Visible to the public Biblio

Found 457 results

Filters: Keyword is Malware  [Clear All Filters]
2022-08-12
Al Khayer, Aala, Almomani, Iman, Elkawlak, Khaled.  2020.  ASAF: Android Static Analysis Framework. 2020 First International Conference of Smart Systems and Emerging Technologies (SMARTTECH). :197–202.
Android Operating System becomes a major target for malicious attacks. Static analysis approach is widely used to detect malicious applications. Most of existing studies on static analysis frameworks are limited to certain features. This paper presents an Android Static Analysis Framework (ASAF) which models the overall static analysis phases and approaches for Android applications. ASAF can be implemented for different purposes including Android malicious apps detection. The proposed framework utilizes a parsing tool, Android Static Parse (ASParse) which is also introduced in this paper. Through the extendibility of the ASParse tool, future research studies can easily extend the parsed features and the parsed files to perform parsing based on their specific requirements and goals. Moreover, a case study is conducted to illustrate the implementation of the proposed ASAF.
Stiévenart, Quentin, Roover, Coen De.  2020.  Compositional Information Flow Analysis for WebAssembly Programs. 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM). :13–24.
WebAssembly is a new W3C standard, providing a portable target for compilation for various languages. All major browsers can run WebAssembly programs, and its use extends beyond the web: there is interest in compiling cross-platform desktop applications, server applications, IoT and embedded applications to WebAssembly because of the performance and security guarantees it aims to provide. Indeed, WebAssembly has been carefully designed with security in mind. In particular, WebAssembly applications are sandboxed from their host environment. However, recent works have brought to light several limitations that expose WebAssembly to traditional attack vectors. Visitors of websites using WebAssembly have been exposed to malicious code as a result. In this paper, we propose an automated static program analysis to address these security concerns. Our analysis is focused on information flow and is compositional. For every WebAssembly function, it first computes a summary that describes in a sound manner where the information from its parameters and the global program state can flow to. These summaries can then be applied during the subsequent analysis of function calls. Through a classical fixed-point formulation, one obtains an approximation of the information flow in the WebAssembly program. This results in the first compositional static analysis for WebAssembly. On a set of 34 benchmark programs spanning 196kLOC of WebAssembly, we compute at least 64% of the function summaries precisely in less than a minute in total.
Andes, Neil, Wei, Mingkui.  2020.  District Ransomware: Static and Dynamic Analysis. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1–6.
Ransomware is one of the fastest growing threats to internet security. New Ransomware attacks happen around the globe, on a weekly basis. These attacks happen to individual users and groups, from almost any type of business. Many of these attacks involve Ransomware as a service, where one attacker creates a template Malware, which can be purchased and modified by other attackers to perform specific actions. The District Ransomware was a less well-known strain. This work focuses on statically and dynamically analyzing the District Ransomware and presenting the results.
Ajiri, Victor, Butakov, Sergey, Zavarsky, Pavol.  2020.  Detection Efficiency of Static Analyzers against Obfuscated Android Malware. 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :231–234.
Mobile antivirus technologies incorporate static analysis which involves the analysis of programs without its execution. This process relies on pattern matching against a signature repository to identify malware, which can be easily tricked by transformation techniques such as obfuscation. Obfuscation as an evasion technique renders character strings disguised and incomprehensive, to prevent tampering and reengineering, which poses to be a valuable technique malware developers adopt to evade detection. This paper attempts to study the detection efficiency of static analyzers against obfuscated Android malware. This study is the first step in a larger project attempting to improve the efficiency of malware detectors.
Li, Ziqing, Feng, Guiling.  2020.  Inter-Language Static Analysis for Android Application Security. 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE). :647–650.
