• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 33
  • 5
  • 2
  • 2
  • 1
  • 1
  • Tagged with
  • 52
  • 52
  • 22
  • 20
  • 19
  • 18
  • 11
  • 8
  • 7
  • 7
  • 7
  • 7
  • 6
  • 6
  • 6
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Adapting Linguistic Deception Cues for Malware Detection

Severyn, Stacie Noel January 2014 (has links)
No description available.
2

Analysis of Evasion Techniques in Web-based Malware

Lu, Gen January 2013 (has links)
Web-based mechanisms, often mediated by malicious JavaScript code, play an important role in malware delivery today, making defenses against web-based malware crucial for system security. To make it even more challenging, malware authors often take advantage of various evasion techniques to evade detection. As a result, a constant arms race of evasion and detection techniques between malware authors and security analysts has led to advancement in code obfuscation and anti-analysis techniques. This dissertation focuses on the defenses against web-based malware protected by advanced evasion techniques from both defensive and offensive perspectives. From a defensive perspective, we examine existing evasion techniques and propose deobfuscation and detection approaches to defeating some popular techniques used by web-based malware today. In the case of code-unfolding based obfuscation, we use a semantics-based approach to simplify away obfuscations by identifying code that is relevant to the behavior of the original program. In the case of environment-dependent malware, we propose environmental predicate, which detects behavior discrepancy of JavaScript program between targeted browser and detector sandbox, therefore protecting users from possible detection false negatives caused by environmental triggers. From an offensive perspective, we analyze existing detection techniques to examining their assumptions and study how these assumptions can be broken. We also propose a combination of obfuscation and anti-analysis techniques, targeting these limitations, which can hide existing web-based malware from state-of-the-art detectors.
3

Android malware detection using network-based approaches

Alfs, Emily January 1900 (has links)
Master of Science / Department of Mathematics / Nathan Albin / This thesis is focused on the use of networks to identify potentially malicious Android applications. There are many techniques that determine if an application is malicious, and they are ever-changing. Techniques to identify malicious applications must be robust as the schemes of creating malicious applications are changing as well. We propose the use of a network-based approach that is potentially effective at separating malicious from benign apps, given a small and noisy training set. The applications in our data set come from the Google Play Store and have been scanned for malicious behavior using Virus Total to produce a ground truth dataset. The apps in the resulting dataset have been represented as binary feature vectors (where the features represent permissions, intent actions, discriminative APIs, obfuscation signatures, and native code signatures). We use the feature vectors corresponding to apps to build a weighted network that captures the \closeness" between applications. We propagate labels, benign or malicious, from the labeled applications that form the training set to unlabeled applications (which we aim to label), and evaluate the effectiveness of the proposed approach in terms of precision, recall and F1-measure. We outline the algorithms for propagating labels that were used in our research and discuss the fine tuning of hyper-parameters. We compare our results to known supervised learning algorithms, such as k-nearest-neighbors and Naive Bayes, that can be used to learn classifiers from the training labeled data and subsequently use the classifiers to label the unlabeled test data. We discuss potential improvements on our methods and ways to further this research.
4

Snort Rule Generation for Malware Detection Using the GPT2 Transformer

Laryea, Ebenezer Nii Afotey 04 July 2022 (has links)
Natural Language machine learning methods are applied to rules generated to identify malware at the network level. These rules use a computer-based signature specification "language" called Snort. Using Natural Language processing techniques and other machine learning methods, new rules are generated based on a training set of existing Snort rule signatures for a specific type of malware family. The performance is then measured, in terms of the detection of existing types of malware and the number of "false positive" triggering events.
5

