Results 1 -
6 of
6
Opcode sequences as representation of executables for data-mining-based unknown malware detection
- INFORMATION SCIENCES 227
, 2013
"... Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a critical topic in computer security. Currently, signa ..."
Abstract
-
Cited by 12 (0 self)
- Add to MetaCart
(Show Context)
Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a critical topic in computer security. Currently, signature-based detection is the most widespread method used in commercial antivirus. In spite of the broad use of this method, it can detect malware only after the malicious executable has already caused damage and provided the malware is adequately documented. Therefore, the signature-based method consistently fails to detect new malware. In this paper, we propose a new method to detect unknown malware families. This model is based on the frequency of the appearance of opcode sequences. Furthermore, we describe a technique to mine the relevance of each opcode and assess the frequency of each opcode sequence. In addition, we provide empirical validation that this new method is capable of detecting unknown malware.
Collective classification for packed executable identification
- In ACM CEAS
, 2011
"... Malware is any software designed to harm computers. Com-mercial anti-virus are based on signature scanning, which is a technique effective only when the malicious executa-bles have been previously analysed and identified. Malware writers employ several techniques in order to hide their ac-tual behav ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Malware is any software designed to harm computers. Com-mercial anti-virus are based on signature scanning, which is a technique effective only when the malicious executa-bles have been previously analysed and identified. Malware writers employ several techniques in order to hide their ac-tual behaviour. Executable packing consists in encrypting or hiding the real payload of the executable. Generic unpack-ing techniques do not depend on the packer used, as they execute the binary within an isolated environment (namely ‘sandbox’) to gather the real code of the packed executable. However, this approach is slow and, therefore, a filter step is required to determine when an executable has been packed. To this end, supervised machine learning approaches trained with static features from the executables have been pro-posed. Notwithstanding, supervised learning methods need the identification and labelling of a high number of packed and not packed executables. In this paper, we propose a new method for packed executable detection that adopts a collec-tive learning approach to reduce the labelling requirements of completely supervised approaches. We performed an em-pirical validation demonstrating that the system maintains a high accuracy rate while the labelling efforts are lower than when using supervised learning.
Enhanced Topic-Based Vector Space Model for Semantics-Aware Spam Filtering
- Expert Systems With Applications
, 2012
"... Spam has become a major issue in computer security because it is a channel for threats such as computer viruses, worms and phishing. More than 85% of received e-mails are spam. Historical approaches to combat these mes-sages including simple techniques such as sender blacklisting or the use of e-mai ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
Spam has become a major issue in computer security because it is a channel for threats such as computer viruses, worms and phishing. More than 85% of received e-mails are spam. Historical approaches to combat these mes-sages including simple techniques such as sender blacklisting or the use of e-mail signatures, are no longer completely reliable. Currently, many solutions feature machine-learning algorithms trained using statistical representations of the terms that usually appear in the e-mails. Still, these methods are merely syntactic and are unable to account for the underlying semantics of terms within the messages. In this paper, we explore the use of semantics in spam filtering by representing e-mails with a recently introduced Information Retrieval model: the enhanced Topic-based Vector Space Model (eTVSM). This model is capable of representing linguistic phenomena using a seman-tic ontology. Based upon this representation, we apply several well-known machine-learning models and show that the proposed method can detect the internal semantics of spam messages.
Noname manuscript No. (will be inserted by the editor) Empirical Evidence on the Link between Object-Oriented Measures and External Quality Attributes: A Systematic Literature Review
"... Abstract There is a plethora of studies investigating object-oriented measures and their link with external quality attributes, but usefulness of the measures may differ across empirical studies. This study aims to aggregate and identify use-ful object-oriented measures, specifically those obtainabl ..."
Abstract
- Add to MetaCart
Abstract There is a plethora of studies investigating object-oriented measures and their link with external quality attributes, but usefulness of the measures may differ across empirical studies. This study aims to aggregate and identify use-ful object-oriented measures, specifically those obtainable from the source code of object-oriented systems that have gone through such empirical evaluation. By conducting a systematic literature review, 99 primary studies were identified and traced to four external quality attributes: reliability, maintainability, effectiveness and functionality. A vote-counting approach was used to investigate the link be-tween object-oriented measures and the attributes, and to also assess the consis-tency of the relation reported across empirical studies. Most of the studies investi-gate links between object-oriented measures and proxies for reliability attributes, followed by proxies for maintainability. The least investigated attributes were: ef-fectiveness and functionality. Measures from the C&K measurement suite were the most popular across studies. Vote-counting results suggest that complexity, cohesion, size and coupling measures have a better link with reliability and main-tainability than inheritance measures. However, inheritance measures should not be overlooked during quality assessment initiatives; their link with reliability and maintainability could be context dependent. There were too few studies traced to effectiveness and functionality attributes; thus a meaningful vote-counting analysis could not be conducted for these attributes. Thus, there is a need for diversifica-tion of quality attributes investigated in empirical studies. This would help with identifying useful measures during quality assessment initiatives, and not just for reliability and maintainability aspects.
Automatic Morphological Categorisation of Carbon Black Nano-aggregates
"... Abstract. Nano-technology is the study of matter behaviour on atomic and molecular scale (i.e. nano-scale). In particular, carbon black is a nano-material generally used for the reinforcement of rubber compounds. Nevertheless, the exact reason behind its success in this concrete domain remains unkno ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Nano-technology is the study of matter behaviour on atomic and molecular scale (i.e. nano-scale). In particular, carbon black is a nano-material generally used for the reinforcement of rubber compounds. Nevertheless, the exact reason behind its success in this concrete domain remains unknown. Characterisation of rubber nano-aggregates aims to answer this question. The morphology of the nano-aggregate takes an important part in the final result of the compound. Several approaches have been taken to classify them. In this paper we propose the first automatic machine-learning-based nano-aggregate morphology categori-sation system. This method extracts several geometric features in order to train machine-learning classifiers, forming a constellation of expert knowledge that enables us to foresee the exact morphology of a nano-aggregate. Furthermore, we compare the obtained results and show that Decision Trees outperform the rest of the counterparts for morphology categorisation. Key words: aggregate morphology classifying, image processing, machine-learning, carbon black 1
Detecting Command and Control Channels of a Botnet Using a N-packet-based Approach
"... Abstract—The botnet phenomenon is one of the major threats in nowadays cyberspace. The ability of malware writers to code profitable applications with a softened learning curve is forcing public and private organisms to take measures against these infections. In this paper, we propose a method to id ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—The botnet phenomenon is one of the major threats in nowadays cyberspace. The ability of malware writers to code profitable applications with a softened learning curve is forcing public and private organisms to take measures against these infections. In this paper, we propose a method to identify traffic belonging to the Command & Control channels from a botnet. Our method takes into account the attributes of the packets captured from a connection to build vectorial representations of the connection by appending them into sequences of packets. Thus, we provide an empirical study of how these representations can be used to detect such a communicative behaviour by considering the issue as a supervised classification problem and comparing the results obtained by more than 20 machine learning algorithms. Keywords—botnet detection; n-packets; supervised learn-
