• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 13
  • 5
  • 3
  • 2
  • Tagged with
  • 30
  • 30
  • 11
  • 9
  • 9
  • 9
  • 8
  • 7
  • 6
  • 5
  • 5
  • 5
  • 4
  • 4
  • 4
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
21

Impersonating a sandbox against evasive malware

Lindorin, Axel January 2022 (has links)
The steadily increasing amount of malware puts an even larger amount of work required to analyze all the gathered samples. The current methods of analyzing malware come with their downsides such as inefficiency as a manual analysis requires a human or dynamic analysis that could be considered unreliable. The usage of dynamic malware analysis where the malware is executed in a sandbox environment is proven to be an efficient method of analyzing malware. As the techniques used to protect the system evolves, so do the attacking techniques. Some of the malware uses advanced evasion techniques to avoid detection from these sandbox analyzing environments, which causes the malware to be cleared and later executed in a real, target environment. These evasion techniques can find certain artifacts in the system which is inherent to a sandbox environment. Previous studies mention the lack of transparency between the virtual and physical host to be one of the bigger giveaways for the malware when looking for artifacts. There is also a grey area regarding how the malware acts and behaves, trying to assess and figure out if it is in a sandbox or not. This paper focused on creating a sandboxing analyzing environment within a physical machine, using all the dead giveaways by keeping the system as minimal as possible with only analyzing tools and software, in other words creating a fake sandbox environment. 12 samples of malware were analyzed in the two environments and the results show that the malware interacts more within the physical system and uses different APIs, System calls, and dlls compared to the virtual system. The malware samples, after its running process, resulted in similar activities on both systems which indicated that mimicking a sandbox could be effective to deter evasive malware.
22

Malware Analysis Skills Taught in University Courses

Gorugantu, Swetha 07 June 2018 (has links)
No description available.
23

Machine Learning for Malware Detection in Network Traffic

Omopintemi, A.H., Ghafir, Ibrahim, Eltanani, S., Kabir, Sohag, Lefoane, Moemedi 19 December 2023 (has links)
No / Developing advanced and efficient malware detection systems is becoming significant in light of the growing threat landscape in cybersecurity. This work aims to tackle the enduring problem of identifying malware and protecting digital assets from cyber-attacks. Conventional methods frequently prove ineffective in adjusting to the ever-evolving field of harmful activity. As such, novel approaches that improve precision while simultaneously taking into account the ever-changing landscape of modern cybersecurity problems are needed. To address this problem this research focuses on the detection of malware in network traffic. This work proposes a machine-learning-based approach for malware detection, with particular attention to the Random Forest (RF), Support Vector Machine (SVM), and Adaboost algorithms. In this paper, the model’s performance was evaluated using an assessment matrix. Included the Accuracy (AC) for overall performance, Precision (PC) for positive predicted values, Recall Score (RS) for genuine positives, and the F1 Score (SC) for a balanced viewpoint. A performance comparison has been performed and the results reveal that the built model utilizing Adaboost has the best performance. The TPR for the three classifiers performs over 97% and the FPR performs < 4% for each of the classifiers. The created model in this paper has the potential to help organizations or experts anticipate and handle malware. The proposed model can be used to make forecasts and provide management solutions in the network’s everyday operational activities.
24

Into the Gates of Troy : A Comparative Study of Antivirus Solutions for the Detection of Trojan Horse Malware.

Hinne, Tom January 2024 (has links)
In the continuously evolving field of malware investigation, a Trojan horse, which appears as innocent software from the user's perspective, represents a significant threat and challenge for antivirus solutions because of their deceptive nature and the various malicious functionalities they provide. This study will compare the effectiveness of three free antiviruses for Linux systems (DrWeb, ClamAV, ESET NOD32) against a dataset of 1919 Trojan malware samples. The evaluation will assess their detection capabilities, resource usage, and the core functionalities they offer. The results revealed a trade-off between these three aspects: DrWeb achieved the highest detection rate (93.43%) but consumed the most resources and provided the most comprehensive functionalities. While ClamAV balanced detection and resource usage with less functionality, ESET NOD32 prioritised low resource usage but showcased a lower detection rate than the other engines (80.93%). Interestingly, the results showed that the category of Trojan horse malware and the file format analysed can affect the detection capabilities of the evaluated antiviruses. This suggests that there is no “silver bullet” for Linux systems against Trojans, and further research in this area is needed to assess the detection capabilities of antivirus engines thoroughly and propose advanced detection methods for robust protection against Trojans on Linux systems.
25

Feature selection and clustering for malicious and benign software characterization

Chhabra, Dalbir Kaur R 13 August 2014 (has links)
Malware or malicious code is design to gather sensitive information without knowledge or permission of the users or damage files in the computer system. As the use of computer systems and Internet is increasing, the threat of malware is also growing. Moreover, the increase in data is raising difficulties to identify if the executables are malicious or benign. Hence, we have devised a method that collects features from portable executable file format using static malware analysis technique. We have also optimized the important or useful features by either normalizing or giving weightage to the feature. Furthermore, we have compared accuracy of various unsupervised learning algorithms for clustering huge dataset of samples. So once the clusters are created we can use antivirus (AV) to identify one or two file and if they are detected by AV then all the files in cluster are malicious even if the files contain novel or unknown malware; otherwise all are benign.
26

An Evaluation of Machine Learning Approaches for Hierarchical Malware Classification

