scholarly journals Investigating Anti-Evasion Malware Triggers Using Automated Sandbox Reconfiguration Techniques

2020 ◽  
Vol 1 (1) ◽  
pp. 19-39
Author(s):  
Alan Mills ◽  
Phil Legg
Keyword(s):  
Cyber Security ◽  
Virtual Machines ◽  
Production Systems ◽  
Automated Analysis ◽  
Adverse Impact ◽  
Security Threats ◽  
Malware Analysis ◽  
Systematic Testing ◽  
Wear And Tear ◽  
Evasive Malware

Malware analysis is fundamental for defending against prevalent cyber security threats and requires a means to deploy and study behavioural software traits as more sophisticated malware is developed. Traditionally, virtual machines are used to provide an environment that is isolated from production systems so as to not cause any adverse impact on existing infrastructure. Malware developers are fully aware of this and so will often develop evasion techniques to avoid detection within sandbox environments. In this paper, we conduct an investigation of anti-evasion malware triggers for uncovering malware that may attempt to conceal itself when deployed in a traditional sandbox environment. To facilitate our investigation, we developed a tool called MORRIGU that couples together both automated and human-driven analysis for systematic testing of anti-evasion methods using dynamic sandbox reconfiguration techniques. This is further supported by visualisation methods for performing comparative analysis of system activity when malware is deployed under different sandbox configurations. Our study reveals a variety of anti-evasion traits that are shared amongst different malware families, such as sandbox “wear-and-tear”, and Reverse Turing Tests (RTT), as well as more sophisticated malware samples that require multiple anti-evasion checks to be deployed. We also perform a comparative study using Cuckoo sandbox to demonstrate the limitations of adopting only automated analysis tools, to justify the exploratory analysis provided by MORRIGU. By adopting a clearer systematic process for uncovering anti-evasion malware triggers, as supported by tools like MORRIGU, this study helps to further the research of evasive malware analysis so that we can better defend against such future attacks.

scholarly journals Investigating Anti-Evasion Malware Triggers Using Automated Sandbox Reconfiguration Techniques

2020 ◽  
Author(s):  
Alan Mills ◽  
Phil Legg
Keyword(s):  
Cyber Security ◽  
Virtual Machines ◽  
Production Systems ◽  
Automated Analysis ◽  
Adverse Impact ◽  
Security Threats ◽  
Malware Analysis ◽  
Systematic Testing ◽  
Wear And Tear ◽  
Evasive Malware

Malware analysis is fundamental for defending against prevalent cyber security threats, and requires a means to deploy and study behavioural software traits as more sophisticated malware is developed. Traditionally, virtual machines are used to provide an environment that is isolated from production systems so as to not cause any adverse impact on existing infrastructure. Malware developers are fully aware of this and so will often develop evasion techniques to avoid detection within sandbox environments. In this paper, we conduct an investigation of anti-evasion malware triggers for uncovering malware that may attempt to conceal itself when deployed in a traditional sandbox environment. To facilitate our investigation, we developed a tool called MORRIGU that couples together both automated and human-driven analysis for systematic testing of anti-evasion methods using dynamic sandbox reconfiguration techniques. This is further supported by visualisation methods for performing comparative analysis of system activity when malware is deployed under different sandbox configurations. Our study reveals a variety of anti-evasion traits that are shared amongst different malware families, such as sandbox `wear-and-tear', and Reverse Turing Tests (RTT), as well as more sophisticated malware samples that require multiple anti-evasion checks to be deployed. We also perform a comparative study using Cuckoo sandbox to demonstrate the limitations of adopting only automated analysis tools, to justify the exploratory analysis provided by MORRIGU. By adopting a clearer systematic process for uncovering anti-evasion malware triggers, as supported by tools like MORRIGU, this study helps to further the research of evasive malware analysis so that we can better defend against such future attacks.

scholarly journals Investigating Anti-Evasion Malware Triggers Using Automated Sandbox Reconfiguration Techniques

