Building malware classificators usable by State security agencies

Useche-Peláez, David Esteban; Díaz-López, Daniel; Sepúlveda-Alzate, Daniela; Padilla, Diego Edison Cabuya

doi:10.15332/iteckne.v15i2.2072

Cited by 3 publications

(3 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Hasil dari penelitian tersebut menunjukkan bahwa seluruh sampel malware URSNIF melakukan akses terhadap registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Penelitian David Orlando [11] juga melakukan analisis menggunakan cuckoo. Cuckoo dinilai mempunyai kemampuan mengisolasi lingkungan yang baik dan dapat digunakan sebagai standar pengujian.…”

Section: Kata Kunci-cuckoo Malware Registry Windows Regshotunclassified

Identifikasi Malware Berdasarkan Artefak Registry Windows 10 Menggunakan Regshot dan Cuckoo

Setiadji,

Priambodo,

Hasbi

et al. 2022

JEPIN

View full text Add to dashboard Cite

Malicious software (malware) adalah perangkat lunak yang dibuat dengan tujuan tertentu, seperti mengubah, mencuri, atau merusak data serta mengambil alih sistem. Malware menjalankan tugasnya dengan mengenali faktor-faktor khusus melalui kombinasi parameter dan kondisi pada sistem. Salah satu faktor parameter berjalannya malware adalah sistem operasi. Sebagai sistem operasi dengan pengguna terbanyak, Windows juga memiliki risiko serangan malware tertinggi. Maraknya serangan malware selama 10 tahun terakhir mengharuskan dilakukannya tindakan penanganan insiden malware. Penanganan insiden malware dijalankan bersamaan dengan forensik digital yang digunakan untuk mendapatkan bukti aktivitas malware. Namun, seiring berjalannya waktu malware berkembang dan beradaptasi sehingga menghasilkan jenis-jenis malware dengan kemampuan yang menjadikannya sulit diidentifikasi. Kebutuhan penanganan insiden dapat memanfaatkan artefak digital seperti registry untuk mengidentifikasi keberadaan dan tingkah laku malware. Pada penelitian ini dilakukan identifikasi jenis malware berdasarkan artefak registry Windows 10. Penelitian ini melakukan analisis dinamik terhadap 90 sampel malware jenis backdoor, ransomware, dan spyware serta 10 sampel cleanware menggunakan tools Regshot dan Cuckoo yang dijalankan pada lingkungan virtualisasi. Hasil analisis dinamik selanjutnya diekstraksi, direduksi, dihitung, dan dianalisis berdasarkan 34 lokasi registry yang berperan dalam aktivitas malware dan kontaminasi data. Tahapan analisis hasil dilakukan terhadap data analisis dinamik menggunakan Regshot, Cuckoo, dan gabungan kedua tools. Berdasarkan hasil analisis, lokasi dengan modifikasi registry tertinggi pada malware bersifat konsisten sedangkan pada cleanware berubah. Malware jenis backdoor dan ransomware melakukan modifikasi registry tertinggi pada HKLM\SYSTEM, sedangkan spyware melakukan modifikasi registry tertinggi pada HKLM\SOFTWARE\Classes.

show abstract

Section: Kata Kunci-cuckoo Malware Registry Windows Regshotunclassified

Identifikasi Malware Berdasarkan Artefak Registry Windows 10 Menggunakan Regshot dan Cuckoo

Setiadji,

Priambodo,

Hasbi

et al. 2022

JEPIN

View full text Add to dashboard Cite

show abstract

“…e infection or malware propagation rate is generally considered a constant in typical SEIRS models. However, we believe that such a rate variate over time depending on the circumstances of the infection and the environment [18], including the different reactive countermeasures deployed to contain the attack [19]. Particularly, when the malware outbreaks, a high number of infected hosts might be reached in a short time, which is called a peak, leading to a high infection rate β 0 ∈ [0, 1].…”

Section: Infection Rate β(T)mentioning

confidence: 99%

MalSEIRS: Forecasting Malware Spread Based on Compartmental Models in Epidemiology

et al. 2021

View full text Add to dashboard Cite

Over the last few decades, the Internet has brought about a myriad of benefits to almost every aspect of our daily lives. However, malware attacks have also widely proliferated, mainly aiming at legitimate network users, resulting in millions of dollars in damages if proper protection and response measures are not settled and enforced. In this context, the paper at hand proposes MalSEIRS, a novel dynamic model, to predict malware distribution in a network based on the SEIRS epidemiological model. As a result, the time-dependent rates of infection, recovery, and loss of immunity enable us to capture the complex dynamism of malware spreading behavior, which is influenced by a variety of external circumstances. In addition, we describe both offensive and defensive techniques, based on the proposed MalSEIRS model, through extensive experimentation, as well as disclosing real-life malware campaigns that can be better understood by using the suggested model.

show abstract

“…To this extent, cybersecurity aims to protect data and technological infrastructure in different spheres, e.g., personal, familiar, business, and social. In fact, different efforts have been made to contribute in such ways, for example, to protect persons against online sex offenders [1], to defend IoT devices from attacks against data or services [2], to make smart cities' infrastructure more resilient [3], to implement cybersecurity in distributed organizations [4], and to support LEA's (Law Enforcement Agencies) in the detection of malware [5] or in the prevention of cybercrimes [6]. Additionally, cybersecurity has also been considered a field of knowledge that goes beyond the validation of identity, protection of access, and monitorization of actions.…”

Section: Introductionmentioning

confidence: 99%

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Chavarro

Nespoli

Díaz-López

et al. 2022

BDCC

View full text Add to dashboard Cite

Software is behind the technological solutions that deliver many services to our society, which means that software security should not be considered a desirable feature anymore but more of a necessity. Protection of software is an endless labor that includes the improvement of security controls but also the understanding of the sources that induce incidents, which in many cases are due to bad implementation or assumptions of controls. As traditional methods may not be efficient in detecting those security assumptions, novel alternatives must be attempted. In this sense, Security Chaos Engineering (SCE) becomes an innovative methodology based on the definition of a steady state, a hypothesis, experiments, and metrics, which allow to identify failing components and ultimately protect assets under cyber risk scenarios. As an extension of a previous work, this paper presents ChaosXploit, an SCE-powered framework that employs a knowledge database, composed of attack trees, to expose vulnerabilities that exist in a software solution that has been previously defined as a target. The use of ChaosXploit may be part of a defensive security strategy to detect and correct software misconfigurations at an early stage. Finally, different experiments are described and executed to validate the feasibility of ChaosXploit in terms of auditing the security of cloud-managed services, i.e., Amazon buckets, which may be prone to misconfigurations and, consequently, targeted by potential cyberattacks.

show abstract

Building malware classificators usable by State security agencies

Cited by 3 publications

References 16 publications

Identifikasi Malware Berdasarkan Artefak Registry Windows 10 Menggunakan Regshot dan Cuckoo

Identifikasi Malware Berdasarkan Artefak Registry Windows 10 Menggunakan Regshot dan Cuckoo

MalSEIRS: Forecasting Malware Spread Based on Compartmental Models in Epidemiology

On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering

Contact Info

Product

Resources

About