• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 132
  • 26
  • 12
  • 11
  • 9
  • 6
  • 4
  • 3
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 263
  • 117
  • 89
  • 81
  • 68
  • 44
  • 41
  • 40
  • 38
  • 37
  • 36
  • 35
  • 32
  • 29
  • 27
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
21

Understanding malware autostart techniques with web data extraction /

Gottlieb, Matthew. January 2009 (has links)
Thesis (M.S.)--Rochester Institute of Technology, 2009. / Typescript. Includes bibliographical references (leaves 44-45).
22

Tweet analysis for Android malware detection in Google Play Store

Fan, Zhiang January 1900 (has links)
Master of Science / Department of Computer Science / Major Professor Not Listed / There are many approaches to detect if an app is malware or benign, for example, using static or dynamic analysis. Static analysis can be used to look for APIs that are indicative of malware. Alternatively, emulating the app’s behavior using dynamic analysis can also help in detecting malware. Each type of approach has advantages and disadvantages. To complement existing approaches, in this report, I studied the use of Twitter data to identify malware. The dataset that I used consists of a large set of Android apps made available by AndroZoo. For each app, AndroZoo provides information on vt detection, which records number of anti-virus programs in VirusTotal that label the app as malware. As an additional source of information about apps, I crawled a large set of tweets and analyzed them to identify patterns of malware and benign apps in Twitter. Tweets were crawled based on keywords related to Google Play Store app links. A Google Play Store app link contains the corresponding app’s ID, which makes it easy to link tweets to apps. Certain fields of the tweets were analyzed by comparing patterns in malware versus benign apps, with the goal of identifying fields that are indicative of malware behavior. The classification label from AndroZoo was considered as ground truth.
23

A structured approach to malware detection and analysis in digital forensics investigation

AlMarri, Saeed January 2017 (has links)
Within the World Wide Web (WWW), malware is considered one of the most serious threats to system security with complex system issues caused by malware and spam. Networks and systems can be accessed and compromised by various types of malware, such as viruses, worms, Trojans, botnet and rootkits, which compromise systems through coordinated attacks. Malware often uses anti-forensic techniques to avoid detection and investigation. Moreover, the results of investigating such attacks are often ineffective and can create barriers for obtaining clear evidence due to the lack of sufficient tools and the immaturity of forensics methodology. This research addressed various complexities faced by investigators in the detection and analysis of malware. In this thesis, the author identified the need for a new approach towards malware detection that focuses on a robust framework, and proposed a solution based on an extensive literature review and market research analysis. The literature review focussed on the different trials and techniques in malware detection to identify the parameters for developing a solution design, while market research was carried out to understand the precise nature of the current problem. The author termed the new approaches and development of the new framework the triple-tier centralised online real-time environment (tri-CORE) malware analysis (TCMA). The tiers come from three distinctive phases of detection and analysis where the entire research pattern is divided into three different domains. The tiers are the malware acquisition function, detection and analysis, and the database operational function. This framework design will contribute to the field of computer forensics by making the investigative process more effective and efficient. By integrating a hybrid method for malware detection, associated limitations with both static and dynamic methods are eliminated. This aids forensics experts with carrying out quick, investigatory processes to detect the behaviour of the malware and its related elements. The proposed framework will help to ensure system confidentiality, integrity, availability and accountability. The current research also focussed on a prototype (artefact) that was developed in favour of a different approach in digital forensics and malware detection methods. As such, a new Toolkit was designed and implemented, which is based on a simple architectural structure and built from open source software that can help investigators develop the skills to critically respond to current cyber incidents and analyses.
24

Behavior-based Worm Detection

Stafford, John, Stafford, John January 2012 (has links)
The Internet has become a core component of our lives and businesses. Its reliability and availability are of paramount importance. There are many types of malware that impact the availability of the Internet, including network worms, bot-nets, viruses, etc. Detecting such attacks is a critical component of defending against them. This dissertation focuses on detecting and understanding self-propagating network worms, a type of malware with a proven record of disrupting the Internet. According to
25

Impact study of length in detecting algorithmically generated domains

Ahluwalia, Aashna 30 April 2018 (has links)
Domain generation algorithm (DGA) is a popular technique for evading detection used by many sophisticated malware families. Since the DGA domains are randomly generated, they tend to exhibit properties that are different from legitimate domain names. It is observed that shorter DGA domains used in emerging malware are more difficult to detect, in contrast to regular DGA domains that are unusually long. While length was considered as a contributing feature in earlier approaches, there has not been a systematic focus on how to leverage its impact on DGA domains detection accuracy. Through our study, we present a new detection model based on semantic and information theory features. The research applies concept of domain length threshold to detect DGA domains regardless of their lengths. The experimental evaluation of the proposed approach, using public datasets, yield a detection rate (DR) of 98.96% and a false positive rate (FPR) of 2.1%, when using random forests classification technique / Graduate
26