2020 ◽  
Author(s):  
Alan Mills ◽  
Phil Legg
Keyword(s):  
Cyber Security ◽  
Visual Analytics ◽  
Virtual Machines ◽  
Production Systems ◽  
Automated Analysis ◽  
Malware Analysis ◽  
Efficient Manner ◽  
Wear And Tear ◽  
Testing Approach ◽  
Evasive Malware

Malware analysis is fundamental for defending against prevalent cyber security threats, and requires a means to deploy and study behavioural software traits as more sophisticated malware is developed. Traditionally, virtual machines are used to provide an environment that is isolated from production systems so as to not cause any adverse impact on existing infrastructure. Malware developers are fully aware of this and so will often develop evasion techniques to avoid detection within sandbox environments. In this paper, we conduct an investigation into anti-evasion malware triggers for uncovering malware behaviours that may act benign when they detect a traditional sandbox environment. To facilitate our investigation, we developed a dynamic sandbox reconfiguration tool called MORRIGU that couples together both automated and human-driven analysis for anti-evasion configuration testing, along with a visual analytics view for examining system behaviours and performing comparative analysis. Our study reveals a variety of anti-evasion traits that are shared amongst different malware families, such as sandbox `wear-and-tear’, and Reverse Turing Tests (RTT), as well as more sophisticated malware samples that require multiple anti-evasion checks to be deployed. Using a systematic testing approach such as MORRIGU enables test coverage of anti-evasion methods, whilst also offering flexibility for further human-driven analysis of additional evasion methods. We also perform a comparative study against automated analysis using Cuckoo sandbox to show that automated scoring alone can not reliably inform on the presence of evasive malware, hence requiring a more sophisticated anti-evasive testing approach. With a greater understanding of anti-evasion malware triggers and with appropriate tools to explore these in an effective and efficient manner, this study helps to advance research on how evasive malware is being utilised to evade analysis so that we can better defend against future attacks.

Issues in security and privacy of big data

2018 ◽  
Vol 7 (12) ◽  
pp. 1
Author(s):  
Shaveta Bhatia
Keyword(s):  
Cloud Computing ◽  
Big Data ◽  
Approximate Method ◽  
Biomedical Research ◽  
Cyber Security ◽  
Data Science ◽  
Third Party ◽  
Security And Privacy ◽  
Security Threats ◽  
The Third

 The epoch of the big data presents many opportunities for the development in the range of data science, biomedical research cyber security, and cloud computing. Nowadays the big data gained popularity.  It also invites many provocations and upshot in the security and privacy of the big data. There are various type of threats, attacks such as leakage of data, the third party tries to access, viruses and vulnerability that stand against the security of the big data. This paper will discuss about the security threats and their approximate method in the field of biomedical research, cyber security and cloud computing.

A Defense Mechanism Based on Improved Allocation Strategy of VMs Co-Resident Attack in Power Cloud Platform

2020 ◽  
Vol 13 ◽  
Author(s):  
Yuancheng Li ◽  
Pan Zhang ◽  
Daoxing Li ◽  
Jing Zeng
Keyword(s):  
Virtual Machine ◽  
Simulation Experiment ◽  
Virtual Machines ◽  
Defense Mechanism ◽  
Security Threats ◽  
Allocation Strategy ◽  
Cloud Platform ◽  
Deployment Strategy ◽  
Dbscan Algorithm ◽  
Maximum Minimum

Background: Cloud platform is widely used in electric power field. Virtual machine co-resident attack is one of the major security threats to the existing power cloud platform. Objective: This paper proposes a mechanism to defend virtual machine co-resident attack on power cloud platform. Method: Our defense mechanism uses the DBSCAN algorithm to classify and output the classification results through the random forest and uses improved virtual machine deployment strategy which combines the advantages of random round robin strategy and maximum/minimum resource strategy to deploy virtual machines. Results: we made a simulation experiment on power cloud platform of State Grid and verified the effectiveness of proposed defense deployment strategy. Conclusion: After the virtual machine deployment strategy is improved, the coverage of the virtual machine is remarkably reduced which proves that our defense mechanism achieves some effect of defending the virtual machine from virtual machine co-resident attack.

