11 |
The Extendable Guideline for Analysing Malicious PDF DocumentsSjöholm, Peter January 2013 (has links)
Today, the average computer user has undoubtedly encountered the PDF format while handling electronic documents. Due to its wide-spread popularity and feature richness, PDF documents are commonly utilized by attackers in order to infect systems with malware. This thesis will present The Extendable Guideline for Analysing Malicious PDF Documents. This work will establish the foundation of the guideline and populate it with a part of the analysis process. The guideline relies on earlier published material in the topic. It is a practical guideline that is followed by the use of a flowchart and can be utilized by an analyst in order to determine if a PDF document is malicious or not. It provides technical background information, suitable analysis techniques, and tools. The guideline structure was developed by using sequential thinking in combination with the divide and conquer paradigm. The thesis will also elucidate commonly applied techniques that are used by malicious PDF authors in order to infect systems, evade detection, and distribute their malicious documents. A commonly utilized function in PDF documents are the JavaScript feature. There are a wide range of other features that are targeted by malicious PDF authors, but they are more rarely encountered. PDF documents are often distributed by attackers by sending them as an attachment in an email, or storing the document on a web server.
|
12 |
Grid Fault management techniques: the case of a Grid environment with malicious entitiesAkimana, Rachel 01 October 2008 (has links)
La tolérance et la gestion des fautes dans les grilles de données/calcul est d’une importance capitale. En effet, comme dans tout autre système distribué, les composants d’une grille sont susceptibles de tomber en panne à tout moment. Mais le risque de panne croît avec la taille du système, et est donc plus exacerbé dans un système de grille. En plus, tout en essayant de mettre à profit les ressources offertes par la grille, les applications tournant sur celle-ci sont de plus en plus complexes (ex. impliquent des interactions complexes, prennent des jours d’exécution), ce qui les rend plus vulnérables aux fautes. Le plus difficile dans la gestion des fautes dans une grille, c’est qu’il est difficile de savoir si une faute qui survient sur une entité de la grille est induite malicieusement ou accidentellement.
Dans notre travail de thèse, nous utilisons le terme faute, au sens large, pour faire référence à tout étant inattendu qui survient sur tout composant de la grille. Certains de ces états provoquent des comportements aussi inattendus et perceptibles au niveau de la grille tandis que d’autres passent inaperçues. De plus, certaines de ces fautes sont le résultat d’une action malveillante alors que d’autres surviennent accidentellement ou instantanément. Dans ce travail de thèse, nous avons traité le cas de ces fautes induites malicieusement, et qui généralement passent inaperçues. Nous avons considéré en particulier le problème de la confidentialité et de l’intégrité des données stockées à long-terme sur la grille.
L’étude de la confidentialité des données a été faite en deux temps dont la première partie concerne la confidentialité des données actives. Dans cette partie, nous avons considéré une application liée à la recherche des similitudes d’une séquence d’ADN dans une base de données contenant des séquences d’ADN et stockée sur la grille. Pour cela, nous avons proposé une méthode qui permet d’effectuer la comparaison sur un composant distant, mais tout en gardant confidentielle la séquence qui fait l’objet de la comparaison.
Concernant les données passives, nous avons proposé une méthode de partage des données confidentielles et chiffrés sur la grille.
En rapport avec l’intégrité des données, nous avons considéré le cas des données anonymes dans le cadre de l’intégrité des données passives. Pour les données actives, nous avons considéré le problème de la corruption des jobs exécutés sur la grille. Pour chacune des cas, nous avons proposé des mécanismes permettant de vérifier l’authenticité des données utilisées ou produites par ces applications.
|
13 |
Malicious DHTML Detection by Model-based ReasoningLin, Shih-Fen 21 August 2007 (has links)
¡@Including of HTML, client-side script, and other relative technology, Dynamic HTML (DHTML) is a mechanism of creating dynamic contents in a web page. Nowadays, because of the demand of dynamic web pages and the diffusion of web applications, attackers get a new, easily-spread, and hard-detected intrusion vector ¡Ð DHTML. And commercial anti-virus softwares, commonly using pattern-matching approach, still have weakness against commonly obfuscated malicious DHTML.
