Static detection and identification of X86 malicious executables: A multidisciplinary approach

Wang, Zhiyu

Unknown Date

No description available.

malicious executables

Detection of Malicious Nodes in Mobile Ad hoc Networks

Singamsetty, Ratna Sireesha

January 2011

No description available.

Engineering

Malicious

Dynamic Behavioral Analysis of Malicious Software with Norman Sandbox

Shoemake, Danielle

05 August 2010

Current signature-based Anti-Virus (AV) detection approaches take, on average, two weeks from discovery to definition update release to AV users. In addition, these signatures get stale quickly: AV products miss between 25%-80% of new malicious software within a week of not updating. This thesis researches and develops a detection/classification mechanism for malicious software through statistical analysis of dynamic malware behavior. Several characteristics for each behavior type were stored and analyzed such as function DLL names, function parameters, exception thread ids, exception opcodes, pages accessed during faults, port numbers, connection types, and IP addresses. Behavioral data was collected via Norman Sandbox for storage and analysis. We proposed to find which statistical measures and metrics can be collected for use in the detection and classification of malware. We conclude that our logging and cataloging procedure is a potentially viable method in creating behavior-based malicious software detection and classification mechanisms.

signature

behavior

Norman

sandbox

malicious software detection

Structure Attacks in Cryptographic Protocols

Mahlburg, Karl

01 May 2001

Cryptographic protocols are in general difficult to analyze, and complicated attacks exposing security flaws have remained hidden years after a protocol is developed. Recently developed tools such as strand spaces and inductive logical proofs provide mechanical procedures for analyzing protocols. The key to these methods is that a generous upper bound on the activity of a malicious penetrator is often much easier to work with than a tighter bound. However, these formalizations make strong assumptions about the algebraic structure of the cryptosystem that are never met in a real application. In this work, we show that an extended form of the strand space machinery can be used to analyze protocols which contain nontrivial algebraic structure, specifically that which arises from the XOR operation. This work also serves as one of the first steps in reconciling computational and formal methods of analyzing cryptographic security.

Structured Attacks

Cryptographic Protocols

malicious penetrator

Anomaly Based Malicious URL Detection in Instant Messaging

Lin, Jia-bin

15 July 2009

Instant messaging (IM) has been a platform of spreading malware for hackers due to its popularity and immediacy. To evade anti-virus detection, hacker might send malicious URL message, instead of malicious binary file. A malicious URL is a link pointing to a malware file or a phishing site, and it may then propagate through the victim's contact list. Moreover, hacker sometimes might use social engineering tricks making malicious URLs hard to be identified. The previous solutions are improper to detect IM malicious URL in real-time. Therefore, we propose a novel approach for detecting IM malicious URL in a timely manner based on the anomalies of URL messages and sender's behavior. Malicious behaviors are profiled as a set of behavior patterns and a scoring model is developed to evaluate the significance of each anomaly. To speed up the detection, the malicious behavior patterns can identify known malicious URLs efficiently, while the scoring model is used to detect unknown malicious URLs. Our experimental results show that the proposed approach achieves low false positive rate and low false negative rate.

Malicious URL

Instant Messaging

IM Worms

Malicious Web Page Detection Based on Anomaly Semantics

Luo, Jing-Siang

20 August 2009

Web services are becoming the dominant way to provide access to on-line information. Web services have a lot of applications, like e-mail, web search engine, auction network and internet banking. On the web services, web application technology and dynamic webpage technology are very important, but hackers take advantage of web application vulnerabilities and dynamic webpage technology to inject malicious codes into webpages. However, a part of the web sites have neglected the issue of security. In this paper, we propose a novel approach for detecting malicious webpages by URL features, anomaly semantics, potential dangerous tags and tag attributes. This research proposed approach mainly consists of three parts: (1) scripting language and automatic link filter. (2) malicious feature. (3) scoring mechanism. By first part, this step can filter out normal webpages to increae detection speed. Second part can identify some known malicious attacks. Third part can search some unknown malicious webpages by scoring. Our experimental results show that the proposed approach achieves low false positive rate and low false negative rate.

Dynamic Webpage

Malicious Webpage

Web Application

Beyond rule-based legal expert systems : using frames and case-based reasoning to analyze the tort of malicious prosecution

Kowalski, Andrzej

January 1990

Most legal expert systems to date have been purely rule-based. Case-based reasoning is a methodology for building legal expert systems whereby profiles of cases contained in a database, rather than specific legal rules, direct the outcomes of the system. Frame-based knowledge representation in legal expert systems involves the use of frames to represent legal knowledge. Case-based reasoning and frame-based knowledge representation offer significant advantages over purely rule-based legal expert systems in case-based law. These advantages are realizable by using the deep structure approach to knowledge representation. This involves searching beneath law at the doctrinal level for underlying fact patterns and structures which explain decisions in cases. This is demonstrated by the Malicious Prosecution Consultant, a legal expert system which operates in the domain of the tort of malicious prosecution. The Malicious Prosecution Consultant confirms the results of earlier research at The University of British Columbia, Faculty of Law that it is possible to build legal expert systems in unstructured areas of case-based law with relatively cheap commercially available expert system shells by using the deep structure approach to knowledge representation. / Law, Peter A. Allard School of / Graduate

