. 6 (2020): 1044. http://dx.doi.org/10.3390/sym12061044.
Full textAbstract:
Nowadays, data security is becoming an emerging and challenging issue due to the growth in web-connected devices and significant data generation from information and communication technology (ICT) platforms. Many existing types of research from industries and academic fields have presented their methodologies for supporting defense against security threats. However, these existing approaches have failed to deal with security challenges in next-generation ICT systems due to the changing behaviors of security threats and zero-day attacks, including advanced persistent threat (APT), ransomware, and supply chain attacks. The symmetry-adapted machine-learning approach can support an effective way to deal with the dynamic nature of security attacks by the extraction and analysis of data to identify hidden patterns of data. It offers the identification of unknown and new attack patterns by extracting hidden data patterns in next-generation ICT systems. Therefore, we accepted twelve articles for this Special Issue that explore the deployment of symmetry-adapted machine learning for information security in various application areas. These areas include malware classification, intrusion detection systems, image watermarking, color image watermarking, battlefield target aggregation behavior recognition models, Internet Protocol (IP) cameras, Internet of Things (IoT) security, service function chains, indoor positioning systems, and cryptoanalysis.
19
Hwang, Chanwoong, Hyosik Kim, Hooki Lee, and Taejin Lee. "Effective DGA-Domain Detection and Classification with TextCNN and Additional Features." Electronics 9, no. 7 (2020): 1070. http://dx.doi.org/10.3390/electronics9071070.
Full textAbstract:
Malicious codes, such as advanced persistent threat (APT) attacks, do not operate immediately after infecting the system, but after receiving commands from the attacker’s command and control (C&C) server. The system infected by the malicious code tries to communicate with the C&C server through the IP address or domain address of the C&C server. If the IP address or domain address is hard-coded inside the malicious code, it can analyze the malicious code to obtain the address and block access to the C&C server through security policy. In order to circumvent this address blocking technique, domain generation algorithms are included in the malware to dynamically generate domain addresses. The domain generation algorithm (DGA) generates domains randomly, so it is very difficult to identify and block malicious domains. Therefore, this paper effectively detects and classifies unknown DGA domains. We extract features that are effective for TextCNN-based label prediction, and add additional domain knowledge-based features to improve our model for detecting and classifying DGA-generated malicious domains. The proposed model achieved 99.19% accuracy for DGA classification and 88.77% accuracy for DGA class classification. We expect that the proposed model can be applied to effectively detect and block DGA-generated domains.
20
Feng, Bo, Qiang Li, Yuede Ji, Dong Guo, and Xiangyu Meng. "Stopping the Cyberattack in the Early Stage: Assessing the Security Risks of Social Network Users." Security and Communication Networks 2019 (July 11, 2019): 1–14. http://dx.doi.org/10.1155/2019/3053418.
Full textAbstract:
Online social networks have become an essential part of our daily life. While we are enjoying the benefits from the social networks, we are inevitably exposed to the security threats, especially the serious Advanced Persistent Threat (APT) attack. The attackers can launch targeted cyberattacks on a user by analyzing its personal information and social behaviors. Due to the wide variety of social engineering techniques and undetectable zero-day exploits being used by attackers, the detection techniques of intrusion are increasingly difficult. Motivated by the fact that the attackers usually penetrate the social network to either propagate malwares or collect sensitive information, we propose a method to assess the security risk of the user being attacked so that we can take defensive measures such as security education, training, and awareness before users are attacked. In this paper, we propose a novel user analysis model to find potential victims by analyzing a large number of users’ personal information and social behaviors in social networks. For each user, we extract three kinds of features, i.e., statistical features, social-graph features, and semantic features. These features will become the input of our user analysis model, and the security risk score will be calculated. The users with high security risk score will be alarmed so that the risk of being attacked can be reduced. We have implemented an effective user analysis model and evaluated it on a real-world dataset collected from a social network, namely, Sina Weibo (Weibo). The results show that our model can effectively assess the risk of users’ activities in social networks with a high area under the ROC curve of 0.9607.