The Android application market will conduct various security analysis on each application to predict its potential harm before put it online. Since almost all the static analysis tools can only detect malicious behaviors in the Java layer, more and more malwares try to avoid static analysis by taking the malicious codes to the Native layer. To provide a solution for the above situation, there's a new research aspect proposed in this paper and defined as Inter-language Static Analysis. As all the involved technologies are introduced, the current research results of them will be captured in this paper, such as static analysis in Java layer, binary analysis in Native layer, Java-Native penetration technology, etc.
2022-08-02
Karthikeyan, P., Anandaraj, S.P., Vignesh, R., Poornima, S..  2021.  Review on Trustworthy Analysis in binary code. 2021 7th International Conference on Advanced Computing and Communication Systems (ICACCS). 1:1386—1389.
The software industry is dominating many are like health care, finance, agriculture and entertainment. Software security has become an essential issue-outsider libraries, which assume a significant part in programming. The finding weaknesses in the binary code is a significant issue that presently cannot seem to be handled, as showed by numerous weaknesses wrote about an everyday schedule. Software seller sells the software to the client if the client wants to check the software's vulnerability it is a cumbersome task. Presently many deep learning-based methods also introduced to find the security weakness in the binary code. This paper present the merits and demerits of binary code analysis used by a different method.
2022-07-15
McDonnell, Serena, Nada, Omar, Abid, Muhammad Rizwan, Amjadian, Ehsan.  2021.  CyberBERT: A Deep Dynamic-State Session-Based Recommender System for Cyber Threat Recognition. 2021 IEEE Aerospace Conference (50100). :1—12.
Session-based recommendation is the task of predicting user actions during short online sessions. The user is considered to be anonymous in this setting, with no past behavior history available. Predicting anonymous users' next actions and their preferences in the absence of historical user behavior information is valuable from a cybersecurity and aerospace perspective, as cybersecurity measures rely on the prompt classification of novel threats. Our offered solution builds upon the previous representation learning work originating from natural language processing, namely BERT, which stands for Bidirectional Encoder Representations from Transformers (Devlin et al., 2018). In this paper we propose CyberBERT, the first deep session-based recommender system to employ bidirectional transformers to model the intent of anonymous users within a session. The session-based setting lends itself to applications in threat recognition, through monitoring of real-time user behavior using the CyberBERT architecture. We evaluate the efficiency of this dynamic state method using the Windows PE Malware API sequence dataset (Catak and Yazi, 2019), which contains behavior for 7107 API call sequences executed by 8 classes of malware. We compare the proposed CyberBERT solution to two high-performing benchmark algorithms on the malware dataset: LSTM (Long Short-term Memory) and transformer encoder (Vaswani et al., 2017). We also evaluate the method using the YOOCHOOSE 1/64 dataset, which is a session-based recommendation dataset that contains 37,483 items, 719,470 sessions, and 31,637,239 clicks. Our experiments demonstrate the advantage of a bidirectional architecture over the unidirectional approach, as well as the flexibility of the CyberBERT solution in modelling the intent of anonymous users in a session. Our system achieves state-of-the-art measured by F1 score on the Windows PE Malware API sequence dataset, and state-of-the-art for P@20 and MRR@20 on YOOCHOOSE 1/64. As CyberBERT allows for user behavior monitoring in the absence of behavior history, it acts as a robust malware classification system that can recognize threats in aerospace systems, where malicious actors may be interacting with a system for the first time. This work provides the backbone for systems that aim to protect aviation and aerospace applications from prospective third-party applications and malware.
2022-07-14
Pagán, Alexander, Elleithy, Khaled.  2021.  A Multi-Layered Defense Approach to Safeguard Against Ransomware. 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). :0942–0947.
