Spelling suggestions: "subject:"malware"" "subject:"salware""
11 |
Towards a Malware Language for Use with BERT Transformer—An Approach Using API Call SequencesOwens, Joshua 23 August 2022 (has links)
No description available.
|
12 |
Adapting Linguistic Deception Cues for Malware DetectionSeveryn, Stacie Noel January 2014 (has links)
No description available.
|
13 |
Caractérisation et détection de malware Android basées sur les flux d'information. / Characterization and detection of Android malware based on information flowsAndriatsimandefitra Ratsisahanana, Radoniaina 15 December 2014 (has links)
Les flux d’information sont des transferts d’information entre les objets d’un environnement donné. À l’échelle du système, pour toute information appartenant à une application donnée, les flux impliquant cette information décrivent comment l’application propage ses données dans le système et l’ensemble de ces flux peut ainsi être considéré comme un profil comportemental de l’application. À cause du nombre croissant d’applications malveillantes, il est devenu nécessaire d’explorer des nouvelles techniques permettant de faciliter voir automatiser l’analyse et la détection de malware. Dans cette thèse, nous proposons ainsi une méthode pour caractériser et détecter les malware Android en nous basant sur les flux d’information qu’ils causent dans le système. Cette méthode repose sur deux autres contributions de la thèse : AndroBlare, la version Android d’un moniteur de flux d’information du nom de Blare, et les graphes de flux système, une structure de donnée représentant de manière compacte et humainement compréhensible les flux d’information observés. Nous avons évalué avec succès notre approche en construisant le profil de 4 malware différents et avons montré que ces profils permettaient de détecter l’exécution d’applications infectées par les malware dont on a un profil. / : Information flows are information exchanges between objects in a given environment. At system level, information flows involving data belonging to a given application describe how this application disseminates its data in the system and can be considered as behaviour based profile of the application. Because of the increasing number of Android malware, there is an urgent need to explore new approaches to analyse and detect Android malware. In this thesis, we thus propose an approach to characterize and detect Android malware based on information flows they cause in the system. This approach leverages two other contributions of the thesis which are AndroBlare, the Android version of an information flow monitor named Blare, and the system flow graph, a data structure to represent in a compact and human readable way the information flows observed by AndroBlare. We successfully evaluated our approach by building the profile of 4 different malware and showed that these profiles permitted to detect the execution of applications infected by malware for which we have computed a profile.
|
14 |
Trestněprávní a kriminologické aspekty šíření ransomware / Criminal and criminological aspects of ransomware spreadingZavadil, Stanislav January 2019 (has links)
Criminal and criminological aspects of ransomware spreading Abstract This diploma thesis deals with issues of ransomware spreading and examines certain criminal and criminological aspects of this cybercrime phenomenon. Ransomware is malware that encrypts, blocks or prevents access to the computer system or data in a computer system. In connection to this, it demands monetary or other ransom. This diploma thesis firstly describes ransomware from the point of view of its function and technical aspects, including its history, categorization of its variations and description of several notable infection examples, namely WannaCry, Petya, DoubleLocker and Vir Policie. Following section describes possible criminal qualifications according to Czech substantive criminal law, including the consideration of specifics of different ransomware variations and potential development of this criminal aktivity. The final part focuses on criminological aspects of ransomware spreading. It beggins with a description of the crime status and dynamics, including further details about latency and trends. Then follows the description of perpetrator and victim in view of certain criminological theories. Finally, criminological part comprises a chapter about crime control and prevention, which includes practical parts that aim to help...
|
15 |
Concise Analysis of Malware BehaviorTsai, Hung-Shiuan 10 January 2012 (has links)
In recent years the popularity of the internet, the network not only providing information to the general users to browse the contents of the site, but also has some network service like e-mail, e-commerce, and social networks. Although these online services are convenient for general users, also provide the possible hackers to abuse these services through the internet to spread malware.
As the number of malware is increasing very fast, in order to understand the behavior of malware better, in the research we create a malware analysis environment, after the execute of malware samples to record the behavior of malware, and the behavior of malware to aggregation the original records to provide users with a summary analysis of the behavior. Which lists the important and malware-related behavior, if users need access to more detailed content and then further click to view.
In the research, use existing analysis tools and memory forensics technology for analysis. By memory forensics technology that can identify some malware that attempts to hide the behavior in order to detectability. In addition to record the behavior of malware, the present research get the original complex to integrate and simplify log file. The last of analysis generates a summary report, which lists the malware¡¦s main behavior. So that the user can grasp malware to the extent and scope of the impact, if necessary can further see a more complete record. Look forward to control the behavior of malware more easily and efficiently.
|
16 |
Evaluating tool based automated malware analysis through persistence mechanism detectionWebb, Matthew S. January 1900 (has links)
Master of Science / Department of Computer Science / Eugene Vasserman / Since 2014 there have been over 120 million new malicious programs registered every year. Due to the amount of new malware appearing every year, analysts have automated large sections of the malware reverse engineering process. Many automated analysis systems are created by re-implementing analysis techniques rather than automating existing tools that utilize the same techniques. New implementations take longer to create and do not have the same proven quality as a tool that evolved alongside malware for many years.
The goal of this study is to assess the efficiency and effectiveness of using existing tools for the application of automated malware analysis. This study focuses on the problem of discovering how malware persists on an infected system. Six tools are chosen based on their usefulness in manual analysis for revealing different persistence techniques employed by malware. The functions of these tools are automated in a fashion that emulates how they can be manually utilized, resulting in information about a tested sample. These six tools are tested against a collection of actual malware samples, pulled from malware families that are known for employing various persistence techniques. The findings are then scanned for indicators of persistence. The results of these tests are used to determine the smallest tool subset that discovers the largest range of persistence mechanisms. For each tool, implementation difficulty is compared to the number of indicators discovered to reveal the effectiveness of similar tools for future analysis applications.