21
"Exploring the API Calls for Malware Behavior Detection using Concordance and Document Frequency." International Journal of Engineering and Advanced Technology 8, no. 6 (2019): 4991–97. http://dx.doi.org/10.35940/ijeat.f9144.088619.
Full textAbstract:
In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. Malwares are becoming persistent by creating full-fledged variants of the same or different family. Malwares belonging to same family share same characteristics in their functionality of spreading infections into the victim computer. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. For malware detection, various approaches have been proposed. An Application Programming Interface (API) is widely is used for the software to interact with an operating system to do certain task such as opening file, deleting file etc., Users of the computers use this API to make it comfortable for their program to communicate with the operating system without having the prior knowledge of the hardware of the object system. The attacker also use the same type of APIs to create malware, hence it is very much difficult to know about these APIs. There are many researches done in this field, however, most researchers used n-gram to detect the sequence of API calls. Even though, it gave good results, it is time consuming to process through all the output. Hence, we proposed to use Concordance to search for the API call sequence of a malware because it use KWIC (Key Word in Context), thus only displayed the output based on the queried keyword. After that, Document Frequency (DF) is used to search for the most commonly used APIs in the dataset. The result of our experiment gave high accuracy than other methods and also found more categories than other methods. API call sequence can be extracted from most of the modern d evices. Hence we supposed that our method can detect the malware for all types of the ubiquitous devices. The results of the experiment show that Concordance can be used to search for API call sequence as we manage to identify Eight malicious Activities (Screen Capture, Hooking, Downloader, Enumerate all process, Anti debugging, Synchronization, Key Logger and Dropper) using this method.
22
Waliulu, Raditya Faisal. "Reverse Engineering Reverse Engineering Analysis Forensic Malware WEBC2-Div." Journal of Informatics, Information System, Software Engineering and Applications (INISTA) 1, no. 1 (2018). http://dx.doi.org/10.20895/inista.v1i1.10.
Full textAbstract:
At this paper focus on Malicious Software also known as Malware APT1 (Advance Persistent Threat) codename WEBC2-DIV the most variants malware has criteria consists of Virus, Worm, Trojan, Adware, Spyware, Backdoor either Rootkit. Although, malware could avoidance scanning antivirus but reverse engineering could be know how dangerous malware infect computer client. Lately, malware attack as a form espionage (cyberwar) one of the most topic on security internet, because of has massive impact. Forensic malware becomes indicator successful user to realized about malware infect. This research about reverse engineering. A few steps there are scanning, suspected packet in network and analysis of malware behavior and disassembler body malware.
23
Waliulu, Raditya Faisal, and Teguh Hidayat Iskandar Alam. "REVERSE ENGINEERING ANALYSIS FORENSIC MALWARE WEBC2-DIV." KOMIK (Konferensi Nasional Teknologi Informasi dan Komputer) 2, no. 1 (2018). http://dx.doi.org/10.30865/komik.v2i1.902.
Full textAbstract:
At this paper focus on Malicous Software also known as Malware APT1 (Advance Persistent Threat) codename WEBC2-DIV the most variants malware has criteria consists of Virus, Worm, Trojan, Adware, Spyware, Backdoor either Rootkit. Although, malware could avoidance scanning antivirus but reverse engineering could be know how dangerous malware infect computer client. Lately, malware attack as a form espionage (cyberwar) one of the most topic on security internet, because of has massive impact. Forensic malware becomes indicator successfull user to realized about malware infect. This research about reverse engineering. A few steps there are scanning, suspected packet in network and analysis of malware behavior and dissambler body malware.Keyword : forensic malware, Analysis, Advance Presistent Threat, Cyberwar, dissambler
24
Chen, Weixiang, Xiaohan Helu, Chengjie Jin, et al. "Advanced persistent threat organization identification based on software gene of malware." Transactions on Emerging Telecommunications Technologies 31, no. 12 (2020). http://dx.doi.org/10.1002/ett.3884.
Full text
25
Griscioli, Federico, and Maurizio Pizzonia. "USBCaptchaIn: Preventing (un)conventional attacks from promiscuously used USB devices in industrial control systems1." Journal of Computer Security, December 7, 2020, 1–26. http://dx.doi.org/10.3233/jcs-191404.