EARLY DETECTION OF INTRUSIONS AND MALWARE FOR LINUX BASED SYSTEMS

Xinrun Zhang (9856295) 08 March 2021 (has links)
<p>The system call based research for host intrusion detection systems (HIDSs) and Android malware detection systems (AMDSs) have been conducted over the past several years. Several HIDS and AMDS frameworks have been proposed using different intrusion and malware datasets. Security researchers have used several machine learning (ML) techniques to improve the classification performance with high accuracy and low false-alarm rate. However, the emphasis on real-world deployment of HIDS and AMDS for intrusion and malware detection is limited. To address this issue, we propose a system call traces processing framework with the ability to perform early detection of intrusions and malware. In the proposed framework, a limited number of system calls are analyzed which are invoked by the processes/applications during their early execution. To verify the efficiency, we perform the experiments on a publicly available intrusion dataset known as ADFA-LD dataset and a self-constructed dataset for Android environment. We analyze both the datasets with statistical methods, and process the selected traces with 2-4 gram model and Term Frequency–Inverse Document Frequency (TF-IDF) model during the extraction of features. We train six ML classifiers using the datasets including Decision Tree, Random Forest, Multi-layer Perceptron, K-nearest-neighbor, Multi-variable Naive Bayesian, and Support Vector Machine. The experimental results demonstrate that the performance of proposed HIDS and AMDS are similar to the approaches that used all the system calls invoked during the full execution of applications. We also develop a client-server architecture based Android app for our Android malware detection system.</p>
27

Dynamická analýza malware s cílem získávání indikátorů kompromitace a jejich následném využití

KUNC, Martin January 2019 (has links)
This master thesis focuses on collecting network indicators of compromise gathered by using dynamic malware analysis in real environment. It speculates on possibilities on how to approach such collection and the most suitable solution is selected. Gathered indicators of compromise are thoroughly analyzed and utilized for improving cyber-security of Czech Republic.
28

Analýza síťové komunikace Ransomware / Ransomware Traffic Analysis

Šrubař, Michal January 2017 (has links)
The focus of this work is crypto-ransomware; a variant of malware, an analysis of this malware&#8217;s network communication, and the identification of means by which it may be detected in the network. The thesis describes the methodology and environment in which the malware&#8217;s network communications were studied. The first part of the thesis provides a network traffic analysis of this type of malware with a focus on HTTP and DNS communication, including anomalies that can be observed in the network during this malware&#8217;s activity. The thesis also includes a discussion of the user behavior of devices infected by this type of malware. The resulting data was used to identify and describe four detection methods that are able to recognize the malware from its network communication using the HTTP protocol. Finally, a description of several signatures that can be used as indicators of a possible infection by this malware are provided.
29

Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting

Saradha, R January 2014 (has links) (PDF)
In the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families. The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion.
30

DETECTING PDF JAVASCRIPT MALWARE USING CLONE DETECTION

Karademir, SARUHAN 02 October 2013 (has links)
One common vector of malware is JavaScript in Adobe Acrobat (PDF) files. In this thesis, we investigate using near-miss clone detectors to find this malware. We start by collecting a set of PDF files containing JavaScript malware and a set with clean JavaScript from the VirusTotal repository. We use the NiCad clone detector to find the classes of clones in a small subset of the malicious PDF files. We evaluate how clone classes can be used to find similar malicious files in the rest of the malicious collection while avoiding files in the benign collection. Our results show that a 10% subset training set produced 75% detection of previously known malware with 0% false positives. We also used the NiCad as a pattern matcher for reflexive calls common in JavaScript malware. Our results show a 57% detection of malicious collection with no false positives. When the two experiments’ results are combined, the total coverage of malware rises to 85% and maintains 100% precision. The results are heavily affected by the third-party PDF to JavaScript extractor used. When only successfully extracted PDFs are considered, recall increases to 99% and precision remains at 100%. / Thesis (Master, Electrical & Computer Engineering) -- Queen's University, 2013-09-30 11:50:15.156

Page generated in 0.0352 seconds