Malware Research Papers - Academia.edu (original) (raw)

Book three in the Cyber Library Reference Book series

The dataset contains 950 Android application logs from different malware categories. Applications are instrumented by human (real human-interaction) so the behavior logs highly assemble real world executing of Android apps. The dataset... more

The dataset contains 950 Android application logs from different malware categories. Applications are instrumented by human (real human-interaction) so the behavior logs highly assemble real world executing of Android apps. The dataset contains 440 malicious and 508 benign (normal) app logs. The logs have been captured for XDroid project. You can find more details on the dataset in the paper.

Android smart phone is one of the fast growing mobile phones and because of these it the one of the most preferred target of malware developer. Malware apps can penetrate the device and gain privileges in which it can perform malicious... more

Android smart phone is one of the fast growing mobile phones and because of these it the one of the most preferred target of malware developer. Malware apps can penetrate the device and gain privileges in which it can perform malicious activities such reading user contact, misusing of private information such as sending SMS and can harm user by exploiting the users private data which is stored in the device. The study is about implementation of detecting untrusted on android applications, which would be the basis of all future development regarding malware detection. The smartphone users worldwide are not aware of the permissions as the basis of all malicious activities that could possibly operate in an android system and may steal personal and private information. Android operating system is an open system in which users are allowed to install application from any unsafe sites. However permission mechanism of and android system is not enough to guarantee the invulnerability of the application that can harm the user. In this paper, the permission scoring-based analysis that will scrutinized the installed permission and allows user to increase the efficiency of Android permission to inform user about the risk of the installed Android application, in this paper, the framework that would classify the level of sensitivity of the permission access by the application. The framework uses a formula that will calculate the sensitivity level of the permission and determine if the installed application is untrusted or not. Our result show that, in a collection of 26 untrusted application, the framework is able to correct and determine the application's behavior consistently and efficiently.

Nowadays, systems are under serious security threats caused by malicious software, commonly known as malware. Such malwares are sophisticatedly created with advanced techniques that make them hard to analyse and detect, thus causing a lot... more

Nowadays, systems are under serious security threats caused by malicious software, commonly known as malware. Such malwares are sophisticatedly created with advanced techniques that make them hard to analyse and detect, thus causing a lot of damages. Polymorphism is one of the advanced techniques by which malware change their identity on each time they attack. This paper presents a detailed systematic and critical review that explores the available literature, and outlines the research efforts that have been made in relation to polymorphic malware analysis and their detection.

In today’s world, backdoors such as Trojan horses have become a common problem in computers, providing hackers unauthorized access to the compromised user’s systems. Many of these viruses, in order to evade detection, inject themselves... more

In today’s world, backdoors such as Trojan horses have become a common problem in computers, providing hackers unauthorized access to the compromised user’s systems. Many of these viruses, in order to evade detection, inject themselves into legitimate processes. To detect these backdoors, various techniques such as signature-based detection, using sandbox, monitoring system calls and network traffic are used. In this work, we have implemented signature based detection technique to identify the backdoors in running processes on Windows operating system. For signatures, we calculated MD5 hash of the infected modules in the backdoors and stored them into a database. To identify whether process contains a backdoor, we compared the hash of the modules used by each running process with these signatures stored in the database. We also searched for ports being used by the suspected process to make sure if it actually contains the backdoor. We have tested the methodology on all 70 processes ...

Background and Objective Every second, on average, 8 (eight) new malware are created. So, our goal is to propose an antivirus, endowed with artificial intelligence, able of identifying malwares through models based on fast training and... more

Background and Objective Every second, on average, 8 (eight) new malware are created. So, our goal is to propose an antivirus, endowed with artificial intelligence, able of identifying malwares through models based on fast training and high-performance neural networks. Methods Our NGAV (Next Generation Antivirus) is equipped with an authorial ELM (Extreme Learning Morphological) machine. Our bmELMs (Bitwise-Morphological ELMs) are inspired by the image processing theory of Mathematical Morphology. We claim that bmELMs are able to adapt in any machine learning dataset. Inspired by Mathematical Morphology, our bmELMs are capable of modeling any form present at the decisions boundaries of neural networks. Results Our bmELMs results are compared with classical ELMs and evaluated through widely used classification metrics. Our antivirus, provided with Bitwise-Morphology, achieves an average accuracy of 97.88%, 93.07%, 93.07% and 91.74% in malware detection of PE (Portable Executable), Ja...

