发布求助
文献互助 智能选刊 最新文献

2018 13th International Conference on Malicious and Unwanted Software (MALWARE)最新文献

筛选
英文 中文
Android Malware Detection Using Step-Size Based Multi-layered Vector Space Models 基于步长多层向量空间模型的Android恶意软件检测
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659372
Colby Parker, J. McDonald, T. Johnsten, Ryan G. Benton
{"title":"Android Malware Detection Using Step-Size Based Multi-layered Vector Space Models","authors":"Colby Parker, J. McDonald, T. Johnsten, Ryan G. Benton","doi":"10.1109/MALWARE.2018.8659372","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659372","url":null,"abstract":"With computer software becoming more important and prolific in today’s world, malicious software (malware) continues to be one of its greatest security threats. Alongside this trend, smartphones and mobile devices have become the prominent method for accessing the Internet and its vast resources of information and business applications. With the amount and variety of Android based devices increasing daily, the need for better and more accurate malware detection approaches for the Android platform also increases. In this paper, we explore whether a data mining technique originally developed to detect malware on a Windows operating system can be utilized to detect malware in Android mobile devices. In addition, we propose a novel algorithm for detecting malware on Android that relies on step sizes and a simplified multi-layer vector space (MLVS) model. We compare the effectiveness of these two techniques, with the goal of determining optimal step sizes for our modified MLVS (MMLVS) approach to detect Android malware. Our results show that the two methods are able to correctly classify the samples as malware or uninfected with strong accuracy. In addition, we identify key elements that need to be address to permit further improvement within Android environments.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122082485","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Resilience of Pruned Neural Network Against Poisoning Attack 修剪神经网络抗中毒攻击的弹性
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659362
Bingyin Zhao, Yingjie Lao
{"title":"Resilience of Pruned Neural Network Against Poisoning Attack","authors":"Bingyin Zhao, Yingjie Lao","doi":"10.1109/MALWARE.2018.8659362","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659362","url":null,"abstract":"In the past several years, machine learning, especially deep learning, has achieved remarkable success in various fields. However, it has been shown recently that machine learning algorithms are vulnerable to well-crafted attacks. For instance, poisoning attack is effective in manipulating the results of a predictive model by deliberately contaminating the training data. In this paper, we investigate the implication of network pruning on the resilience against poisoning attacks. Our experimental results show that pruning can effectively increase the difficulty of poisoning attack, possibly due to the reduced degrees of freedom in the pruned network. For example, in order to degrade the test accuracy below 60% for the MNIST-1-7 dataset, only less than 10 retraining epochs with poisoning data are needed for the original network, while about 16 and 40 epochs are required for the 90% and 99% pruned networks, respectively.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"1122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131424484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
PRAST: Using Logic Bombs to Exploit the Android Permission Model and a Module Based Solution PRAST:利用逻辑炸弹开发Android权限模型及基于模块的解决方案
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659369
Ramon P. Medina, Elijah B. Neundorfer, Radhouane Chouchane, Alfredo J. Perez
{"title":"PRAST: Using Logic Bombs to Exploit the Android Permission Model and a Module Based Solution","authors":"Ramon P. Medina, Elijah B. Neundorfer, Radhouane Chouchane, Alfredo J. Perez","doi":"10.1109/MALWARE.2018.8659369","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659369","url":null,"abstract":"Android security implements a permission model to protect a user’s most sensitive data. These permissions regulate an app’s access to different aspects of the device, however, a fatal flaw of Android’s permission model is that it relies on the discretion of the user to determine which apps are granted permissions and which are not with limited assistance in their choice from the device. As a result, a specialized type of malware known as a logic bomb has affected Android devices. These logic bombs are designed to execute malicious code when activated by triggers, and can be designed to take advantage of users who poorly vet their applications or even hide themselves inside applications that appear to be benign. On Android, logic bombs usually carry out malicious intent by violating permissions, using a permission for some activity the user never intended. We have found 18 different permissions that applications can violate to carry out some form of malicious intent, and have developed an app, called HyenaDroid, to violate each of these permissions and create logic bombs. This provides evidence that the current Android security revolving around permissions is in need of either an update to the permissions model, or an additional system to assist the user with navigating the Android permissions model. Our research also proposes such a system, PRAST. PRAST is designed as a modular system, combining a level of efficiency that can be run during the download on an Android device, along with the effectiveness and accuracy of external analysis systems.