94 Hits in 5.2 sec

A framework for diversifying windows native APIs to tolerate code injection attacks

Lynette Qu Nguyen, Tufan Demir, Jeff Rowe, Francis Hsu, Karl Levitt
2007 Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07  
We present a framework to prevent code injection attacks in MS Windows using Native APIs in the operating system.  ...  The first tier permutes the Native API dispatch ID number so that only the Native API calls from legitimate sources are executed.  ...  In MS Windows, native API calls are the interface used by user processes to request services from the operating system.  ... 
doi:10.1145/1229285.1229338 dblp:conf/ccs/NguyenDRHL07 fatcat:b4scjbf3x5ditac5eovugolvoa


Zhiyong Shan, Xin Wang, Tzi-cker Chiueh
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  
The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems.  ...  Our prototyping and experiments on Windows show that Tracer can effectively defeat all malware samples tested via blocking malware behaviors while not causing a significant compatibility problem. .  ...  ACKNOLEDGMENT We would like to thank all the anonymous reviewers for their insightful comments and feedback. This work is supported by Natural Science  ... 
doi:10.1145/1966913.1966932 dblp:conf/ccs/ShanWC11 fatcat:waok7lsumrdbzacya4t4gynoyy

Ransomware and the Legacy Crypto API [chapter]

Aurélien Palisse, Hélène Le Bouder, Jean-Louis Lanet, Colas Le Guernic, Axel Legay
2017 Lecture Notes in Computer Science  
Ransomware are malicious software that encrypt their victim's data and only return the decryption key in exchange of a ransom.  ...  The second one intercept calls made to Microsoft's Cryptographic API. Both methods must be active before the attack takes place, and none is general enough to handle all ransomware.  ...  Acknowledgments The authors would like to thank Ronan Lashermes, Alexandre Gonzalvez and the anonymous reviewers for their valuable help and comments.  ... 
doi:10.1007/978-3-319-54876-0_2 fatcat:vzm3t7mhuzedjo46chpgcp3ise

Enforcing Mandatory Access Control in Commodity OS to Disable Malware

Zhiyong Shan, Xin Wang, Tzi-cker Chiueh
2012 IEEE Transactions on Dependable and Secure Computing  
The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusable problems in existing MAC systems.  ...  intrusion detection and tracing in a commercial operating system.  ...  The Interception part monitors Native Windows API functions (i.e. system call) at the kernel level and Win32 API functions (i.e. system library functions) at the application level, then issues behavior  ... 
doi:10.1109/tdsc.2012.36 fatcat:bkdmax2fe5c5ljek7rsd2vskfy

Malware Detection, Supportive Software Agents and Its Classification Schemes

Adebayo Olawale Surajudeen
2012 International journal of network security and its applications  
Over time, the task of curbing the emergence of malware and its dastard activities has been identified in terms of analysis, detection and containment of malware.  ...  It is a malignant program designed to hamper the effectiveness of a computer and internet system.  ...  [16] is another work that determines a spyware component by statically extract a list for Windows API calls invoked in response to browser events, and combines it with dynamic analysis to identify the  ... 
doi:10.5121/ijnsa.2012.4603 fatcat:ep3a3uydffdnrmhybtoqhuplfq


Frank Castaneda, Emre Can Sezer, Jun Xu
2004 Proceedings of the 2004 ACM workshop on Rapid malcode - WORM '04  
Existing anti-virus and intrusion detection systems are clearly inadequate to defend against many recent fast-spreading worms. In this paper we explore an active counter-attack methodanti-worms.  ...  Self-propagating computer worms have been terrorizing the Internet for the last several years.  ...  A crucial factor in any worm is the ability to call into various system APIs necessary for successful propagation.  ... 
doi:10.1145/1029618.1029631 dblp:conf/worm/CastanedaSX04 fatcat:v5rrbkoddzavvikibirnym7r6m

Detecting worms via mining dynamic program execution

Xun Wang, Wei Yu, Adam Champion, Xinwen Fu, Dong Xuan
2007 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007  
In particular, we execute a large number of realworld worms and benign programs (executables), and trace their system calls.  ...  Our experimental results clearly demonstrate the effectiveness of our approach to detect new worms in terms of a very high detection rate and a low false positive rate.  ...  ACKNOWLEDGMENTS We thank Chao Wang, Lei Ding, Yipeng Li and Yan Tang for their invaluable suggestions and comments on this work.  ... 
doi:10.1109/seccom.2007.4550362 dblp:conf/securecomm/WangYCFX07 fatcat:kyjp36euaffdvh7ubpwvb32h6i

The Cousins of Stuxnet: Duqu, Flame, and Gauss

Boldizsár Bencsáth, Gábor Pék, Levente Buttyán, Márk Félegyházi
2012 Future Internet  
Flame is unique in the sense that it used advanced cryptographic techniques to masquerade as a legitimate proxy for the Windows Update service.  ...  Besides explaining the operation of these pieces of malware, we also examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available  ...  Acknowledgements We are thankful to researchers at Kaspersky and Symantec for the useful discussions on various aspects of Duqu, Flame, and Gauss.  ... 
doi:10.3390/fi4040971 fatcat:c4pc2z646vcpzfyprznxkritae

