Visible to the public Biblio

Filters: Keyword is antivirus  [Clear All Filters]
2020-12-07
Sundar, S., Yellai, P., Sanagapati, S. S. S., Pradhan, P. C., Y, S. K. K. R..  2019.  Remote Attestation based Software Integrity of IoT devices. 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). :1–4.
Internet of Things is the new paradigm towards which the world is moving today. As these devices proliferate, security issues at these scales become more and more intimidating. Traditional approach like an antivirus does not work well with these devices and there is a need to look for a more trusted solution. For a device with reasonable computational power, we use a software trusted platform module for the cryptographic operations. In this paper, we have developed a model to remotely attest to the integrity of the processes running in the device. We have also explored the various features of the TPM (Trusted Platform Module) to gain insight into its working and also to ascertain those which can make this process better. This model depends on the server and the TPM to behave as roots of trust for this model. The client computes the HMAC (Hashed Message Authentication Code) values and appends a nonce and sends these values periodically to the server via asymmetric encryption. The HMAC values are verified by the server by comparing with its known good values (KGV) and the trustworthiness of the process is determined and accordingly an authorization response is sent.
2020-10-26
Yaswinski, Matthew R., Chowdhury, Md Minhaz, Jochen, Mike.  2019.  Linux Security: A Survey. 2019 IEEE International Conference on Electro Information Technology (EIT). :357–362.
Linux is used in a large variety of situations, from private homes on personal machines to businesses storing personal data on servers. This operating system is often seen as more secure than Windows or Mac OS X, but this does not mean that there are no security concerns to be had when running it. Attackers can crack simple passwords over a network, vulnerabilities can be exploited if firewalls do not close enough ports, and malware can be downloaded and run on a Linux system. In addition, sensitive information can be accessed through physical or network access if proper permissions are not set on the files or directories containing it. However, most of these attacks can be prevented by keeping a system up to date, maintaining a secure firewall, using an antivirus, making complex passwords, and setting strong file permissions. This paper presents a list of methods for securing a Linux system from both external and internal threats.
2020-09-04
Asish, Madiraju Sairam, Aishwarya, R..  2019.  Cyber Security at a Glance. 2019 Fifth International Conference on Science Technology Engineering and Mathematics (ICONSTEM). 1:240—245.
The privacy of people on internet is getting reduced day by day. Data records of many prestigious organizations are getting corrupted due to computer malwares. Computer viruses are becoming more advanced. Hackers are able penetrate into a network and able to manipulate data. In this paper, describes the types of malwares like Trojans, boot sector virus, polymorphic virus, etc., and some of the hacking techniques which include DOS attack, DDoS attack, brute forcing, man in the middle attack, social engineering, information gathering tools, spoofing, sniffing. Counter measures for cyber attacks include VPN, proxy, tor (browser), firewall, antivirus etc., to understand the need of cyber security.
2019-03-28
Al-Saleh, Mohammed I., Hamdan, Hanan M..  2018.  On Studying the Antivirus Behavior on Kernel Activities. Proceedings of the 2018 International Conference on Internet and E-Business. :158-161.
Security is of concern of any computing system. Intruders break into machines to steal private data, important credentials, or credit cards. Causing damage, denying services, spaming, and defrauding are among intruders' goals. Security engineers strive to secure systems against many kinds of attacks. Different security controls are deployed at variety of perimeters to fight attacks. Firewalls, intrusion detection systems, intrusion prevention systems, encryption techniques, spam filters, and anti-adware are among such security controls. As a last line of defense, the Antivirus (AV) is of an important concern to the end-users community. Mainly, the AV achieves security by scanning data against its database of virus signatures. In addition, the AV tries to reach a pleasant balance between security and performance because end-users are not willing to deploy a performance-killing AV. When to scan data is an important design factor an Antivirus has to make. In this study, we test two AV aspects. First, we want to know how aggressive the AV is against kernel-level activities compared with user-level activities. In order to do that, we implemented a kernel-level device driver that reads malware with the present of the AV. Second, because AVs are equipped with on-access scanners that are triggered based on file access, we want to know how the AV is achieving that and how that could affect the overall performance.
2017-11-03
Scaife, N., Carter, H., Traynor, P., Butler, K. R. B..  2016.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data. 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). :303–312.

Ransomware is a growing threat that encrypts auser's files and holds the decryption key until a ransom ispaid by the victim. This type of malware is responsible fortens of millions of dollars in extortion annually. Worse still, developing new variants is trivial, facilitating the evasion of manyantivirus and intrusion detection systems. In this work, we presentCryptoDrop, an early-warning detection system that alerts a userduring suspicious file activity. Using a set of behavior indicators, CryptoDrop can halt a process that appears to be tampering witha large amount of the user's data. Furthermore, by combininga set of indicators common to ransomware, the system can beparameterized for rapid detection with low false positives. Ourexperimental analysis of CryptoDrop stops ransomware fromexecuting with a median loss of only 10 files (out of nearly5,100 available files). Our results show that careful analysis ofransomware behavior can produce an effective detection systemthat significantly mitigates the amount of victim data loss.

2015-05-05
Kumar, S., Rama Krishna, C., Aggarwal, N., Sehgal, R., Chamotra, S..  2014.  Malicious data classification using structural information and behavioral specifications in executables. Engineering and Computational Sciences (RAECS), 2014 Recent Advances in. :1-6.

With the rise in the underground Internet economy, automated malicious programs popularly known as malwares have become a major threat to computers and information systems connected to the internet. Properties such as self healing, self hiding and ability to deceive the security devices make these software hard to detect and mitigate. Therefore, the detection and the mitigation of such malicious software is a major challenge for researchers and security personals. The conventional systems for the detection and mitigation of such threats are mostly signature based systems. Major drawback of such systems are their inability to detect malware samples for which there is no signature available in their signature database. Such malwares are known as zero day malware. Moreover, more and more malware writers uses obfuscation technology such as polymorphic and metamorphic, packing, encryption, to avoid being detected by antivirus. Therefore, the traditional signature based detection system is neither effective nor efficient for the detection of zero-day malware. Hence to improve the effectiveness and efficiency of malware detection system we are using classification method based on structural information and behavioral specifications. In this paper we have used both static and dynamic analysis approaches. In static analysis we are extracting the features of an executable file followed by classification. In dynamic analysis we are taking the traces of executable files using NtTrace within controlled atmosphere. Experimental results obtained from our algorithm indicate that our proposed algorithm is effective in extracting malicious behavior of executables. Further it can also be used to detect malware variants.