Comparative study of recent MEA malware phylogeny

Moubarak, Joanna; Chamoun, Maroun; Filiol, Éric

doi:10.1109/ccoms.2017.8075178

Cited by 15 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Arabia [20]. It appears that digital transformation has led to the wide usage of the internet and digitization in Saudi Arabia, making it the top priority for cyber criminals.…”

Section: Why Saudi Arabia Is the Biggest Target Of Cyber Criminals?mentioning

confidence: 99%

Impact of Cyber Attack on Saudi Aramco

Alghamdi¹

2021

JCIM

View full text Add to dashboard Cite

Saudi Aramco is the world’s leading oil producer based in Saudi Arabia. Around 1/10th of oil is exported from this organization to the world. Oil production is the major source of revenue for Saudi Arabia and its economy relies completely on it. The Shamoon virus attacked Saudi Aramco in August 2012. The country receives over 80% to 90% of total revenues from the exports of oil and contributes over 40% of the GDP [8]. Shamoon spread from the company's network and removed all of the hard drives. The company was limited only to office workstations and the software was not affected by the virus, due to which all technical operations could have been affected. It was the most disastrous cyber attack in the history of Saudi Arabia. Around 30,000 workstations had been infected by the virus. This paper also discusses the effects of Ransomware which recently attacked Aramco. Apart from that, we will also discuss some suggestions and security measures to prevent those attacks.

show abstract

“…Arabia [20]. It appears that digital transformation has led to the wide usage of the internet and digitization in Saudi Arabia, making it the top priority for cyber criminals.…”

Section: Why Saudi Arabia Is the Biggest Target Of Cyber Criminals?mentioning

confidence: 99%

Impact of Cyber Attack on Saudi Aramco

Alghamdi¹

2021

JCIM

View full text Add to dashboard Cite

show abstract

“…Black et al [11] perform an in-depth analysis of the key behaviors of banking malware families and how they have evolved over time. Moubarak et al [40] discuss malware evolution and the structural relationship between several potentially state-sponsored malware. In [51], the authors cluster Android malware samples and build a dendrogram of the malware families showing overlapping code snippets.…”

Section: Research Objectives: Detection Versus Analysismentioning

confidence: 99%

“…Until now, malware capability assessment has primarily been a manual effort [11,40,50], resulting in behavioral profiles that are quickly outdated. Although machine learning-based behavioral analysis approaches exist, they construct a single model that describes either the whole network or each protocol usage individually [47].…”

Section: Introductionmentioning

confidence: 99%

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families

Nadeem

Hammerschmidt

Gañán

et al. 2020

Malware Analysis Using Artificial Intelligence and Deep Learning

View full text Add to dashboard Cite

Malware family labels are known to be inconsistent. They are also blackbox since they do not represent the capabilities of malware. The current state of the art in malware capability assessment includes mostly manual approaches, which are infeasible due to the ever-increasing volume of discovered malware samples. We propose a novel unsupervised machine learning-based method called MalPaCA, which automates capability assessment by clustering the temporal behavior in malware's network traces. MalPaCA provides meaningful behavioral clusters using only 20 packet headers. Behavioral profiles are generated based on the cluster membership of malware's network traces. A Directed Acyclic Graph shows the relationship between malwares according to their overlapping behaviors. The behavioral profiles together with the DAG provide more insightful characterization of malware than current family designations. We also propose a visualization-based evaluation method for the obtained clusters to assist practitioners in understanding the clustering results. We apply MalPaCA on a financial malware dataset collected in the wild that comprises 1.1 k malware samples resulting in 3.6 M packets. Our experiments show that (i) MalPaCA successfully identifies capabilities, such as port scans and reuse of Command and Control servers; (ii) It uncovers multiple discrepancies between behavioral clusters and malware family labels; and (iii) It demonstrates the effectiveness of clustering traces using temporal features by producing an error rate of 8.3%, compared to 57.5% obtained from statistical features.

show abstract

“…This paper is the result of a prolonged survey on viral techniques adopted by malware as we go through several computer virology studies [12] [13] [14]. Also, some malware samples were examined in real time against several analysis approaches [15] and in the other hand, many antiviral solutions were tested in different attack scenarios and networks. Moreover, several blockchain architecture types [16] were considered while developing the new malware.…”

Section: Introductionmentioning

confidence: 99%

Developing a Κ-ary malware using blockchain

Moubarak¹,

Chamoun²,

Filiol

2018

NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

Cyberattacks are nowadays moving rapidly. They are customized, multi-vector, staged in multiple flows and targeted. Moreover, new hacking playgrounds appeared to reach mobile network, modern architectures and smart cities. For that purpose, malware use different entry points and plug-ins. In addition, they are now deploying several techniques for obfuscation, camouflage and analysis resistance. On the other hand, antiviral protections are positioning innovative approaches exposing malicious indicators and anomalies, revealing assumptions of the limitations of the anti-antiviral mechanisms. Primarily, this paper exposes a state of art in computer virology and then introduces a new concept to create undetectable malware based on the blockchain technology. It summarizes techniques adopted by malicious software to avoid functionalities implemented for viral detection and presents the implementation of new viral techniques that leverage the blockchain network.

show abstract

Comparative study of recent MEA malware phylogeny

Cited by 15 publications

References 3 publications

Impact of Cyber Attack on Saudi Aramco

Impact of Cyber Attack on Saudi Aramco

Beyond Labeling: Using Clustering to Build Network Behavioral Profiles of Malware Families

Developing a Κ-ary malware using blockchain

Contact Info

Product

Resources

About