¡@According to this condition, we propose a new detective algorithm Model-based Reasoning (MoBR), basing on the respects of model and reasoning, that is resilient to common obfuscations used by attackers and can correctly determine whether a webpage is malicious or not. Through describing text and semantic signatures, we constructs the model of a malicious DHTML by the mechanism of templates. Experimental evaluation by actual DHTML demonstrates that our detection algorithm is tolerant to obfuscation and perform much superior to commercial anti-virus softwares. Furthermore, it can detect variants of malicious DHTML with a low false positive rate.
|
14 |
Robust training sequence design for cooperative communicationsHuang, Chiun-wei 21 July 2010 (has links)
Recently, the difficulty of placing multiple antennas onto a mobile terminal to exploit more
diversity has been solved by using the cooperative communication technique, in which several
relay nodes with a single antenna partner with each other to serve as virtual multiple antennas
for providing the spatial diversity. Many existing researches in cooperative communication
focuses on designing relay strategies to achieve better communication performance. However,
most of their designs require the channel state information (CSI) being perfectly known. Unfortunately,
CSI is generally unknown in practice. Therefore, before getting benefits brought by
the relay-assisted network, it is necessary to obtain accurate channel state information (CSI)
at the destination or relays. In this thesis, we also consider the training design for channel
estimation in the AF relay network.
The involvement of multiple relay nodes to exploit space diversity in cooperative communications
requires sophisticated and complicated protocols, which poses a difficulty in avoiding
all possible misbehaving relay nodes. Therefore, the channel estimation scheme in cooperative
communication network needs to be robust against the possible relay misbehaviors. However,
most prior works focused on developing channel estimation schemes by assuming perfect relayassisted
communication protocol. By contrast, this work focuses on designing robust channel
estimation schemes to combat the possible presence of the relay misbehaviors. Besides considering
the robust design against relay misbehaviors, this work also considers more general channel
model when designing the training sequence and channel estimation scheme. Specifically, in
contrast to assume independent channels across relays, this thesis considers the correlated channels
in both phases and the correlated noises in the first phase. Overall, the main problem of
this work is to design robust channel estimation and training sequences against relay misbehaviors
when the communication channels within the cooperative network are not restricted to
be independent.
|
15 |
Malicious URL Detection in Social NetworkSu, Qun-kai 15 August 2011 (has links)
Social network web sites become very popular nowadays. Users can establish connections with other users forming a social network, and quickly share information, photographs, and videos with friends. Malwares called social network worms can send text messages with malicious URLs by employing social engineering techniques. They are trying let users click malicious URL and infect users. Also, it can quickly attack others by infected user accounts in social network. By curiosity, most users click it without validation. This thesis proposes a malicious URL detection method used in Facebook wall, which used heuristic features with high classification property and machine learning algorithm, to predict the safety of URL messages. Experiments show that, the proposed approach can achieve about 96.3% of True Positive Rate, 95.4% of True Negative Rate, and 95.7% of Accuracy.
|
16 |
Malicious Web Page Detection Based on Anomaly BehaviorTsai, Wan-yi 04 February 2009 (has links)
Because of the convenience of the Internet, we rely closely on the Internet to do information searching and sharing, forum discussion, and online services. However, most of the websites we visit are developed by people with limited security knowledge, and this condition results in many vulnerabilities in web applications. Unfortunately, hackers have successfully taken advantage of these vulnerabilities to inject malicious JavaScript into compromised web pages to trigger drive-by download attacks.
Based on our long time observation of malicious web pages, malicious web pages have unusual behavior for evading detection which makes malicious web pages different form normal ones. Therefore, we propose a client-side malicious web page detection mechanism named Web Page Checker (WPC) which is based on anomaly behavior tracing and analyzing to identify malicious web pages. The experimental results show that our method can identify malicious web pages and alarm the website visitors efficiently.