There has been a significant rise in ransomware attacks over the last few years. Cyber attackers have made use of tried and true ransomware viruses to target the government, health care, and educational institutions. Ransomware variants can be purchased on the dark web by amateurs giving them the same attack tools used by professional cyber attackers without experience or skill. Traditional antivirus and antimalware products have improved, but they alone fall short when it comes to catching and stopping ransomware attacks. Employee training has become one of the most important aspects of being prepared for attempted cyberattacks. However, training alone only goes so far; human error is still the main entry point for malware and ransomware infections. In this paper, we propose a multi-layered defense approach to safeguard against ransomware. We have come to the startling realization that it is not a matter of “if” your organization will be hit with ransomware, but “when” your organization will be hit with ransomware. If an organization is not adequately prepared for an attack or how to respond to an attack, the effects can be costly and devastating. Our approach proposes having innovative antimalware software on the local machines, properly configured firewalls, active DNS/Web filtering, email security, backups, and staff training. With the implementation of this layered defense, the attempt can be caught and stopped at multiple points in the event of an attempted ransomware attack. If the attack were successful, the layered defense provides the option for recovery of affected data without paying a ransom.
2022-07-12
Kanca, Ali Melih, Sagiroglu, Seref.  2021.  Sharing Cyber Threat Intelligence and Collaboration. 2021 International Conference on Information Security and Cryptology (ISCTURKEY). :167—172.
With the developing technology, cyber threats are developing rapidly, and the motivations and targets of cyber attackers are changing. In order to combat these threats, cyber threat information that provides information about the threats and the characteristics of the attackers is needed. In addition, it is of great importance to cooperate with other stakeholders and share experiences so that more information about threat information can be obtained and necessary measures can be taken quickly. In this context, in this study, it is stated that the establishment of a cooperation mechanism in which cyber threat information is shared will contribute to the cyber security capacity of organizations. And using the Zack Information Gap analysis, the deficiency of organizations in sharing threat information were determined and suggestions were presented. In addition, there are cooperation mechanisms in the USA and the EU where cyber threat information is shared, and it has been evaluated that it would be beneficial to establish a similar mechanism in our country. Thus, it is evaluated that advanced or unpredictable cyber threats can be detected, the cyber security capacities of all stakeholders will increase and a safer cyber ecosystem will be created. In addition, it is possible to collect, store, distribute and share information about the analysis of cyber incidents and malware analysis, to improve existing cyber security products or to encourage new product development, by carrying out joint R&D studies among the stakeholders to ensure that domestic and national cyber security products can be developed. It is predicted that new analysis methods can be developed by using technologies such as artificial intelligence and machine learning.
Wang, Peiran, Sun, Yuqiang, Huang, Cheng, Du, Yutong, Liang, Genpei, Long, Gang.  2021.  MineDetector: JavaScript Browser-side Cryptomining Detection using Static Methods. 2021 IEEE 24th International Conference on Computational Science and Engineering (CSE). :87—93.
Because of the rise of the Monroe coin, many JavaScript files with embedded malicious code are used to mine cryptocurrency using the computing power of the browser client. This kind of script does not have any obvious behaviors when it is running, so it is difficult for common users to witness them easily. This feature could lead the browser side cryptocurrency mining abused without the user’s permission. Traditional browser security strategies focus on information disclosure and malicious code execution, but not suitable for such scenes. Thus, we present a novel detection method named MineDetector using a machine learning algorithm and static features for automatically detecting browser-side cryptojacking scripts on the websites. MineDetector extracts five static feature groups available from the abstract syntax tree and text of codes and combines them using the machine learning method to build a powerful cryptojacking classifier. In the real experiment, MineDetector achieves the accuracy of 99.41% and the recall of 93.55% and has better performance in time comparing with present dynamic methods. We also made our work user-friendly by developing a browser extension that is click-to-run on the Chrome browser.
Tekiner, Ege, Acar, Abbas, Uluagac, A. Selcuk, Kirda, Engin, Selcuk, Ali Aydin.  2021.  SoK: Cryptojacking Malware. 2021 IEEE European Symposium on Security and Privacy (EuroS&P). :120—139.
Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting programs (e.g., Zoom during the Covid-19 pandemic) have all been the victims of powerful cryptojacking malware campaigns. Nonetheless, existing detection methods such as browser extensions that protect users with blacklist methods or antivirus programs with different analysis methods can only provide a partial panacea to this emerging crypto-jacking issue as the attackers can easily bypass them by using obfuscation techniques or changing their domains or scripts frequently. Therefore, many studies in the literature proposed cryptojacking malware detection methods using various dynamic/behavioral features. However, the literature lacks a systemic study with a deep understanding of the emerging cryptojacking malware and a comprehensive review of studies in the literature. To fill this gap in the literature, in this SoK paper, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and 45 major attack instances. Finally, we also present lessons learned and new research directions to help the research community in this emerging area.
Lachtar, Nada, Elkhail, Abdulrahman Abu, Bacha, Anys, Malik, Hafiz.  2021.  An Application Agnostic Defense Against the Dark Arts of Cryptojacking. 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :314—325.
The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications.
2022-06-14
Tan, Soo-Fun, Lo, Ka-Man Chirs, Leau, Yu-Beng, Chung, Gwo-Chin, Ahmedy, Fatimah.  2021.  Securing mHealth Applications with Grid-Based Honey Encryption. 2021 IEEE International Conference on Artificial Intelligence in Engineering and Technology (IICAIET). :1–5.
Mobile healthcare (mHealth) application and technologies have promised their cost-effectiveness to enhance healthcare quality, particularly in rural areas. However, the increased security incidents and leakage of patient data raise the concerns to address security risks and privacy issues of mhealth applications urgently. While recent mobile health applications that rely on password-based authentication cannot withstand password guessing and cracking attacks, several countermeasures such as One-Time Password (OTP), grid-based password, and biometric authentication have recently been implemented to protect mobile health applications. These countermeasures, however, can be thwarted by brute force attacks, man-in-the-middle attacks and persistent malware attacks. This paper proposed grid-based honey encryption by hybridising honey encryption with grid-based authentication. Compared to recent honey encryption limited in the hardening password attacks process, the proposed grid-based honey encryption can be further employed against shoulder surfing, smudge and replay attacks. Instead of rejecting access as a recent security defence mechanism in mobile healthcare applications, the proposed Grid-based Honey Encryption creates an indistinct counterfeit patient's record closely resembling the real patients' records in light of each off-base speculation legitimate password.
2022-06-09
Saputro, Elang Dwi, Purwanto, Yudha, Ruriawan, Muhammad Faris.  2021.  Medium Interaction Honeypot Infrastructure on The Internet of Things. 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS). :98–102.
New technologies from day to day are submitted with many vulnerabilities that can make data exploitation. Nowadays, IoT is a target for Cybercrime attacks as it is one of the popular platforms in the century. This research address the IoT security problem by carried a medium-interaction honeypot. Honeypot is one of the solutions that can be done because it is a system feed for the introduction of attacks and fraudulent devices. This research has created a medium interaction honeypot using Cowrie, which is used to maintain the Internet of Things device from malware attacks or even attack patterns and collect information about the attacker's machine. From the result analysis, the honeypot can record all trials and attack activities, with CPU loads averagely below 6,3%.
2022-05-19
Fursova, Natalia, Dovgalyuk, Pavel, Vasiliev, Ivan, Klimushenkova, Maria, Egorov, Danila.  2021.  Detecting Attack Surface With Full-System Taint Analysis. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :1161–1162.
Attack surface detection for the complex software is needed to find targets for the fuzzing, because testing the whole system with many inputs is not realistic. Researchers that previously applied taint analysis for dealing with different security tasks in the virtual machines did not examined how to apply it for attack surface detection. I.e., getting the program modules and functions, that may be affected by input data. We propose using taint tracking within a virtual machine and virtual machine introspection to create a new approach that can detect the internal module interfaces that can be fuzz tested to assure that software is safe or find the vulnerabilities.