In this article, we will discuss keylogger attacks with xss.

With the rapid growth of the cyber attacks, sharing of cyber threat intelligence (CTI) becomes essential to identify and respond to cyber attack in timely and cost-effective manner. However, with the lack of standard languages and... more

With the rapid growth of the cyber attacks, sharing of cyber threat intelligence (CTI) becomes essential to identify and respond to cyber attack in timely and cost-effective manner. However, with the lack of standard languages and automated analytics of cyber threat information, analyzing complex and unstructured text of CTI reports is extremely time-and labor-consuming. Without addressing this challenge, CTI sharing will be highly impractical, and attack uncertainty and time-to-defend will continue to increase. Considering the high volume and speed of CTI sharing, our aim in this paper is to develop automated and context-aware analytics of cyber threat intelligence to accurately learn attack pattern (TTPs) from commonly available CTI sources in order to timely implement cyber defense actions. Our paper has three key contributions. First, it presents a novel threat-action ontology that is suï¿¿ciently rich to understand the speciï¿¿cations and context of malicious actions. Second, we developed a novel text mining approach that combines enhanced techniques of Natural Language Processing (NLP) and Information retrieval (IR) to extract threat actions based on semantic (rather than syntactic) relationship. ï¿¿ird, our CTI analysis can construct a complete aï¿¿ack paï¿¿ern by mapping each threat action to the appropriate techniques, tactics and kill chain phases, and translating it any threat sharing standards, such as STIX 2.1. Our CTI analytic techniques were implemented in a tool, called TTPDrill, and evaluated using a randomly selected set of Symantec ï¿¿reat Reports. Our evaluation tests show that TTPDrill achieves more than 82% of precision and recall in a variety of measures, very reasonable for this problem domain.

The emergence of the vulnerability databases around the world are serving the purpose of a double edged sword. The malware researchers, industry members and end users are aware of them to initiate better prevention strategies. The dark... more

The emergence of the vulnerability databases around the world are serving the purpose of a double edged sword. The malware researchers, industry members and end users are aware of them to initiate better prevention strategies. The dark world hackers are using them to lure into systems through the points mentioned in the vulnerability databases. Hence, it is highly necessary to predict the malware at the early stage to avoid further loss. The objective of this research work is to predict the malware using the classifiers Logistic Regression, K-Nearest Neighbors (KNN) and Support Vector Machines (SVM). We found that the appropriate use of these classifiers have resulted great improvement in prediction accuracy. Feature selection is also done to further improve the accuracy to 99% with polynomial kernel function.

Electronic polling systems promise benefits to voters like accessibility and convenience that modify them to solid their votes at any time, from any Internet-connected electronic computer anyplace within the world. However, not like... more

Electronic polling systems promise benefits to voters like accessibility and convenience that modify them to solid their votes at any time, from any Internet-connected electronic computer anyplace within the world. However, not like ancient paper-based selection systems, associate e-polling system introduces many security risks like privacy of vote, unlikability of a citizen, citizen coercion, secrecy of partial election results, verifiability, and poll integrity. The legitimacy of a citizen is another security concern, i.e., a citizen should be identified through associate authentication mechanism that forestalls selection of unauthorized voters or vote from approved voters. Another security concern is that the manipulation of votes by associate infected (e.g., virus, malware, so on) selection device. A malware-hosted device may build unauthorized build to the voter's selection selections.Many e-voting systems have been proposed however ,to date, all these schemes either fail to supply all the desired security properties or aren't much possible on lightweight computing devices. during this paper, we tend to gift a secure and verifiable polling system, Online Voting System using AES Algorithm, that employs well-known science primitives to supply vote and voter's privacy,and pollintegrity, confirms the identity of voters through a multifactor authentication theme, permits vote inside the allowed polling amount, prevents double selection, and achieves verifiability and uncoercibility within the presence of untrusted selection device.

