Filters








129 Hits in 2.7 sec

Evasive Malware via Identifier Implanting [chapter]

Rui Tanabe, Wataru Ueno, Kou Ishii, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, Daisuke Inoue, Christian Rossow
2018 Lecture Notes in Computer Science  
We propose to implant identifiers into the target system, such as unique entries in the browser history, cache, cookies, or the DNS stub resolver cache.  ...  We then prototype a customized malware that searches for these implants on the executing environment and denies execution if implants do not exist as expected.  ...  Sandbox Evasion via Implants We use this section to explain the general concept of customized malware that presents a completely new angle in the battle of sandbox evasion.  ... 
doi:10.1007/978-3-319-93411-2_8 fatcat:3bavl7pdlncrbdtwjxtnjad5sq

API Chaser: Taint-Assisted Sandbox for Evasive Malware Analysis

Yuhei Kawakoya, Eitaro Shioji, Makoto Iwamura, Jun Miyoshi
2019 Journal of Information Processing  
These experimental results show that 701 out of 8,897 malware samples employ hook evasion techniques to hide specific API calls, while 344 malware ones use target evasion techniques to hide the source  ...  The core technique in API Chaser is code tainting, which enables us to identify precisely the execution of monitored instructions by propagating three types of taint tags added to the codes of API, malware  ...  If we can detect the ROP code, we may be able to identify the execution of APIs called from malware via the detected ROP code.  ... 
doi:10.2197/ipsjjip.27.297 fatcat:d56up6yd2ve6rbto45rrvsimii

Analysis of Mobile Malware: A Systematic Review of Evolution and Infection Strategies

Moses Ashawa, Sarah Morris
2021 Journal of Information Security and Cybercrimes Research  
They also help mobile malware analysts to understand the current evasion techniques mobile malware deploys  ...  Accordingly, factors that restricted the fast spread of early malware and those that enhance the fast propagation of recent malware are identified.  ...  One of the major evasion strategies adopted by recent malware is the Trojan defense approach, as identified in the security report of ESET [86] .  ... 
doi:10.26735/krvi8434 fatcat:ukj62xubvzgdhf42fzgglv4zea

Recent Advances in Cryptovirology: State-of-the-Art Crypto Mining and Crypto Ransomware Attacks

2019 KSII Transactions on Internet and Information Systems  
In our approach, we perform digital autopsy on the malware's source code and execute the different malware variants in a contained sandbox to deduce static and dynamic properties respectively.  ...  These attack structures leave a trail of digital forensics evidence when the malware interacts with the file system and generates noise in form of network traffic when communicating with the C2 servers  ...  The malware access the CryptEncrypt function from the Crypto API to encrypt the AES key with the implanted RSA key.  ... 
doi:10.3837/tiis.2019.06.027 fatcat:nyeikojtzraarhpppv7tzsdtmy

Demystifying Ransomware Attacks: Reverse Engineering and Dynamic Malware Analysis of WannaCry for Network and Information Security

Aaron Zimba, Luckson Simukonda, Mumbi Chishimba
2017 Zambia ICT Journal  
so does malware.  ...  WannaCry attacks identify with the latter which employ encryption to effectuate a denial of service (DOS) attack on victim data.  ... 
doi:10.33260/zictjournal.v1i1.19 fatcat:jlehughl5zeg7nmnyvqwtclb7y

VMI Based Automated Real-Time Malware Detector for Virtualized Cloud Environment [chapter]

M. A. Ajay Kumara, C. D. Jaidhar
2016 Lecture Notes in Computer Science  
December 17, 2016 4 / 10 Malware and rootkits used in experiment 2-stage experiment conducted. 1 In the rst stage, the evasive malware variant called Kelihos was directly collected from malware  ...  In-guest assisted component operating via established communication channel cannot modied by any kind of security threats.  ... 
doi:10.1007/978-3-319-49445-6_16 fatcat:xdbsaroblne5dfreunpyq5ceki

Malware Detection Approaches and Analysis for the Internet of Medical Things Enabled Healthcare Systems

2021 International Journal of Advanced Trends in Computer Science and Engineering  
As a result, malware protection for the IoMT environment becomes critical. In this paper, we provide several forms of malware attacks and their consequences.  ...  We also go through security, privacy, and different IoMT malware detection schemes  ...  By patient monitoring equipment with many sensors, a medical expert can understand, identify the problem, and offer patients solutions via the cloud.  ... 
doi:10.30534/ijatcse/2021/061062021 fatcat:qyr5tpimenfkjekgprcz7mo254

Glassbox: Dynamic Analysis Platform for Malware Android Applications on Real Devices [article]