Classification of Cloud Systems Cyber-security Threats and Solutions Directives

2017 ◽  
Vol 2 (3) ◽  
pp. 1
Author(s):  
Hanane Bennasar ◽  
Mohammad Essaaidi ◽  
Ahmed Bendahmane ◽  
Jalel Benothmane
Keyword(s):  
Cloud Computing ◽  
Cyber Security ◽  
Data Security ◽  
Denial Of Service ◽  
Security Threats ◽  
Huge Number ◽  
Open Problems ◽  
Long Period ◽  
Near Future

Cloud computing cyber security is a subject that has been in top flight for a long period and even in near future. However, cloud computing permit to stock up a huge number of data in the cloud stockage, and allow the user to pay per utilization from anywhere via any terminal equipment. Among the major issues related to Cloud Computing security, we can mention data security, denial of service attacks, confidentiality, availability, and data integrity. This paper is dedicated to a taxonomic classification study of cloud computing cyber-security. With the main objective to identify the main challenges and issues in this field, the different approaches and solutions proposed to address them and the open problems that need to be addressed.

Cyber Security – Threats and Vulnerabilities to Road Transport

2016 ◽  
Author(s):  
Chris Reeves ◽  
Geoff Davis ◽  
David D. Ward ◽  
Tim Edwards ◽  
Alastair R. Ruddle
Keyword(s):  
Cyber Security ◽  
Road Transport ◽  
Security Threats

scholarly journals Guest Editorial: Introduction to the Special Section on Cyber Security Threats and Defense Advance

2020 ◽  
Vol 8 (2) ◽  
pp. 264-266
Author(s):  
Zhe Liu ◽  
Kim-Kwang Raymond Choo ◽  
Weiqiang Liu ◽  
Muhammad Khurram Khan
Keyword(s):  
Cyber Security ◽  
Guest Editorial ◽  
Special Section ◽  
Editorial Introduction ◽  
Security Threats

scholarly journals Hypervisor-assisted dynamic malware analysis

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Roee S. Leon ◽  
Michael Kiperberg ◽  
Anat Anatey Leon Zabag ◽  
Nezer Jacob Zaidenberg
Keyword(s):  
Dynamic Analysis ◽  
Static Analysis ◽  
Cyber Security ◽  
Malware Analysis ◽  
Analysis Tools ◽  
Significant Performance

AbstractMalware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis tools. Current dynamic analysis solutions either make modifications to the running malware or use a higher privilege component that does the actual analysis. The former can be easily detected by sophisticated malware while the latter often induces a significant performance overhead. We propose a method that performs malware analysis within the context of the OS itself. Furthermore, the analysis component is camouflaged by a hypervisor, which makes it completely transparent to the running OS and its applications. The evaluation of the system’s efficiency suggests that the induced performance overhead is negligible.

An investigation into the effect of cybersecurity on attack prevention strategies

2020 ◽  
pp. 53-60
Author(s):  
Mohammed I. Alghamdi ◽  
Keyword(s):  
Information Technology ◽  
Computer Networks ◽  
Cyber Security ◽  
Information Technologies ◽  
Vital Role ◽  
Cyber Attacks ◽  
Security Threats ◽  
Prevention Strategies ◽  
Sufficient Knowledge ◽  
Simplified Solution

Our economy, infrastructure and societies rely to a large extent on information technology and computer networks solutions. Increasing dependency on information technologies has also multiplied the potential hazards of cyber-attacks. The prime goal of this study is to critically examine how the sufficient knowledge of cyber security threats plays a vital role in detection of any intrusion in simple networks and preventing the attacks. The study has evaluated various literatures and peer reviewed articles to examine the findings obtained by consolidating the outcomes of different studies and present the final findings into a simplified solution.

Sign in / Sign up

Export Citation Format

Share Document