A multi-layer approach to designing secure systems: from circuit to software

Zhou, Boyou 04 June 2019 (has links)
In the last few years, security has become one of the key challenges in computing systems. Failures in the secure operations of these systems have led to massive information leaks and cyber-attacks. Case in point, the identity leaks from Equifax in 2016, Spectre and Meltdown attacks to Intel and AMD processors in 2017, Cyber-attacks on Facebook in 2018. These recent attacks have shown that the intruders attack different layers of the systems, from low-level hardware to software as a service(SaaS). To protect the systems, the defense mechanisms should confront the attacks in the different layers of the systems. In this work, we propose four security mechanisms for computing systems: (i ) using backside imaging to detect Hardware Trojans (HTs) in Application Specific Integrated Circuits (ASICs) chips, (ii ) developing energy-efficient reconfigurable cryptographic engines, (iii) examining the feasibility of malware detection using Hardware Performance Counters (HPC). Most of the threat models assume that the root of trust is the hardware running beneath the software stack. However, attackers can insert malicious hardware blocks, i.e. HTs, into the Integrated Circuits (ICs) that provide back-doors to the attackers or leak confidential information. HTs inserted during fabrication are extremely hard to detect since their overheads in performance and power are below the variations in the performance and power caused by manufacturing. In our work, we have developed an optical method that identifies modified or replaced gates in the ICs. We use the near-infrared light to image the ICs because silicon is transparent to near-infrared light and metal reflects infrared light. We leverage the near-infrared imaging to identify the locations of each gate, based on the signatures of metal structures reflected by the lowest metal layer. By comparing the imaged results to the pre-fabrication design, we can identify any modifications, shifts or replacements in the circuits to detect HTs. With the trust of the silicon, the computing system must use secure communication channels for its applications. The low-energy cost devices, such as the Internet of Things (IoT), leverage strong cryptographic algorithms (e.g. AES, RSA, and SHA) during communications. The cryptographic operations cause the IoT devices a significant amount of power. As a result, the power budget limits their applications. To mitigate the high power consumption, modern processors embed these cryptographic operations into hardware primitives. This also improves system performance. The hardware unit embedded into the processor provides high energy-efficiency, low energy cost. However, hardware implementations limit flexibility. The longevity of theIoTs can exceed the lifetime of the cryptographic algorithms. The replacement of the IoT devices is costly and sometimes prohibitive, e.g., monitors in nuclear reactors.In order to reconfigure cryptographic algorithms into hardware, we have developed a system with a reconfigurable encryption engine on the Zedboard platform. The hardware implementation of the engine ensures fast, energy-efficient cryptographic operations. With reliable hardware and secure communication channels in place, the computing systems should detect any malicious behaviors in the processes. We have explored the use of the Hardware Performance Counters (HPCs) in malware detection. HPCs are hardware units that count micro-architectural events, such as cache hits/misses and floating point operations. Anti-virus software is commonly used to detect malware but it also introduces performance overhead. To reduce anti-virus performance overhead, many researchers propose to use HPCs with machine learning models in malware detection. However, it is counter-intuitive that the high-level program behaviors can manifest themselves in low-level statics. We perform experiments using 2 ∼ 3 × larger program counts than the previous works and perform a rigorous analysis to determine whether HPCs can be used to detect malware. Our results show that the False Discovery Rate of malware detection can reach 20%. If we deploy this detection system on a fresh installed Windows 7 systems, among 1,323 binaries, 198 binaries would be flagged as malware.
6

Context for API Calls in Malware vs Benign Programs

Chandrasekaran, Monika 04 October 2021 (has links)
No description available.
7

HuntChain Project : A blockchain-based malware detection tool / HuntChain Project : Ett blockchain-baserat verktyg för upptäckt av skadlig kod

Kwefati, Anas January 2021 (has links)
Nowadays, malware attacks are increasing day by day, and are an ongoing problem for many entities (e.g. companies, institutions). One of the ways to prevent malware is by using tools such as an antivirus. Indeed, antivirus vendors have created databases containing malware data that are used to detect malware. However, the traditional way to store data is filled with many issues due to its centralized structure, which leads to having a single-point-of-failure. This project aims to answer the challenge of having a centralized structure for storing and sharing data through a system architecture using Design Science Methodology. Throughout the project an implementation of the system architecture has been developed, which lead to having a prototype named HuntChain. It is an on-demand scanning interface, which introduces a decentralized approach (through Blockchain Technology) for storing and sharing malware data, while still having the possibility to detect malware. This prototype has been evaluated in an artificial environment, which demonstrated the fulfillment of the requirements. The artefact also solves the issue of having antivirus databases overlapping with each other, which is a waste of resources. Finally, HuntChain has been developed with the idea that it has to be available to anyone, where any developer could improve, modify, and/or add new functionalities, therefore, it is available on GitHub as an open-source project.
8

Context-Aware Malware Detection Using Topic Modeling

Stegner, Wayne 28 September 2021 (has links)
No description available.
9

Building Android Malware Detection Architectures using Machine Learning

Mathur, Akshay January 2022 (has links)
No description available.
10

Malicious Game Client Detection Using Feature Extraction and Machine Learning

Austad, Spencer J. 20 November 2023 (has links) (PDF)
Minecraft, the world's best-selling video game, boasts a vast and vibrant community of users who actively develop third-party software for the game. However, it has also garnered notoriety as one of the most malware-infested gaming environments. This poses a unique challenge because Minecraft software has many community-specific nuances that make traditional malware analysis less effective. These differences include unique file types, differing code formats, and lack of standardization in user-generated content analysis. This research looks at Minecraft clients in the two most common formats: Portable Executable and Java Archive file formats. Feature correlation matrices showed that malware features are too complicated to analyze without advanced algorithms. The latest machine learning methods for malware analysis were employed to classify samples based on both behavioral features generated from running samples in a sandbox environment and static features through file-based analysis. A total sample set of 92 files was used and found that Portable Executable and Java Archive files have significantly different feature sets that are important for malware identification. This study was able to successfully classify 77.8% of all Portable Executable samples 84.2% of all Java Archive samples while maintaining high recall scores. This research, by shedding light on the intricacies of malware detection in Minecraft clients, provides a framework for a more nuanced and adaptable approach to game-related malware research.

Page generated in 0.0611 seconds