Sharma, Anurag, Mohanty, Suman, Islam, Md. Ruhul.  2021.  An Experimental Analysis on Malware Detection in Executable Files using Machine Learning. 2021 8th International Conference on Smart Computing and Communications (ICSCC). :178–182.
In the recent time due to advancement of technology, Malware and its clan have continued to advance and become more diverse. Malware otherwise Malicious Software consists of Virus, Trojan horse, Adware, Spyware etc. This said software leads to extrusion of data (Spyware), continuously flow of Ads (Adware), modifying or damaging the system files (Virus), or access of personal information (Trojan horse). Some of the major factors driving the growth of these attacks are due to poorly secured devices and the ease of availability of tools in the Internet with which anyone can attack any system. The attackers or the developers of Malware usually lean towards blending of malware into the executable file, which makes it hard to detect the presence of malware in executable files. In this paper we have done experimental study on various algorithms of Machine Learning for detecting the presence of Malware in executable files. After testing Naïve Bayes, KNN and SVM, we found out that SVM was the most suited algorithm and had the accuracy of 94%. We then created a web application where the user could upload executable file and test the authenticity of the said executable file if it is a Malware file or a benign file.
2022-05-12
Şengül, Özkan, Özkılıçaslan, Hasan, Arda, Emrecan, Yavanoğlu, Uraz, Dogru, Ibrahim Alper, Selçuk, Ali Aydın.  2021.  Implementing a Method for Docker Image Security. 2021 International Conference on Information Security and Cryptology (ISCTURKEY). :34–39.
Containers that can be easily created, transported and scaled with the use of container-based virtualization technologies work better than classical virtualization technologies and provide efficient resource usage. The Docker platform is one of the most widely used solutions among container-based virtualization technologies. The OS-level virtualization of the Docker platform and the container’s use of the host operating system kernel may cause security problems. In this study, a method including static and dynamic analysis has been proposed to ensure Docker image and container security. In the static analysis phase of the method, the packages of the images are scanned for vulnerabilities and malware. In the dynamic analysis phase, Docker containers are run for a certain period of time, after the open port scanning, network traffic is analyzed with the Snort3. Seven Docker images are analyzed and the results are shared.
2022-05-03
Hassan, Rakibul, Rafatirad, Setareh, Homayoun, Houman, Dinakarrao, Sai Manoj Pudukotai.  2021.  Performance-aware Malware Epidemic Confinement in Large-Scale IoT Networks. ICC 2021 - IEEE International Conference on Communications. :1—6.

As millions of IoT devices are interconnected together for better communication and computation, compromising even a single device opens a gateway for the adversary to access the network leading to an epidemic. It is pivotal to detect any malicious activity on a device and mitigate the threat. Among multiple feasible security threats, malware (malicious applications) poses a serious risk to modern IoT networks. A wide range of malware can replicate itself and propagate through the network via the underlying connectivity in the IoT networks making the malware epidemic inevitable. There exist several techniques ranging from heuristics to game-theory based technique to model the malware propagation and minimize the impact on the overall network. The state-of-the-art game-theory based approaches solely focus either on the network performance or the malware confinement but does not optimize both simultaneously. In this paper, we propose a throughput-aware game theory-based end-to-end IoT network security framework to confine the malware epidemic while preserving the overall network performance. We propose a two-player game with one player being the attacker and other being the defender. Each player has three different strategies and each strategy leads to a certain gain to that player with an associated cost. A tailored min-max algorithm was introduced to solve the game. We have evaluated our strategy on a 500 node network for different classes of malware and compare with existing state-of-the-art heuristic and game theory-based solutions.

Tantawy, Ashraf.  2021.  Automated Malware Design for Cyber Physical Systems. 2021 9th International Symposium on Digital Forensics and Security (ISDFS). :1—6.

