scholarly journals First byte: Force-based clustering of filtered block N-grams to detect code reuse in malicious software

2013 ◽  
Author(s):  
Jason Upchurch ◽  
Xiaobo Zhou
Keyword(s):  
Malicious Software ◽  
Code Reuse

scholarly journals Malware Detection Based on Code Visualization and Two-Level Classification

Information ◽  
2021 ◽  
Vol 12 (3) ◽  
pp. 118
Author(s):  
Vassilios Moussas ◽  
Antonios Andreatos
Keyword(s):  
Web Applications ◽  
Detection System ◽  
Malware Detection ◽  
Image Features ◽  
Malicious Code ◽  
Malware Analysis ◽  
Malicious Software ◽  
Antivirus Software ◽  
Malware Classification ◽  
Artificial Neural Network Ann

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

scholarly journals Hfinger: Malware HTTP Request Fingerprinting

Entropy ◽  
2021 ◽  
Vol 23 (5) ◽  
pp. 507
Author(s):  
Piotr Białczak ◽  
Wojciech Mazurczyk
Keyword(s):  
Real World ◽  
Network Traffic ◽  
Experimental Evaluation ◽  
Data Sets ◽  
Real World Data ◽  
Malicious Software ◽  
Default Mode ◽  
World Data ◽  
Effectiveness Analysis ◽  
Http Protocol

Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8–34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.

Developing an Algorithm for the Application of Bayesian Method to Software Using Artificial Immune Systems

2021 ◽  
Author(s):  
Shafagat Mahmudova
Keyword(s):  
Immune System ◽  
Artificial Immune System ◽  
Bayesian Method ◽  
Artificial Immune Systems ◽  
Artificial Immune ◽  
Computational System ◽  
Malicious Software ◽  
Immune Systems ◽  
Advantages And Disadvantages ◽  
Protection Systems

Abstract This study provides information on artificial immune systems. The artificial immune system is an adaptive computational system that uses models, principles, mechanisms and functions to describe and solve the problems in theoretical immunology. Its application in various fields of science is explored. The theory of natural immune systems and the key features and algorithms of artificial immune system are analyzed. The advantages and disadvantages of protection systems based on artificial immune systems are shown. The methods for malicious software detection are studied. Some works in the field of artificial immune systems are analyzed, and the problems to be solved are identified. A new algorithm is developed for the application of Bayesian method in software using artificial immune systems, and experiments are implemented. The results of the experiment are estimated to be good. The advantages and disadvantages of AIS were shown. To eliminate the disadvantages, perfect AISs should be developed to enable the software more efficient and effective.

Increasing Code Reuse

2019 ◽  
pp. 63-107
Author(s):  
Alejandro Serrano Mena
Keyword(s):  
Code Reuse
Sign in / Sign up

Export Citation Format

Share Document