Ransomware is a challenging threat that encrypts a user's files until some ransom is paid by the victim. This type of malware is a profitable business for attackers, generating millions of dollars annually. Several approaches based on... more

Ransomware is a challenging threat that encrypts a user's files until some ransom is paid by the victim. This type of malware is a profitable business for attackers, generating millions of dollars annually. Several approaches based on signature matching have been proposed to detect ransomware intrusions but they fail to detect ransomware whose signature is unknown. We try to detect ransomware's behaviour with the help of a mini-filter driver using a signature-less detection method. The proposed technique combines the working of Shannon’s entropy and fuzzy hash to provide better results in detecting ransomware. Not only this technique has been practically tested but has been successful in detecting over 95% of the tested ransomware attacks on windows operating systems.

There is a growing interest in the research of malware in the context of cyber-security. In this paper I will present a case study that will outline the curriculum used to teach malware ethics within the context of a computer science... more

There is a growing interest in the research of malware in the context of cyber-security. In this paper I will present a case study that will outline the curriculum used to teach malware ethics within the context of a computer science course that teaches students malware programing techniques. Issues from computer and information ethics that apply most closely to ethical malware research will be highlighted. The topics discussed in the course will be outlined and assessment techniques will be discussed.

Android is now the world's (or one of the world's) most popular operating system. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. The... more

Android is now the world's (or one of the world's) most popular operating system. More and more malware assaults are taking place in Android applications. Many security detection techniques based on Android Apps are now available. The open environmental feature of the Android environment has given Android an extensive appeal in recent years. The growing number of mobile devices are incorporated in many aspects of our everyday lives. This paper gives a detailed comparison that summarizes and analyses various detection techniques. This work examines the current status of Android malware detection methods, with an emphasis on Machine Learningbased classifiers for detecting malicious software on Android devices. Android has a huge number of apps that may be downloaded and used for free. Consequently, Android phones are more susceptible to malware. As a result, additional research has been done in order to develop effective malware detection methods. To begin, several of the currently available Android malware detection approaches are carefully examined and classified based on their detection methodologies. This study examines a wide range of machine-learning-based methods to detecting Android malware covering both types dynamic and static.

In the present time, malware is one of the greatest security risks to the Internet. Malware is any pernicious software with the aim to perform malignant exercises on a focused on framework. With Android terminal into the life of... more

In the present time, malware is one of the greatest security risks to the Internet. Malware is any pernicious software with the aim to perform malignant exercises on a focused on framework. With Android terminal into the life of individuals, the spread of Android malware genuinely influenced individuals' life. Because of the Android security defects, aggressors can without much of a stretch gather private data of clients, and the data can be used in APT attacks. In this paper, android malware procedures and AI, and utilization of profound learning with malware identification framework.

Zeus is a well-known and effective family of 'man-in-the-browser' malware. This qualitative case study analyses posts in online cybercrime forums that discuss Zeus configuration. Online cybercriminals were found to share, sell, steal, and... more

Zeus is a well-known and effective family of 'man-in-the-browser' malware. This qualitative case study analyses posts in online cybercrime forums that discuss Zeus configuration. Online cybercriminals were found to share, sell, steal, and trade configuration files. The discussions and advertisements on the forums, which span four years, were found to evolve with market conditions and externalities, including Zeus being offered as a subscription service. The release of tools to decrypt configuration files by security researchers was also closely followed on the forums, and assisted offenders when it came to stealing configuration files from others.

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has... more

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has advanced greatly in recent years in order to keep up with the rapid changes that occur in cyberspace. Cyber security refers to the methods that a country or organization can use to safeguard its products and information in cyberspace. Two decades ago, the term "cyber security" was barely recognized by the general public. Cyber security isn't just a problem that affects individuals but it also applies to an organization or a government. Everything has recently been digitized, with cybernetics employing a variety of technologies such as cloud computing, smart phones, and Internet of Things techniques, among others. Cyber-attacks are raising concerns about privacy, security, and financial compensation. Cyber security is a set of technologies...

Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution,... more

Mobile devices have become very popular nowadays, due to is portability and high performance, a mobile device became a must device for persons using information and communication technologies. In addition to hardware rapid evolution, mobile applications are also increasing in their complexity and performance to cover most the needs of their users. Both software and hardware design focused on increasing performance and the working hours of a mobile device. Different mobile operating systems are being used today with different platforms and different market shares. Like all information systems, mobile systems are prone to malware attacks. Due to the personality feature of mobile devices, malware detection is very important and is a must tool in each device to protect private data and mitigate attacks. In this paper, we will study and analyze different malware detection techniques used for mobile operating systems. We will focus on the to two competing mobile operating systems – Android and iOS. We will asset each technique summarizing its advantages and disadvantages. The aim of the work is to establish a basis for developing a mobile malware detection tool based on user profiling.

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has... more

In recent years, the Internet has become an integral element of people's everyday lifestyles all across the world. Online criminality, on the other hand, has risen in tandem with the growth of Internet activity. Cyber security has advanced greatly in recent years in order to keep up with the rapid changes that occur in cyberspace. Cyber security refers to the methods that a country or organization can use to safeguard its products and information in cyberspace. Two decades ago, the term "cyber security" was barely recognized by the general public. Cyber security isn't just a problem that affects individuals but it also applies to an organization or a government. Everything has recently been digitized, with cybernetics employing a variety of technologies such as cloud computing, smart phones, and Internet of Things techniques, among others. Cyber-attacks are raising concerns about privacy, security, and financial compensation. Cyber security is a set of technologies, processes, and practices aimed at preventing attacks, damage, and illegal access to networks, computers, programmes, and data. The primary goal of this article is to conduct a thorough examination of cyber security kinds, why cyber security is important, cyber security framework, cyber security tools, and cyber security difficulties. Cyber security safeguards the data and integrity of computing assets that are part of or connected to an organization's network, with the goal of defending such assets from all threat actors throughout the life cycle of a cyber-attack.

The use of Network Telescope systems has become increasingly popular amongst security researchers in recent years. This study provides a framework for the utilisation of this data. The research is based on a primary dataset of 40 million... more

The use of Network Telescope systems has become increasingly popular amongst
security researchers in recent years. This study provides a framework for the utilisation
of this data. The research is based on a primary dataset of 40 million events
spanning 50 months collected using a small (/24) passive network telescope located
in African IP space. This research presents a number of differing ways in which
the data can be analysed ranging from low level protocol based analysis to higher
level analysis at the geopolitical and network topology level. Anomalous traffic
and illustrative anecdotes are explored in detail and highlighted. A discussion relating
to bogon traffic observed is also presented. Two novel visualisation tools are
presented, which were developed to aid in the analysis of large network telescope
datasets. The first is a three-dimensional visualisation tool which allows for live,
near-realtime analysis, and the second is a two-dimensional fractal based plotting
scheme which allows for plots of the entire IPv4 address space to be produced,
and manipulated. Using the techniques and tools developed for the analysis of
this dataset, a detailed analysis of traffic recorded as destined for port 445/tcp is
presented. This includes the evaluation of traffic surrounding the outbreak of the
Conficker worm in November 2008. A number of metrics relating to the description
and quantification of network telescope configuration and the resultant traffic captures
are described, the use of which it is hoped will facilitate greater and easier
collaboration among researchers utilising this network security technology. The
research concludes with suggestions relating to other applications of the data and
intelligence that can be extracted from network telescopes, and their use as part of
an organisation’s integrated network security systems.

Computer crimes are growing with the advancement of technology to a greater number of machines that can be controlled by technological systems, they will always have a certain degree of vulnerability, which must be protected and... more

Computer crimes are growing with the advancement of technology to a greater number of machines that can be controlled by technological systems, they will always have a certain degree of vulnerability, which must be protected and controlled, implementing computer security measures that guarantee us the protection of applications in hardware and in software. It is very important to be prepared for cybercrimes, in order to minimize the risks and attacked, by the large number of viruses, worms, Trojans that circulate freely throughout the Internet. As it was a few months ago the appearance of the WannaCry virus that is Ransomware type, that to date has affected some companies of large and small scale. The following research aims to raise awareness that security is everyone's, users and administrators of technology areas by presenting some of the best practices to reduce the risk of cyberattacks.