Paul Irolla, Eric Filiol
2016 arXiv   pre-print
Dealing with virtual device evasion is a never-ending war and comes with a non-negligible computation cost.  ...  It is therefore the most widely targeted system by malware authors. Researchers rely on dynamic analysis to extract malware behaviors and often use emulators to do so.  ...  For example the reverse of the sample [5] shows that malware are using emulation evasion.  ... 
arXiv:1609.04718v1 fatcat:exb3cguvafc7tajlyj3q4wwn5q

Do You Think You Can Hold Me? The Real Challenge of Problem-Space Evasion Attacks [article]

Harel Berger, Amit Dvir, Chen Hajaj, Rony Ronen
2022 arXiv   pre-print
The gap between the two types of evasion attacks is examined via the retraining process of classifiers using each one of the evasion attack types.  ...  Problem-space attacks refer to evasion attacks that change the actual sample. Specifically, this paper analyzes the gap between these two types in the Android malware domain.  ...  The Real Challenge of Problem-Space Evasion Attacks 3 FUNDAMENTALS OF MACHINE LEARNING AND MALWARE DETECTION This section surveys the fundamentals of malware detection and machine learning.  ... 
arXiv:2205.04293v1 fatcat:7js3byb2lnaatkw77nbnpshdsy

Intriguing Properties of Adversarial ML Attacks in the Problem Space [article]

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro
2020 arXiv   pre-print
Second, building on our formalization, we propose a novel problem-space attack on Android malware that overcomes past limitations.  ...  Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping  ...  Organ Implantation. In order to implant some gadget ρ into a host, it is necessary to identify an injection point L H where v should be inserted.  ... 
arXiv:1911.02142v2 fatcat:fioc4k5eczf2toexvneuetxnhi

Intriguing Properties of Adversarial ML Attacks in the Problem Space

Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro
2020 2020 IEEE Symposium on Security and Privacy (SP)  
Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping  ...  First, we propose a novel formalization for adversarial ML evasion attacks in the problem-space, which includes the definition of a comprehensive set of constraints on available transformations, preserved  ...  Organ Implantation. In order to implant some gadget ρ into a host, it is necessary to identify an injection point L H where v should be inserted.  ... 
doi:10.1109/sp40000.2020.00073 dblp:conf/sp/PierazziPCC20 fatcat:mk34n5mqwndexh6irwqmi6fopa

Malware: The Never-Ending Arm Race

Hector David Menendez
2021 Open Journal of Cybersecurity  
, i.e. malware only resident in volatile memory that makes every disk analysis senseless.  ...  This famous quote that Brian Dye --Symantec's senior vice president-- stated in 2014 is the best representation of the current situation with malware detection and mitigation.  ...  in April 2015, when I joined UCL to work in malware analysis.  ... 
doi:10.46723/ojc.1.1.3 fatcat:bxznrmd6arazrmd63i6d32rqx4

A survey on automated dynamic malware-analysis techniques and tools

Manuel Egele, Theodoor Scholte, Engin Kirda, Christopher Kruegel
2012 ACM Computing Surveys  
Royal et al. [2006] identify obfuscation techniques of unpackexecuting malware that hamper the work of malware-detection tools.  ...  Joebox also implements this to thwart evasion attempts by malware that stays dormant in the case of no user interaction.  ...  Automated dynamic analysis results in a report that describes the observed actions the malware has performed while under analysis.  ... 
doi:10.1145/2089125.2089126 fatcat:23hzmzp4ovgenkjmevsw3hr3wy

LANTENNA: Exfiltrating Data from Air-Gapped Networks via Ethernet Cables [article]

Mordechai Guri
2021 arXiv   pre-print
In this case, the malware was reportedly delivered via a thumb drive.  ...  The incident that was referred to as "the largest and most sophisticated attack the world has ever seen" involved a highly evasive backdoor implanted within the company products.  ... 
arXiv:2110.00104v1 fatcat:vt3e6xoebvghrmcqvy3jvr7qai

A Two-layer Deep Learning Method for Android Malware Detection Using Network Traffic

Jiayin Feng, Limin Shen, Zhen Chen, Yuying Wang, Hui Li
2020 IEEE Access  
INDEX TERMS Android, malware detection, deep learning, network traffic.  ...  In this paper, a two-layer method is proposed to detect malware in Android APPs. The first layer is permission, intent and component information based static malware detection model.  ...  A good detection model should identify as many malware APPs as possible and minimize the False Positive Rate.  ... 
doi:10.1109/access.2020.3008081 fatcat:3frpziqpjbcapik6cupr5ojyaa
« Previous Showing results 1 — 15 out of 129 results