A Bray-Curtis Weighted Automaton for Detecting Malicious Code Through System-Call Analysis

2009 ◽  
Author(s):  
Ciprian-Petrisor Pungila
Keyword(s):  
Malicious Code ◽  
System Call ◽  
Weighted Automaton

scholarly journals Testing Platform Invoke as a Tool for Shellcode Injection in Windows Applications

2021 ◽  
Vol 2096 (1) ◽  
pp. 012048
Author(s):  
V K Fedorov ◽  
E G Balenko ◽  
N V Gololobov ◽  
K E Izrailov
Keyword(s):  
Binary Code ◽  
Source Code ◽  
Malicious Code ◽  
System Call ◽  
System Calls ◽  
Injection Methods ◽  
Windows Applications ◽  
Control Modules ◽  
Analysis Models ◽  
Software Attacks

Abstract This paper investigates software attacks based on shellcode injection in Windows applications. The attack uses platform invoke to inject binary code by means of system calls. This creates a separate threat that carries the payload. The paper overviews protections against shellcode injection and thus analyzes the injection methods as well. Analysis models the injection of malicious code in a Windows app process. As a result, the paper proposes a step-by-step injection method. Experimental injection of user code in PowerShell is performed to test the method. The paper further shows the assembly code of the system call as an example of finding their IDs in the global system call table; it also shows part of the source code for the injection of binary executable code. Various counterattacks are proposed in the form of software control modules based on architecture drivers. The paper analyzes the feasibility of using dynamic invoke, which the authors plan to do later on.

scholarly journals Behavioral analysis of malicious code through network traffic and system call monitoring

2011 ◽  
Author(s):  
André R. A. Grégio ◽  
Dario S. Fernandes Filho ◽  
Vitor M. Afonso ◽  
Rafael D. C. Santos ◽  
Mario Jino ◽  
...  
Keyword(s):  
Network Traffic ◽  
Malicious Code ◽  
Behavioral Analysis ◽  
System Call ◽  
Call Monitoring

A Study of Malware Propagation Dynamics in Wireless Sensor Network using Spatially Correlated Security Model

2020 ◽  
Vol 13 ◽  
Author(s):  
Satya Ranjan Biswal ◽  
Santosh Kumar Swain
Keyword(s):  
Wireless Sensor Network ◽  
Sensor Network ◽  
Wireless Network ◽  
Spatial Correlation ◽  
Malicious Code ◽  
Wireless Sensor ◽  
Epidemic Theory ◽  
Malware Propagation ◽  
Proposed Model ◽  
Propagation Dynamics

: Security is one of the important concern in both types of the network. The network may be wired or wireless. In case of wireless network security provisioning is more difficult in comparison to wired network. Wireless Sensor Network (WSN) is also a type of wireless network. And due to resource constraints WSN is vulnerable against malware attacks. Initially, the malware (virus, worm, malicious code, etc.) targets a single node of WSN for attack. When a node of WSN gets infected then automatically start to spread in the network. If nodes are strongly correlated the malware spreads quickly in the network. On the other hand, if nodes are weakly correlated the speed of malware spread is slow. A mathematical model is proposed for the study of malware propagation dynamics in WSN with combination of spatial correlation and epidemic theory. This model is based on epidemic theory with spatial correlation. The proposed model is Susceptible-Exposed-Infectious-Recover-Dead (SEIRD) with spatial correlation. We deduced the expression of basic reproduction number. It helps in the study of malware propagation dynamics in WSN. The stability analysis of the network has been investigated through proposed model. This model also helps in reduction of redundant information and saving of sensor nodes’ energy in WSN. The theoretical investigation verified by simulation results. A spatial correlation based epidemic model has been formulated for the study of dynamic behaviour of malware attacks in WSN.

Imbalanced Data Detection Kernel Method in Closed Systems

2013 ◽  
Vol 756-759 ◽  
pp. 3652-3658
Author(s):  
You Li Lu ◽  
Jun Luo
Keyword(s):  
Kernel Methods ◽  
Kernel Method ◽  
Imbalanced Data ◽  
Data Detection ◽  
Data Sets ◽  
System Call ◽  
Data Set ◽  
Imbalanced Data Sets ◽  
Lower Complexity ◽  
Closed Systems

Under the study of Kernel Methods, this paper put forward two improved algorithm which called R-SVM & I-SVDD in order to cope with the imbalanced data sets in closed systems. R-SVM used K-means algorithm clustering space samples while I-SVDD improved the performance of original SVDD by imbalanced sample training. Experiment of two sets of system call data set shows that these two algorithms are more effectively and R-SVM has a lower complexity.

scholarly journals Malware Detection Based on Code Visualization and Two-Level Classification

Information ◽  
2021 ◽  
Vol 12 (3) ◽  
pp. 118
Author(s):  
Vassilios Moussas ◽  
Antonios Andreatos
Keyword(s):  
Web Applications ◽  
Detection System ◽  
Malware Detection ◽  
Image Features ◽  
Malicious Code ◽  
Malware Analysis ◽  
Malicious Software ◽  
Antivirus Software ◽  
Malware Classification ◽  
Artificial Neural Network Ann

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

scholarly journals Automatic Malicious Code Classification System through Static Analysis Using Machine Learning

Symmetry ◽  
2020 ◽  
Vol 13 (1) ◽  
pp. 35
Author(s):  
Sungjoong Kim ◽  
Seongkyu Yeom ◽  
Haengrok Oh ◽  
Dongil Shin ◽  
Dongkyoo Shin
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Information And Communication Technology ◽  
Communication Technology ◽  
Classification System ◽  
Daily Life ◽  
Malicious Code ◽  
Access To Information ◽  
Analysis Method ◽  
Information And Communication

The development of information and communication technology (ICT) is making daily life more convenient by allowing access to information at anytime and anywhere and by improving the efficiency of organizations. Unfortunately, malicious code is also proliferating and becoming increasingly complex and sophisticated. In fact, even novices can now easily create it using hacking tools, which is causing it to increase and spread exponentially. It has become difficult for humans to respond to such a surge. As a result, many studies have pursued methods to automatically analyze and classify malicious code. There are currently two methods for analyzing it: a dynamic analysis method that executes the program directly and confirms the execution result, and a static analysis method that analyzes the program without executing it. This paper proposes a static analysis automation technique for malicious code that uses machine learning. This classification system was designed by combining a method for classifying malicious code using a portable executable (PE) structure and a method for classifying it using a PE structure. The system has 98.77% accuracy when classifying normal and malicious files. The proposed system can be used to classify various types of malware from PE files to shell code.

Sign in / Sign up

Export Citation Format

Share Document