A Cyber-Kill-Chain based taxonomy of crypto-ransomware features

Tooska Dargahi, Ali Dehghantanha, Pooneh Nikkhah Bahrami, Mauro Conti, Giuseppe Bianchi, Loris Benedetto
2019 Journal in Computer Virology and Hacking Techniques  
Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis.  ...  We believe that this research study is of high value for the cyber security research community, as it provides the researchers with a means of assessing the vulnerabilities and attack vectors towards the  ...  Similarly, Unveil [7] , provides a dynamic analysis solution for Windows systems, which monitors the file system I/O activities and I/O data buffer entropy.  ... 
doi:10.1007/s11416-019-00338-7 fatcat:rjvlals56jclbei54t7pz2ra6q

Honeynets: a tool for counterintelligence in online security

David Watson
2007 Network Security  
He is also the project manager and lead developer for the Honeynet Project's Global Distributed Honeynet initiative and has presented in the past to most major US government, military and law enforcement  ...  About the author Having operated honeynet systems for many years, David Watson leads the UK Honeynet Project ( and is also one of five Research Alliance steering committee members.  ...  The Sebek client is available for Linux, *BSD, Solaris and Windows operating systems.  ... 
doi:10.1016/s1353-4858(07)70004-1 fatcat:zozulyisfnamjjjwetcc755rca

Foreign Code Detection on the Windows/X86 Platform

Susanta Nanda, Wei Li, Lap-chung Lam, Tzi-cker Chiueh
2006 Proceedings of the Computer Security Applications Conference  
This paper presents the design, implementation and evaluation of FOOD, a foreign code detection system specifically for the Windows/X86 platform, where foreign code is defined as any binary programs that  ...  FOOD verifies the legitimacy of binary images involved in process creation and library loading to ensure that only authorized binaries are used in these operations.  ...  In addition, we applied the Blaster worm and the Slammer worm attack, both of which exploit buffer overflow vulnerability, and FOOD was able to thwart both attacks successfully.  ... 
doi:10.1109/acsac.2006.29 dblp:conf/acsac/NandaLLC06 fatcat:37nmb3gxe5aztd2h2kslv6uqhu

A Study of Malcode-Bearing Documents [chapter]

Wei-Jen Li, Salvatore Stolfo, Angelos Stavrou, Elli Androulaki, Angelos D. Keromytis
2007 Lecture Notes in Computer Science  
We identify several problems with both approaches, representing both challenges in addressing the problem and opportunities for future research.  ...  By exploiting the object-oriented dynamic composability of modern document applications and formats, malcode hidden in otherwise inconspicuous documents can reach third-party applications that may harbor  ...  They use API hooking: system calls to the Win32 API are re-routed to monitoring software that gathers all the information available to the operating system.  ... 
doi:10.1007/978-3-540-73614-1_14 fatcat:r4xyai2zyvcmpezufyi4chujye

Baiting Inside Attackers Using Decoy Documents [chapter]

Brian M. Bowen, Shlomo Hershkop, Angelos D. Keromytis, Salvatore J. Stolfo
2009 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
In this work we propose trap-based defense mechanisms and a deployment platform for addressing the problem of insiders attempting to exfiltrate and use sensitive information.  ...  "Decoy Documents" are automatically generated and stored on a file system by the D 3 System with the aim of enticing a malicious user.  ...  traffic where possible. • At time of information exploitation and/or credential misuse, monitoring of decoy logins and other credentials embedded in the document content by external systems will generate  ... 
doi:10.1007/978-3-642-05284-2_4 fatcat:txecovq5snertdzb5tf6tufxem


Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham
2008 ACM Transactions on Computer Systems  
Worm containment must be automatic because worms can spread too fast for humans to respond.  ...  In Vigilante, hosts detect worms by instrumenting vulnerable programs to analyze infection attempts.  ...  Gorm Hansen for implementing the Windows NX detector. We thank M. Peinado, L. Visconti, and J. Manferdelli for many discussions about this project and for taking it to the next level. We thank A.  ... 
doi:10.1145/1455258.1455259 fatcat:p5p3cvu5vvhhtd2bhdh7b3d2vy

Malware characteristics and threats on the internet ecosystem

Zhongqiang Chen, Mema Roussopoulos, Zhanyan Liang, Yuan Zhang, Zhongrong Chen, Alex Delis
2012 Journal of Systems and Software  
Malware Evaluator also reveals that breeds in the categories of Trojan, Infector, Backdoor, and Worm significantly contribute to the malware population and impose critical risks on the Internet ecosystem  ...  role in disseminating information about security threats.  ...  Acknowledgements We are grateful to reviewers for their comments and Peter Wei of Trend Micro Inc. for fruitful discussions on the proposed framework.  ... 
doi:10.1016/j.jss.2012.02.015 fatcat:6dvcm2i7ojf7foe7gcrskwoopa
« Previous Showing results 1 — 15 out of 94 results