Damages caused by targeted attacks are a serious problem. It is not enough to prevent only the initial infections, because techniques for targeted attacks have become more sophisticated every year, especially those seeking to illegally... more

Damages caused by targeted attacks are a serious problem. It is not enough to prevent only the initial infections, because techniques for targeted attacks have become more sophisticated every year, especially those seeking to illegally acquire confidential information. In a targeted attack, various communications are performed between the command and control server (C&C server) and the local area network (LAN), including the terminal infected with malware. Therefore, it is possible to find the infected terminal in the LAN by monitoring the communications with the C&C server. In this study, we propose a method for identifying the C&C server by using supervised machine learning and the feature points obtained from WHOIS and the DNS of domains of C&C servers and normal domains. Moreover, we conduct an experiment that applies real data, and we verify the usefulness of our method by a cross-validation method. As a result of the experiment, we could obtain a high detection rate of about 98.5%.

Trabalho realizado em 2017 no âmbito da pós-graduação em proteção de dados pessoais. Foi um tema desafiante e um trabalho do qual me orgulho imenso. Esta investigação tem pontos que podem já estar desatualizados, mas brevemente será... more

Trabalho realizado em 2017 no âmbito da pós-graduação em proteção de dados pessoais. Foi um tema desafiante e um trabalho do qual me orgulho imenso. Esta investigação tem pontos que podem já estar desatualizados, mas brevemente será atualizada.
Espero que gostem e ajude a refletir.

Macros are consisted of instructions and commands mainly used to automate tasks, embed functionality and provide customization of Microsoft Office documents. However, they have been exploited by malicious hackers by creating malware since... more

Macros are consisted of instructions and commands mainly used to automate tasks, embed functionality and provide customization of Microsoft Office documents. However, they have been exploited by malicious hackers by creating malware since they were introduced. Recently, Advanced Persistent Threat (APT) Groups have generally used macros as attack vectors as well. Since 2017, Middle Eastern countries' governmental institutions, and strategically important oil, telecommunication and energy companies have been targeted by the APT Group probably affiliated with Iran, and the group is named as MuddyWater by analysts due to the techniques they utilized to cover their tracks. The group has generally conducted attacks via macro malware. In this work, we aimed to raise awareness regarding MuddyWater APT Group and provide a detailed methodology for analyzing macro malware. The attributions, strategy, attack vectors, and the infection chain of

The rapid evolution of information technologies unlocks new opportunities for business organizations to achieve competitive advantages and economies of scale. But at the same time that technological advancement is used by the cybercrime... more

The rapid evolution of information technologies unlocks new opportunities for business organizations to achieve competitive advantages and economies of scale. But at the same time that technological advancement is used by the cybercrime to develop new attack types. The present paper gives a brief overview of the ransomware and the reasons behind its massive adoption by the cybercriminals.

The Internet is developing dangerously, as is the number of crimes committed against or utilizing computers. Hence, there arises the need for Cyber security. Cyber security is one of the most important parts in the field of information... more

The Internet is developing dangerously, as is the number of crimes committed against or utilizing computers. Hence, there arises the need for Cyber security. Cyber security is one of the most important parts in the field of information technology. As we think about Cyber security, first thing which comes to our minds is the increasing number of cyber-crimes. Governments around the world are taking steps to prevent these cyber-crimes. This paper focuses mainly on the problems and obstacles created by cyber-crimes. It also points out the ongoing trends about cyber security.