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114909135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance* 针对僵尸网络侦察的异步移动目标防御的对抗性优惠券收集器模型*
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659359
G. Kesidis, Y. Shan, D. Fleck, A. Stavrou, T. Konstantopoulos
{"title":"An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance*","authors":"G. Kesidis, Y. Shan, D. Fleck, A. Stavrou, T. Konstantopoulos","doi":"10.1109/MALWARE.2018.8659359","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659359","url":null,"abstract":"We consider a moving-target defense of a proxied multiserver tenant of the cloud where the proxies dynamically change to defeat reconnaissance activity by a botnet planning a DDoS attack targeting the tenant. Unlike the system of [4] where all proxies change simultaneously at a fixed rate, we consider a more “responsive” system where the proxies may change more rapidly and selectively based on the current session request intensity, which is expected to be abnormally large during active reconnaissance. In this paper, we study a tractable “adversarial” coupon-collector model wherein proxies change after a random period of time from the latest request, i.e., asynchronously. In addition to determining the stationary mean number of proxies discovered by the attacker, we study the age of a proxy (coupon type) when it has been identified (requested) by the botnet. This gives us the rate at which proxies change (cost to the defender) when the nominal client request load is relatively negligible.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132656459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
MALWARE 2018 Committees 恶意软件2018委员会
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/malware.2018.8659352
{"title":"MALWARE 2018 Committees","authors":"","doi":"10.1109/malware.2018.8659352","DOIUrl":"https://doi.org/10.1109/malware.2018.8659352","url":null,"abstract":"","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"144 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123260421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Unmasking Criminal Enterprises: An Analysis of Bitcoin Transactions 揭露犯罪企业:比特币交易分析
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659357
Jon Oakley, C. Worley, Lu Yu, R. Brooks, A. Skjellum
{"title":"Unmasking Criminal Enterprises: An Analysis of Bitcoin Transactions","authors":"Jon Oakley, C. Worley, Lu Yu, R. Brooks, A. Skjellum","doi":"10.1109/MALWARE.2018.8659357","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659357","url":null,"abstract":"With the rise of cryptographic ransomware, Bitcoin has found a niche as the standard currency for ransoms. While Bitcoin is pseudonymous, it provides no guarantee of untraceability. As a result, another niche has arisen–Bitcoin money laundering. Hidden Markov Models (HMMs) have previously been used in a number of applications where traditional pattern recognition falls short. In this paper, HMMs are inferred from transactions in the public blockchain in an attempt to link users, events, and enterprises. We introduce a proof-of-concept algorithm to infer HMMs from the Bitcoin blockchain.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"14 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120856839","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
[Copyright notice] (版权)
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/malware.2018.8659353
{"title":"[Copyright notice]","authors":"","doi":"10.1109/malware.2018.8659353","DOIUrl":"https://doi.org/10.1109/malware.2018.8659353","url":null,"abstract":"","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132306336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
METICS: A Holistic Cyber Physical System Model for IEEE 14-bus Power System Security METICS: IEEE 14总线电力系统安全的整体网络物理系统模型
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659367
Ananth A. Jillepalli, D. Leon, B. Johnson, Y. Chakhchoukh, I. A. Oyewumi, M. Ashrafuzzaman, Frederick T. Sheldon, J. Alves-Foss, M. Haney