The conclusion is that while the tools covered a wide range of persistence mechanisms, the standalone tools that were designed with scripting in mind were more effective than those with multiple system requirements or those with only a graphical interface. It was also discovered that the automation process limits functionality of some tools, as they are designed for analyst interaction. Regaining the tools’ functionality lost from automation to use them for other reverse
engineering applications could be cumbersome and could require necessary implementation overhauls. Finally, the more successful tools were able to detect a broader range of techniques, while some less successful tools could only detect a portion of the same techniques. This study concludes that while an analysis system can be created by automating existing tools, the characteristics of the tools chosen impact the workload required to automate them. A well-documented tool that is controllable through a command line interface that offers many configuration options will require less work for an analyst to automate than a tool with little documentation that can only be controlled through a graphical interface.
|
17 |
Ransomware : Ett modernt gisslandramaFrick, Jan, Sjöström, Andreas January 2016 (has links)
Ransomware är en sorts skadlig kod som krypterar vissa delar av ett datorsystem med så pass hög säkerhet att endast krypteringsnyckeln kan ge tillgång till filerna igen. Den ges mot betalning av en lösensumma. Antalet infekterade system har ökat kraftigt de senaste åren och det har utvecklats till en stor svart marknad som omsätter miljoner varje år. I detta arbete analyseras fyra sorters ransomware: Cryptowall, TeslaCrypt, CTB-Locker och Locky. Det dessa ransomware har gemensamt är att de krypterar filnamnen och innehållet i filerna med en okäckbar kod. Genom att infektera ett virtuellt system undersöks möjliga åtgärder för att återskapa filer efter att en infektion har skett. Analysen visar att filen vssadmin.exe spelar en betydande roll för de fyra sorters ransomwaren. Med hjälp av denna fil raderar ransomwaren alla tidigare skapade återställningspunkter, kallad Volume Snapshot Services, och därmed försvinner möjligheten att återställa filer till ett tidigare läge. Experimenten visar att genom att förhindra ransomwarens åtkomst till denna fil möjliggörs återställandet av mappar till ett tidigare läge, och därmed även återställandet av filerna, efter en ransomwareinfektion.
|
18 |
Kriminologické a trestněprávní aspekty fenoménu ransomware / Criminological and legal aspects of the ransomware phenomenonJohanovský, Tomáš January 2018 (has links)
Criminological and legal aspects of the ransomware phenomenon Abstract This diploma thesis deals with the current topic of cybercrime and focuses specifically on the phenomenon of ransomware on a scope unprecedented in Czech legal literature. Ransomware is a malicious code that interferes with the operation of a computer system, and later requires ransom for the victim to recover the access to the computer system and the data contained therein. Basic concepts necessary for the definition of ransomware (such as cyberspace, cybercrime, computer system, malicious code, cryptocurrency and darknet) are introduced and explained. The specificities of cybercrime and its development and current range in the Czech Republic are analysed. The main part of the text deals with the analysis of ransomware, starting with its history and leading to the possible future developments of ransomware. Different variants of ransomware are described such as false antivirus, police, locker and encryption ransomware. From a criminological point of view, the text focuses on the unique interaction of the perpetrator and the victim, which takes on surprising forms of customer support, answers to frequently asked questions and instructions for acquiring virtual currencies. Emphasis is placed on prevention efforts that can mitigate the...
|
19 |
Jämförelse av metoder för malwareanalysHjertsson, Emil, Kentsson, Henrik January 2013 (has links)
Att genomföra analys av malware är en viktig del i att få en bättre förståelse för hur det fungerar och beter sig när det drabbar ett system. Själva genomförandet av analysen kan göras på olika vis. Detta arbete tittar närmare på tre metoder för att analysera malware och ser vilken information de ger. Genom de experiment som utförs på ett malware som går under namnet BetaBot skapas en bättre förståelse för hur just detta malware fungerar. Målet är bland annat att jämföra de olika analysmetoder som valts ut och se hur de förhåller sig till varandra. Den grundläggande statiska analysen ger viss information om ett malware. Dock är den inte tillräcklig för att veta vad det gör. Vidare undersöks den dynamiska analysen, som till skillnad från den automatiserade kan ge ytterligare information om malwarebeteende. Dock är den metoden mer tidskrävande och skapar en stor informationsmängd som måste bearbetas. Utifrån resultaten drar vi slutsatsen att den automatiserade analysen, som är en slags kombination av statisk och dynamisk analys, är ett lämpligt första steg vid analys av malware. Denna metod ger snabbt resultat och en överskådlig bild av ett analyserat malware.
|
20 |
Practical, Large-Scale Detection of Obfuscated Malware Code Via Flow Dependency IndexingJin, Wesley 01 May 2014 (has links)
Malware analysts often need to search large corpuses of obfuscated binaries for particular sequences of related instructions. The use of simple tactics, such as dead code insertion and register renaming, prevents the use of conventional, big-data search indexes. Current, state of the art malware detectors are unable to handle the size of the dataset due to their iterative approach to comparing files. Furthermore, current work is also frequently designed to act as a detector and not a search tool. I propose a system that exploits the observation that many data/control-flow relationships between instructions are preserved in the presence of obfuscations. The system will extract chains of flow-dependent instructions from a binary’s Program Dependence Graph (PDG). It will then use a representation of each chain as a key for an index that points to lists of functions (and their corresponding files). Analysts will be able to quickly search for instruction sequences by querying the index.
|
Page generated in 0.0361 seconds