Roth, Robin, Lundblad, Martin January 2019 (has links)
With an evermore growing threat of new malware that keeps growing in both number and complexity, the necessity for improvement in automatic detection and classification of malware is increasing. The signature-based approaches used by several Anti-Virus companies struggle with the increasing amount of polymorphic malware. The polymorphic malware change some minor aspects of the code to be able to remain undetected. Malware classification using machine learning have been used to try to solve this issue in previous research. In the proposed work, different hierarchical machine learning approaches are implemented to conduct three experiments. The methods utilise a hierarchical structure in various ways to be able to get a better classification performance. A selection of hierarchical levels and machine learning models are used in the experiments to evaluate how the results are affected. A data set is created, containing over 90000 different labelled malware samples. The proposed work also includes the creation of a labelling method that can be helpful for researchers in malware classification that needs labels for a created data set.The feature vector used contains 500 n-gram features and 3521 Import Address Table features. In the experiments for the proposed work, the thesis includes the testing of four machine learning models and three different amount of hierarchical levels. Stratified 5-fold cross validation is used in the proposed work to reduce bias and variance in the results. The results from the classification approach shows it achieves the highest hF-score, using Random Forest (RF) as the machine learning model and having four hierarchical levels, which got an hF-score of 0.858228. To be able to compare the proposed work with other related work, pure-flat classification accuracy was generated. The highest generated accuracy score was 0.8512816, which was not the highest compared to other related work.
27

Increased evasion resilience in modern PDF malware detectors : Using a more evasive training dataset / När surnar filen? : Obfuskeringsresistens vid detektion av skadliga PDF-filer

Ekholm, Oscar January 2022 (has links)
The large scale usage of the PDF coupled with its versatility has made the format an attractive target for carrying and deploying malware. Traditional antivirus software struggles against new malware and PDF's vast obfuscation options. In the search of better detection systems, machine learning based detectors have been developed. Although their approaches vary, some strictly examine structural features of the document whereas other examine the behavior of embedded code, they generally share high accuracy against the evaluation data they have been tested against. However, structural machine learning based PDF malware detectors have been found to be weak against targeted evasion attempts that may be found in more sophisticated malware. Such evasion attempts typically exploit knowledge of what the detection system associates with 'benign' and 'malicious' to emulate benign features or exploit a bug in the implementation, with the purpose of evading the detector. Since the introduction of such evasion attacks more structural detectors have been developed, without introducing mitigations against such evasion attacks. This thesis aggregates the existing knowledge of evasion strategies and applies them against a reproduction of a recent, not previously evasion tested, detection system and finds that it is susceptible to various evasion techniques. Additionally, the produced detector is experimentally trained with a combination of the standard data and the recently published CIC-Evasive-PDFMal2022 dataset which contains malware samples which display evasive properties. The evasive-trained detector is tested against the same set of evasion attacks. The results of the two detectors are compared, concluding that supplementing the training data with evasive samples results in a more evasion resilient detector. / Flexibiliteten och mångsidigheten hos PDF-filer har gjort dessa till attraktiva attackvektorer, där en användare eller ett system riskerar att utsättas för skadlig kod vid läsning av dessa filer. Som åtgärd har formatsspecifika, vanligtvis maskininlärningsbaserade, detektorer utvecklats. Dessa detektorer ämnar att, givet en PDF-fil, ge ett svar: skadlig eller oskadlig, ofta genom att inspektera strukturella egenskaper hos dokumentet. Strukturella detektorer har påvisats sårbara mot riktade undvikningsattacker som, genom att efterlikna egenskaper hos oskadliga dokument, lyckas smuggla skadliga dokument förbi sådana detektorer. Trots detta har liknande detektorer fortsatt utvecklas, utan att implementera försvar mot sådana attacker. Detta arbete testar en modern strukturell detektor med undvikningsattacker bestående av attackfiler av olika obfuskeringsnivåer och bekräftar att dessa svagheter kvarstår. Dessutom prövas en experimentell försvarsåtgärd i form av att tillsätta typiskt normavvikande PDF-filer (från datasetet CIC-Evasive-PDFMal2022) till träningssteget under konstruktionen av detektorn, för att identifiera hur detta påverkar resistensen mot undvikningsattacker. Detektorvarianterna prövas mot samma attackfiler för att jämföras mot varandra. Resultaten från detta påvisar en ökad resistens i detektorn med tillskottet av avikande träningsdata.
28

Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting

Saradha, R January 2014 (has links) (PDF)
In the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families. The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion.
29

Emulátor byte kódu jazyka Java vhodný pro detekci a analýzu malware / Java Byte Code Emulator Suitable for Malware Detection and Analysis

Kubernát, Tomáš January 2013 (has links)
The goal of this thesis is to create a virtual machine that emulates a running programs written in Java programing language, which would be suitable for malware analysis and detection. The emulator is able to detect arguments of exploitable methods from Java standard classes, the order of calling these exploitable methods and also execution the test application. Overall functionality was tested on appropriate examples in which held its own measurements. At the end of the paper we describe testing of the emulator, which also contains tables and graphs for better results visualization.
30

Towards Representation Learning for Robust Network Intrusion Detection Systems

Ryan John Hosler (18369510) 03 June 2024 (has links)
<p dir="ltr">This research involves numerous network intrusion techniques through novel applications of graph representation learning and image representation learning. The methods are tested on multiple publicly available network flow datasets.</p>

Page generated in 0.053 seconds