{"title":"METICS: A Holistic Cyber Physical System Model for IEEE 14-bus Power System Security","authors":"Ananth A. Jillepalli, D. Leon, B. Johnson, Y. Chakhchoukh, I. A. Oyewumi, M. Ashrafuzzaman, Frederick T. Sheldon, J. Alves-Foss, M. Haney","doi":"10.1109/MALWARE.2018.8659367","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659367","url":null,"abstract":"The electric power research and education communities and industry have been successfully sharing and using common IEEE Bus power system models for many years. This has enabled researchers, engineers, and educators to better communicate their findings and comparatively validate power analysis solutions using a common model set. However, today’s power systems are Cyber Physical Systems (CPS), that embed digital Operational Technology subsystems and networks (OT) and are also connected to Information Technology (IT) systems and networks. A set of freely accessible models, similar to the IEEE Bus model set, which includes the OT and IT subsystems, does not currently exist. We present METICS: Models for ExTensIble Cyber-physical system Security. Project METICS is our endeavor to create a set of free and holistic Cyber Physical System (CPS) models. In this paper, we introduce a model for an electric power CPS, based on the IEEE 14-bus system, that also includes the cyber, control, and corporate IT subsystems. Common holistic system models such as the one presented in this paper can enable: CPS modeling and analysis tool testing and validation, comparative, cross-disciplinary and cross-project solution evaluations, and CPS instruction. We are using this model for evaluating cyber-security solutions for Smart Grid CPS using adversarial and machine learning approaches. People who would like to use or improve upon these models are encouraged to visit the project page at github.com/METICS-CPS.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126877596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Attacking OMG Data Distribution Service (DDS) Based Real-Time Mission Critical Distributed Systems 攻击基于OMG数据分发服务(DDS)的实时关键任务分布式系统
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-10-01 DOI: 10.1109/MALWARE.2018.8659368
M. Michaud, T. Dean, Sylvain P. Leblanc
{"title":"Attacking OMG Data Distribution Service (DDS) Based Real-Time Mission Critical Distributed Systems","authors":"M. Michaud, T. Dean, Sylvain P. Leblanc","doi":"10.1109/MALWARE.2018.8659368","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659368","url":null,"abstract":"Object Management Group’s Data Distribution Service for Real-Time Systems (DDS) middleware standard is a popular technology that forms the core of many mission-critical distributed real-time, data-centric systems, including command and control systems, Air Traffic Control (ATC) systems and critical infrastructure systems. This paper shows how DDS can be manipulated to support malicious activity. We focus on client-side attacks by modelling and demonstrating five attacks in self-contained and isolated environments and by validating them using an end-to-end demonstrative scenario. This research enables further work in detecting and defending against cyberattacks on ATC systems, control systems or any other DDS-based critical infrastructure system.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125741685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
PIDS: A Behavioral Framework for Analysis and Detection of Network Printer Attacks 一种分析和检测网络打印机攻击的行为框架
2018 13th International Conference on Malicious and Unwanted Software (MALWARE) Pub Date : 2018-06-27 DOI: 10.1109/MALWARE.2018.8659371
Asaf Hecht, Adi Sagi, Y. Elovici
{"title":"PIDS: A Behavioral Framework for Analysis and Detection of Network Printer Attacks","authors":"Asaf Hecht, Adi Sagi, Y. Elovici","doi":"10.1109/MALWARE.2018.8659371","DOIUrl":"https://doi.org/10.1109/MALWARE.2018.8659371","url":null,"abstract":"Nowadays, every organization might be attacked through its network printers. The malicious exploitation of printing protocols is a dangerous and underestimated threat against every printer today. This article presents PIDS (Printers’ IDS), an intrusion detection system for detecting attacks on printing protocols. PIDS continuously captures various features and events obtained from traffic produced by printing protocols in order to detect attacks. As part of this research, we conducted thousands of automatic and manual printing protocol attacks on various printers and recorded thousands of the printers’ benign network sessions. Then we applied various supervised machine learning algorithms to classify the collected data as normal (benign) or abnormal (malicious). We evaluated several detection algorithms in order to obtain the best detection results for malicious protocol traffic of printers. Our empirical results suggest that the proposed framework is effective in detecting printing protocol attacks, providing an accuracy of 99.9 with negligible false-positive rate.","PeriodicalId":200928,"journal":{"name":"2018 13th International Conference on Malicious and Unwanted Software (MALWARE)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127587481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信