|
17 |
Understanding and Defending Against Malicious Identities in Online Social NetworksCao, Qiang January 2014 (has links)
<p>Serving more than one billion users around the world, today's online </p><p>social networks (OSNs) pervade our everyday life and change the way people </p><p>connect and communicate with each other. However, the open nature of </p><p>OSNs attracts a constant interest in attacking and exploiting them. </p><p>In particular, they are vulnerable to various attacks launched through </p><p>malicious accounts, including fake accounts and compromised real user </p><p>accounts. In those attacks, malicious accounts are used to send out </p><p>spam, spread malware, distort online voting, etc.</p><p>In this dissertation, we present practical systems that we have designed </p><p>and built to help OSNs effectively throttle malicious accounts. The overarching </p><p>contribution of this dissertation is the approaches that leverage the fundamental </p><p>weaknesses of attackers to defeat them. We have explored defense schemes along </p><p>two dimensions of an attacker's weaknesses: limited social relationships </p><p>and strict economic constraints.</p><p>The first part of this dissertation focuses on how to leverage social </p><p>relationship constraints to detect fake accounts. We present SybilRank, a novel </p><p>social-graph-based detection scheme that can scale up to OSNs with billions of </p><p>users. SybilRank is based on the observation that the social connections between </p><p>fake accounts and real users, called attack edges, are limited. It formulates </p><p>the detection as scalable user ranking according to the landing probability of </p><p>early-terminated random walks on the social graph. SybilRank generates an informative </p><p>user-ranked list with a substantial fraction of fake accounts at the bottom, </p><p>and bounds the number of fake accounts that are ranked higher than legitimate </p><p>users to O(log n) per attack edge, where n is the total number of users. We have </p><p>demonstrated the scalability of SybilRank via a prototype on Hadoop MapReduce, </p><p>and its effectiveness in the real world through a live deployment at Tuenti, </p><p>the largest OSN in Spain.</p><p>The second part of this dissertation focuses on how to exploit an attacker's </p><p>economic constraints to uncover malicious accounts. We present SynchroTrap, a system </p><p>that uncovers large groups of active malicious accounts, including both fake </p><p>accounts and compromised accounts, by detecting their loosely synchronized actions.</p><p>The design of SynchroTrap is based on the observation that malicious accounts usually </p><p>perform loosely synchronized actions to accomplish an attack mission, due to </p><p>limited budgets, specific mission goals, etc. SynchroTrap transforms the detection </p><p>into a scalable clustering algorithm. It uncovers large groups of accounts </p><p>that act similarly at around the same time for a sustained period of time. To </p><p>handle the enormous volume of user action data in large OSNs, we designed SynchroTrap</p><p>as an incremental processing system that processes small data chunks on a daily </p><p>basis but aggregates the computational results over the continuous data stream. </p><p>We implemented SynchroTrap on Hadoop and Giraph, and we deployed it on Facebook </p><p>and Instagram. This deployment has resulted in the unveiling of millions of malicious </p><p>accounts and thousands of large attack campaigns per month.</p> / Dissertation
|
18 |
Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation OntologiesLeithead, Travis S. 29 August 2005 (has links) (PDF)
This thesis challenges the assumption that policies will "play fair" within trust negotiation. Policies that do not "play fair" contain requirements for authentication that are misleading, irrelevant, and/or incorrect, based on the current transaction context. To detect these unfair policies, trust negotiation ontologies provide the context to determine the relevancy of a given credential set for a particular negotiation. We propose a credential relevancy framework for use in trust negotiation that utilizes ontologies to process the set of all available credentials C and produce a subset of credentials C' relevant to the context of a given negotiation. This credential relevancy framework reveals the credentials inconsistent with the current negotiation and detects potentially malicious policies that request these credentials. It provides a general solution for detecting policies that do not "play fair," such as those used in credential phishing attacks, malformed policies, and malicious strategies. This thesis motivates the need for a credential relevancy framework, outlines considerations for designing and implementing it (including topics that require further research), and analyzes a prototype implementation. The credential relevancy framework prototype, analyzed in this thesis, has the following two properties: first, it incurs less than 10% extra execution time compared to a baseline trust negotiation prototype (e.g., TrustBuilder); second, credential relevance determination does not compromise the desired goals of trust negotiation—transparent and automated authentication in open systems. Current trust negotiation systems integrated with a credential relevancy framework will be enabled to better defend against users that do not always "play fair" by incorporating a credential relevancy framework.
|
19 |
Detecting Malicious Software By DynamicexecutionDai, Jianyong 01 January 2009 (has links)
Traditional way to detect malicious software is based on signature matching. However, signature matching only detects known malicious software. In order to detect unknown malicious software, it is necessary to analyze the software for its impact on the system when the software is executed. In one approach, the software code can be statically analyzed for any malicious patterns. Another approach is to execute the program and determine the nature of the program dynamically. Since the execution of malicious code may have negative impact on the system, the code must be executed in a controlled environment. For that purpose, we have developed a sandbox to protect the system. Potential malicious behavior is intercepted by hooking Win32 system calls. Using the developed sandbox, we detect unknown virus using dynamic instruction sequences mining techniques. By collecting runtime instruction sequences in basic blocks, we extract instruction sequence patterns based on instruction associations. We build classification models with these patterns. By applying this classification model, we predict the nature of an unknown program. We compare our approach with several other approaches such as simple heuristics, NGram and static instruction sequences. We have also developed a method to identify a family of malicious software utilizing the system call trace. We construct a structural system call diagram from captured dynamic system call traces. We generate smart system call signature using profile hidden Markov model (PHMM) based on modularized system call block. Smart system call signature weakly identifies a family of malicious software.
|
20 |
Intelligent Honeypot Agents for Detection of Blackhole Attack in Wireless Mesh NetworksPrathapani, Anoosha January 2010 (has links)
No description available.
|
Page generated in 0.0317 seconds