Les logiciels malveillants représentent une réelle menace pour la sécurité de nos systèmes informatiques. Et avec la constante prolifération et l’évolution des techniques d’anti-détection de ces derniers, il est devenu primordial d’avoir... more

Les logiciels malveillants représentent une réelle menace pour la sécurité de nos systèmes informatiques. Et avec la constante prolifération et l’évolution des techniques d’anti-détection de ces derniers, il est devenu primordial d’avoir une protection efficace contre ce genre de menaces. Malheureusement, les antivirus commerciaux ne sont pas capables de fournir le degré requis de protection. Ceci est dû principalement au fait que ces derniers utilisent des méthodes d’analyse basées sur les signatures. Ces techniques sont connues pour leurs limites dans la détection des malwares inconnus, ainsi que les variantes de malwares existants. Afin de remédier aux limites liées aux méthodes basées sur les signatures, les chercheurs ont introduit de nouvelles techniques pour la détection de malwares telles que les méthodes comportementales et les méthodes heuristiques. Les méthodes comportementales nécessitent
l’exécution du programme afin de décider s’il est malveillant ou pas. Certes, ces méthodes peuvent détecter les malwares inconnus ainsi que leurs variantes, cependant, elles sont assez complexes à mettre en œuvre et nécessitent un temps d’analyse qui est assez important. Les méthodes heuristiques quant à elles, utilisent les techniques de datamining et de machine learning afin de détecter les malwares et ce en analysant différentes informations qui peuvent être extraites à partir du fichier analysé. Ces techniques ont l’avantage d’être plus rapides que les techniques comportementales. Cependant, elles ont un taux de faux positifs assez élevé, ce qui réduit considérablement leur degré de précision. Dans cette thèse, nous proposons en premier lieu un système temps réel pour la détection des malwares PE (Portable Executable). Dans cette première contribution, nous avons essayé de trouver un bon compromis entre précision de détection et temps de traitement. Deuxièmement, nous proposons une nouvelle approche pour la détection collaborative des malwares, en utilisant les systèmes multi-agents. Notre approche offre un mécanisme de distribution et de collaboration à l’aide
d’agents autonomes, qui va permettre de faire collaborer différents outils de détection de nature hétérogènes et ayant des performances variables d’un outil à un autre. Il sera également question de développer une méthode d’identification universelle de fichiers exécutables en utilisant une signature à base de code-opérations (Opcodes). Tout cela va permettre principalement d’aboutir à une décision collaborative et consensuelle sur la présence ou non d’une menace de type malware. Cela devrait contribuer grandement à l’amélioration de la précision de détection.

Malware still pose a major threat for cyberspace security. Therefore, effective and fast detection of this threat has become an important issue in the security field. In this paper, we propose a fast and highly accurate detection system... more

Malware still pose a major threat for cyberspace security. Therefore, effective and fast detection of this threat has become an important issue in the security field. In this paper, we propose a fast and highly accurate detection system of Portable Executable (PE) malware. The proposed system relies on analyzing the fields of the PE-headers using a basic way and a more in-depth way in order to generate a set of standard attributes (SAT), and meaningful attributes (MAT) respectively. The decision phase is conducted by leveraging several machine learning classifiers, which are trained using the best K attributes according to two different feature selection methods. The experimental results are very promising, as our system outperforms two state-of-the-art solutions with respect to detection accuracy. It achieves an accuracy of 99.1% and 100% using 10-folds cross validation and train-test split validation, respectively. In both validation approaches, we only use less than 1% out of the initial set of 1329 extracted attributes. Also, our system is able to analyze a file in 0.257 s.

Android is increasingly being targeted by malware since it has become the most popular mobile operating system worldwide. Evasive malware families, such as Chamois, designed to turn Android devices into bots that form part of a larger... more

Android is increasingly being targeted by malware since it has become the most popular mobile operating system worldwide. Evasive malware families, such as Chamois, designed to turn Android devices into bots that form part of a larger botnet are becoming prevalent. This calls for more effective methods for detection of Android botnets. Recently, deep learning has gained attention as a machine learning based approach to enhance Android botnet detection. However, studies that extensively investigate the efficacy of various deep learning models for Android botnet detection are currently lacking. Hence, in this paper we present a comparative study of deep learning techniques for Android botnet detection using 6802 Android applications consisting of 1929 botnet applications from the ISCX botnet dataset. We evaluate the performance of several deep learning techniques including: CNN, DNN, LSTM, GRU, CNN-LSTM, and CNN-GRU models using 342 static features derived from the applications. In our experiments, the deep learning models achieved state-of-the-art results based on the ISCX botnet dataset and also outperformed the classical machine learning classifiers.
Citation: Yerima, S.Y.; Alzaylaee, M.K.; Shajan, A.; P, V. Deep Learning