Full textAbstract:
Industrial Control Systems (ICS) are sensible targets for high profile attackers and advanced persistent threats, which are known to exploit USB thumb drives as an effective spreading vector. In ICSes, thumb drives are widely used to transfer files among disconnected systems and represent a serious security risks, since, they may be promiscuously used in both critical and regular systems. The threats come both from malware hidden in files stored in the thumb drives and from BadUSB attacks. BadUSB leverages the modification of firmware of USB devices in order to mimic the behaviour of a keyboard and send malicious commands to the host. We present a solution that allows a promiscuous use of USB thumbs drives while protecting critical machines from malware, that spreads by regular file infection or by firmware infection. The main component of the architecture we propose is an hardware, called USBCaptchaIn, intended to be in the middle between critical machines and connected USB devices. We do not require users to change the way they use thumb drives. To avoid human-errors, we do not require users to take any decision. The proposed approach is highly compatible with already deployed products of a ICS environment and proactively blocks malware before they reach their targets. We describe our solution, provide a thorough analysis of the security of our approach in the ICS context, and report the informal feedback of some experts regarding our first prototypes.
26
Ramadhan, Iqbal. "Building Cybersecurity Regulation in Southeast Asia: A Challenge for the Association of Southeast Asian Nations (ASEAN)." Journal of Social and Political Sciences 3, no. 4 (2020). http://dx.doi.org/10.31014/aior.1991.03.04.230.
Full textAbstract:
For each nation-state, technology has become a new backbone. It links a range of critical infrastructures, including finance, banking, security, water, electricity, and transport. As Southeast Asia's dominant regional body, ASEAN enjoys privileges and benefits from emerging technology. In recent years, digital trade has enhanced the economic growth of ASEAN. Nßon-traditional threats such as a cyber attack are, however, the result of the modern world. Malware, malware, and advanced persistent threat (APT) lurk in every corner of cyberspace, seeking to cripple and shut down ASEAN's economic interest. The lack of rigorous regulation and a major technological gap among ASEAN members is the biggest challenge to strengthen cybersecurity in Southeast Asia. When conflict comes from the cyber world, the absence of control will jeopardize their interests. Using Archer's theory of international organization, the author aims to examine the policy in Southeast Asia to issue firm cybersecurity regulations. To improve the debate, the authors used the qualitative approach and secondary data. ASEAN needs to set the standard, aggregate and socialize the national interests of all members and enforce the unique legal formal process from the viewpoint of the authors. The Cybersecurity Regulation should certainly be consistent with the essential basis of the Treaty of Amity and Cooperation.
27
Alghamdi, Waleed, and Michael Schukat. "Precision time protocol attack strategies and their resistance to existing security extensions." Cybersecurity 4, no. 1 (2021). http://dx.doi.org/10.1186/s42400-021-00080-y.
Full textAbstract:
AbstractThe IEEE 1588 precision time protocol (PTP) is very important for many industrial sectors and applications that require time synchronization accuracy between computers down to microsecond and even nanosecond levels. Nevertheless, PTP and its underlying network infrastructure are vulnerable to cyber-attacks, which can stealthily reduce the time synchronization accuracy to unacceptable and even damage-causing levels for individual clocks or an entire network, leading to financial loss or even physical destruction. Existing security protocol extensions only partially address this problem. This paper provides a comprehensive analysis of strategies for advanced persistent threats to PTP infrastructure, possible attacker locations, and the impact on clock and network synchronization in the presence of security protocol extensions, infrastructure redundancy, and protocol redundancy. It distinguishes between attack strategies and attacker types as described in RFC7384, but further distinguishes between the spoofing and time source attack, the simple internal attack, and the advanced internal attack. Some experiments were conducted to demonstrate the impact of PTP attacks. Our analysis shows that a sophisticated attacker has a range of methodologies to compromise a PTP network. Moreover, all PTP infrastructure components can host an attacker, making the comprehensive protection of a PTP network against a malware infiltration, as for example exercised by Stuxnet, a very tedious task.