The design of attacks for cyber physical systems is critical to assess CPS resilience at design time and run-time, and to generate rich datasets from testbeds for research. Attacks against cyber physical systems distinguish themselves from IT attacks in that the main objective is to harm the physical system. Therefore, both cyber and physical system knowledge are needed to design such attacks. The current practice to generate attacks either focuses on the cyber part of the system using IT cyber security existing body of knowledge, or uses heuristics to inject attacks that could potentially harm the physical process. In this paper, we present a systematic approach to automatically generate integrity attacks from the CPS safety and control specifications, without knowledge of the physical system or its dynamics. The generated attacks violate the system operational and safety requirements, hence present a genuine test for system resilience. We present an algorithm to automate the malware payload development. Several examples are given throughout the paper to illustrate the proposed approach.

2022-04-25
Rescio, Tommaso, Favale, Thomas, Soro, Francesca, Mellia, Marco, Drago, Idilio.  2021.  DPI Solutions in Practice: Benchmark and Comparison. 2021 IEEE Security and Privacy Workshops (SPW). :37–42.
Having a clear insight on the protocols carrying traffic is crucial for network applications. Deep Packet Inspection (DPI) has been a key technique to provide visibility into traffic. DPI has proven effective in various scenarios, and indeed several open source DPI solutions are maintained by the community. Yet, these solutions provide different classifications, and it is hard to establish a common ground truth. Independent works approaching the question of the quality of DPI are already aged and rely on limited datasets. Here, we test if open source DPI solutions can provide useful information in practical scenarios, e.g., supporting security applications. We provide an evaluation of the performance of four open-source DPI solutions, namely nDPI, Libprotoident, Tstat and Zeek. We use datasets covering various traffic scenarios, including operational networks, IoT scenarios and malware. As no ground truth is available, we study the consistency of classification across the solutions, investigating rootcauses of conflicts. Important for on-line security applications, we check whether DPI solutions provide reliable classification with a limited number of packets per flow. All in all, we confirm that DPI solutions still perform satisfactorily for well-known protocols. They however struggle with some P2P traffic and security scenarios (e.g., with malware traffic). All tested solutions reach a final classification after observing few packets with payload, showing adequacy for on-line applications.
2022-04-19
Wai, Fok Kar, Thing, Vrizlynn L. L..  2021.  Clustering Based Opcode Graph Generation for Malware Variant Detection. 2021 18th International Conference on Privacy, Security and Trust (PST). :1–11.
Malwares are the key means leveraged by threat actors in the cyber space for their attacks. There is a large array of commercial solutions in the market and significant scientific research to tackle the challenge of the detection and defense against malwares. At the same time, attackers also advance their capabilities in creating polymorphic and metamorphic malwares to make it increasingly challenging for existing solutions. To tackle this issue, we propose a methodology to perform malware detection and family attribution. The proposed methodology first performs the extraction of opcodes from malwares in each family and constructs their respective opcode graphs. We explore the use of clustering algorithms on the opcode graphs to detect clusters of malwares within the same malware family. Such clusters can be seen as belonging to different sub-family groups. Opcode graph signatures are built from each detected cluster. Hence, for each malware family, a group of signatures is generated to represent the family. These signatures are used to classify an unknown sample as benign or belonging to one the malware families. We evaluate our methodology by performing experiments on a dataset consisting of both benign files and malware samples belonging to a number of different malware families and comparing the results to existing approach.
Johnson, Andrew, Haddad, Rami J..  2021.  Evading Signature-Based Antivirus Software Using Custom Reverse Shell Exploit. SoutheastCon 2021. :1–6.
Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program.
Arfeen, Asad, Ahmed, Saad, Khan, Muhammad Asim, Jafri, Syed Faraz Ali.  2021.  Endpoint Detection Amp; Response: A Malware Identification Solution. 2021 International Conference on Cyber Warfare and Security (ICCWS). :1–8.