Cybersecurity is a global challenge as Cyberspace is never risk free. Cybersecurity ensures the attainment and maintenance of the security properties of the digital infrastructure and services against relevant security risks in the cyber... more

Cybersecurity is a global challenge as Cyberspace is never risk free. Cybersecurity ensures the attainment and maintenance of the security properties of the digital infrastructure and services against relevant security risks in the cyber environment. Currently web applications are highly functional and rely upon two-way flow of information between the server and browser. New technologies in Web applications have brought with them a new range of security vulnerabilities and new possibilities for exploitation. WebGIS is an effective way for disseminating geospatial data and geo-processing tools through internet. WebGIS is similar to the client/server architecture and the server-side geo-processing components will store, process and serve the data to the client/browser, during which Database server, Application server and a web server will be involved. The networking infrastructure in WebGIS environment plays a critical role in the security of the data centres. This paper presents the architecture of WebGIS environment, role of networking components, traits of Cybersecurity and portrays various defence mechanisms that aid in Cybersecurity in WebGIS environment.

SUMMARY The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti-malware research community, development of techniques for evading detection by antivirus software... more

SUMMARY The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti-malware research community, development of techniques for evading detection by antivirus software is an active research area. This has led to malware that can bypass or subvert antivirus software. The common strategies deployed include the use of obfuscated code and staged malware whose first instance (usually installer such as dropper and downloader) is not detected by the antivirus software. Increasingly, most of the modern malware are staged ones in order for them to be not detected by antivirus solutions at the early stage of intrusion. The installers then determine the method for further intrusion including antivirus bypassing techniques. Some malware target boot and/or shutdown time when antivirus software may be inactive so that they can perform their malicious activities. However, there can be another time frame where antivirus solutions may be inactive, namely, during the time of update. All antivirus software share a unique characteristic that they must be updated at a very high frequency to provide up-to-date protection of their system. In this paper, we suggest a novel attack vector that targets antivirus updates and show practical examples of how a system and antivirus software itself can be compromised during the update of antivirus software. Local privilege escalation using this vulnerability is also described. We have investigated this design vulnerability with several of the major antivirus software products such as Avira, AVG, McAfee, Microsoft, and Symantec and found that they are vulnerable to this new attack vector. The paper also discusses possible solutions that can be used to mitigate the attack in the existing versions of the antivirus software as well as in the future ones.

Attribution of cybercrimes is significant in limiting the rate of crime as well as in preparing the required level of response. Motivated by this significance, we introduce a level-based approach for achieving attribution. In our proposed... more

Attribution of cybercrimes is significant in limiting the rate of crime as well as in preparing the required level of response. Motivated by this significance, we introduce a level-based approach for achieving attribution. In our proposed approach, attribution consists of three steps: (1) identification of the cyberweapon used; (2) determination of the origin of the attack; and (3) identification of the actual attacker. We conduct an in-depth analysis of recently proposed attribution techniques. Our analysis reveals that indirect methods of attribution are particularly effective when attributing cybercrimes; many of them remain unattributed. We also discuss some of the legal issues pertaining to attribution, and we argue that well-defined international laws for cyberspace along with strong cooperation among governments are needed to track down and punish cybercriminals.

Constructing an efficient malware detection system requires taking into consideration two important aspects, which are the accuracy and the detection time. However, finding an appropriate balance between these two characteristics remains... more

Constructing an efficient malware detection system requires taking into consideration two important aspects, which are the accuracy and the detection time. However, finding an appropriate balance between these two characteristics remains at this time a very challenging problem. In this paper, we present a real-time PE (Portable Executable) malware detection system, which is based on the analysis of the information stored in the PE-Optional Header fields (PEF). Our system used a combination of the Chi-square (KHI2) score and the Phi (ϕ) coefficient as feature selection method. We have evaluated our system using Rotation Forest classifier implemented in WEKA and we reached more than 97% of accuracy. Our system is able to categorize a file in 0.077 seconds, which makes it adequate for real-time detection of malware.