Results 1 -
7 of
7
SplitScreen: Enabling Efficient, Distributed Malware Detection
"... We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifies malware s ..."
Abstract
-
Cited by 14 (6 self)
- Add to MetaCart
(Show Context)
We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifies malware signatures that are not of interest (99%). The screening step significantly improves end-to-end performance because safe files are quickly identified and are not processed further, and malware files can subsequently be scanned using only the signatures that are necessary. Our approach naturally leads to a network-based anti-malware solution in which clients only receive signatures they needed, not every malware signature ever created as with current approaches. We have implemented SplitScreen as an extension to ClamAV [13], the most popular open source anti-malware software. We evaluated our implementation and found a> 2 × increase in scanning speed and a 2 × decrease in memory consumption. 1
Opcode sequences as representation of executables for data-mining-based unknown malware detection
- INFORMATION SCIENCES 227
, 2013
"... Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a critical topic in computer security. Currently, signa ..."
Abstract
-
Cited by 12 (0 self)
- Add to MetaCart
(Show Context)
Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a critical topic in computer security. Currently, signature-based detection is the most widespread method used in commercial antivirus. In spite of the broad use of this method, it can detect malware only after the malicious executable has already caused damage and provided the malware is adequately documented. Therefore, the signature-based method consistently fails to detect new malware. In this paper, we propose a new method to detect unknown malware families. This model is based on the frequency of the appearance of opcode sequences. Furthermore, we describe a technique to mine the relevance of each opcode and assess the frequency of each opcode sequence. In addition, we provide empirical validation that this new method is capable of detecting unknown malware.
Using Opcode Sequences in Single-Class Learning to Detect Unknown Malware
"... Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signature-based detection is the most widespread method used in commercial antivirus programs, ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signature-based detection is the most widespread method used in commercial antivirus programs, it consistently fails to detect new malware. Supervised machine-learning models have been used to address this issue. However, the use of supervised learning is limited because it needs a large amount of malicious code and benign software to first be labelled. In this paper, we propose a new method that uses single-class learning to detect unknown malware families. This method is based on examining the frequencies of the appearance of opcode sequences to build a machine-learning classifier using only one set of labelled instances within a specific class of either malware or legitimate software. We performed an empirical study that shows that this method can reduce the effort of labelling software while maintaining high accuracy.
Between Awareness and Ability: Consumers and Financial Identity Theft
"... Abstract: The role consumers play in the facilitation of financial identity theft is an important topic of discussion. Academics often side with consumers and recognize them as victims rather than facilitators. Others, both in the public and the private sector, believe consumers play a more prominen ..."
Abstract
- Add to MetaCart
Abstract: The role consumers play in the facilitation of financial identity theft is an important topic of discussion. Academics often side with consumers and recognize them as victims rather than facilitators. Others, both in the public and the private sector, believe consumers play a more prominent role in the facilitation of financial identity theft. This is particularly apparent through the popularity of public awareness campaigns. Neither of these accounts manages to reflect the complexity of the overall picture. The following article demonstrates how the role consumers play is continuously changing as a result of the evolution of methods used by perpetrators of identity theft. This evolution requires a different response from both the public and the private sector as consumers lose more control over their potential indirect facilitation of financial identity theft.
Fuzzing E-mail Filters with Generative Grammars and N-Gram Analysis
"... Phishing attacks remain a common attack vector in to-day’s IT threat landscape, and one of the primary means of preventing phishing attacks is e-mail filtering. Most e-mail filtering is done according to a either a signature-based approach or using Bayesian models, so when spe-cific signatures are d ..."
Abstract
- Add to MetaCart
(Show Context)
Phishing attacks remain a common attack vector in to-day’s IT threat landscape, and one of the primary means of preventing phishing attacks is e-mail filtering. Most e-mail filtering is done according to a either a signature-based approach or using Bayesian models, so when spe-cific signatures are detected the e-mail is either quar-antined or moved to a Junk mailbox. Much like anti-virus, though, a signature-based approach is inadequate when it comes to detecting zero-day phishing e-mails, and can often be bypassed with slight variations in the e-mail contents. In this paper, we demonstrate an ap-proach to evaluating the effectiveness of e-mail filters using a fuzzing strategy. We present a system that uti-lizes generative grammars to create large sets of unique phishing e-mails, which can then be used for fuzzing in-put against e-mail filters. Rather than creating random text, our approach maintains a high degree of semantic quality in generated e-mails. We demonstrate how our system is able to adapt to existing filters and identify con-tents that are not detected, and show how this approach can be used to ensure the delivery of e-mails without the need to white-list. 1