Malicious prosecution

Juvenile vandalism in the City of Vancouver : an exploratory study of juvenile vandalism as found in the City of Vancouver, British Columbia, Canada

Fairbank, John Keith

January 1965

Vandalism, as one facet of juvenile delinquency, has received scant attention from social scientists in North America. This reflects the relatively low proportion of all delinquent acts which can be described as "vandalism" on the one hand and the efforts of social scientists to develop all-encompassing theories of delinquency causation on the other. This study has proceeded on the premise advanced by Alfred Kahn in his book, Planning Community Service for Children in Trouble, that community service must not be built on the assumption that delinquents are a homogeneous group. Kahn maintains that our efforts will be more fruitful if we develop an awareness of the heterogenity of the group. Therefore, this study represents an initial, exploratory study of juvenile vandalism to determine what, if any, factors set juveniles who indulge in vandalism apart from other delinquents. A descriptive-diagnostic research design suited the exploratory nature of the study and permitted the use of the experience survey method. A survey of the literature on juvenile delinquency gave focus and direction to the study. The questionnaires developed for the study were based to a large extent upon theories extracted from the literature. A survey of the literature, questionnaires, the examination of records, interviews, and case studies were the methods utilized. Data was obtained from law-enforcement agencies and from public and private business organizations in the City of Vancouver. Vandalism occurs in all areas of the community and in all social classes. Predominantly a group activity of younger male juveniles, vandalism is characterized by contagion from group member to group member and from group to group. Vandal acts occur in areas or situations isolated in various ways from direct observation. Reports on the incidence of vandalism from non-law-enforcement sources in the City indicate that this crime occurs more frequently in middle-class and upper-class areas but the juvenile court records show that the majority of juveniles appearing in Court reside in the lower-class areas. These findings indicate the middle-class attitude of the official court system and the prevalence of delinquency in the more affluent class of society. The need for detailed research into the delinquent activities of the upper-class juveniles pleads to be recognized. Until society permits further research into delinquent behaviour to focus equally upon all strata of society, complete comprehension of the act of juvenile vandalism in the City of Vancouver will not be achieved. / Arts, Faculty of / Social Work, School of / Leung, Sophia Ming Ren; Pittman, Robert Graham; Wills, Madlyn Gertrude / Graduate

Malicious mischief

Malicious URL Detection using Machine Learning

Siddeeq, Abubakar

17 October 2022

Malicious URL detection is important for cyber security experts and security agencies. With the drastic increase in internet usage, the distribution of such malware is a serious issue. Due to the wide variety of this malware, detection even with antivirus software is difficult. More than 12.8 million malicious URL websites are currently running. In this thesis, several machine learning classifiers along with ensemble methods are used to formulate a framework to detect this malware. Principal component analysis, k-fold cross-validation, and hyperparameter tuning are used to improve performance. A dataset from Kaggle is used for classification. Accuracy, precision, recall, and f-score are used as metrics to determine the model performance. Moreover, model behavior with a majority of one label in the dataset is also examined as is typical in the real world. / Graduate

Machine learning

URL

Malicious URL

ML

The Extendable Guideline for Analysing Malicious PDF Documents

Sjöholm, Peter

January 2013

Today, the average computer user has undoubtedly encountered the PDF format while handling electronic documents. Due to its wide-spread popularity and feature richness, PDF documents are commonly utilized by attackers in order to infect systems with malware. This thesis will present The Extendable Guideline for Analysing Malicious PDF Documents. This work will establish the foundation of the guideline and populate it with a part of the analysis process. The guideline relies on earlier published material in the topic. It is a practical guideline that is followed by the use of a flowchart and can be utilized by an analyst in order to determine if a PDF document is malicious or not. It provides technical background information, suitable analysis techniques, and tools. The guideline structure was developed by using sequential thinking in combination with the divide and conquer paradigm. The thesis will also elucidate commonly applied techniques that are used by malicious PDF authors in order to infect systems, evade detection, and distribute their malicious documents. A commonly utilized function in PDF documents are the JavaScript feature. There are a wide range of other features that are targeted by malicious PDF authors, but they are more rarely encountered. PDF documents are often distributed by attackers by sending them as an attachment in an email, or storing the document on a web server.

PDF

Documents

Portable Document Format

Malicious PDF

Malicious

Guideline

Analyse

Analysing

Analyze

Analyzing

Extendable

Flowchart