Malicious hackers breach security perimeters, cause infrastructure disruptions as well as steal proprietary information, financial data, and violate consumers' privacy. Protection of the whole organization by using the firm's security officers can be besieged with faulty warnings. Engineers must shift from console to console to put together investigative clues as a result of today's fragmented security technologies that cause frustratingly sluggish investigations. Endpoint Detection and Response (EDR) solutions adds an extra layer of protection to prevent an endpoint action into a breach. EDR is the region's foremost detection and response tool that combines endpoint and network data to recognize and respond to sophisticated threats. Offering unrivaled security and operational effectiveness, it integrates prevention, investigation, detection, and responding in a single platform. EDR provides enterprise coverage and uninterrupted defense with its continuous monitoring and response to threats. We have presented a comprehensive review of existing EDRs through various security layers that includes detection, response and management capabilities which enables security teams to have unified end-to-end corporate accessibility, powerful analytics along with additional features such as web threat scan, external device scan and automatic reaction across the whole technological tower.
Wang, Xiaomeng, Wang, Jiajie, Guan, Zhibin, Xin, Wei, Cui, Jing.  2021.  Mining String Feature for Malicious Binary Detection Based on Normalized CNN. 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS). :748–752.
Most famous malware defense tools depend on a large number of detect rules, which are time consuming to develop and require lots of professional experience. Meanwhile, even commercial tools may show high false-negative for some new coming malware, whose patterns were not curved in the prepared rules. This paper proposed the Normalized CNN based Malicious binary Detection method on condition of String, Feature mining (NCMDSF) to address the above problems. Firstly, amount of string feature was extracted from thousands of windows binary applications. Secondly, a 3-layer normalized CNN model, with normalization layer other than down sampling layer, was fit to detect malware. Finally, the proposed method NCMDSF was evaluated to discover malware from more than 1,000 windows binary applications by K-fold cross validation. Experimental results showed that, NCMDSF was superior to some other learning-based methods, including classical CNN, LSTM, normalized LSTM, and won higher true positive rate on the condition of same false positive rate. Furthermore, it successfully avoids over-fitting that occurs in deep learning methods without using normalization.
2022-04-13
Abdiyeva-Aliyeva, Gunay, Hematyar, Mehran, Bakan, Sefa.  2021.  Development of System for Detection and Prevention of Cyber Attacks Using Artifıcial Intelligence Methods. 2021 2nd Global Conference for Advancement in Technology (GCAT). :1—5.
Artificial intelligence (AI) technologies have given the cyber security industry a huge leverage with the possibility of having significantly autonomous models that can detect and prevent cyberattacks – even though there still exist some degree of human interventions. AI technologies have been utilized in gathering data which can then be processed into information that are valuable in the prevention of cyberattacks. These AI-based cybersecurity frameworks have commendable scalability about them and are able to detect malicious activities within the cyberspace in a prompter and more efficient manner than conventional security architectures. However, our one or two completed studies did not provide a complete and clear analyses to apply different machine learning algorithms on different media systems. Because of the existing methods of attack and the dynamic nature of malware or other unwanted software (adware etc.) it is important to automatically and systematically create, update and approve malicious packages that can be available to the public. Some of Complex tests have shown that DNN performs maybe can better than conventional machine learning classification. Finally, we present a multiple, large and hybrid DNN torrent structure called Scale-Hybrid-IDS-AlertNet, which can be used to effectively monitor to detect and review the impact of network traffic and host-level events to warn directly or indirectly about cyber-attacks. Besides this, they are also highly adaptable and flexible, with commensurate efficiency and accuracy when it comes to the detection and prevention of cyberattacks.There has been a multiplicity of AI-based cyber security architectures in recent years, and each of these has been found to show varying degree of effectiveness. Deep Neural Networks, which tend to be more complex and even more efficient, have been the major focus of research studies in recent times. In light of the foregoing, the objective of this paper is to discuss the use of AI methods in fighting cyberattacks like malware and DDoS attacks, with attention on DNN-based models.