Detecting and Classifying Morphed Malwares: A Survey

Singla, Sanjam; Gandotra, Ekta; Bansal, Divya; Sofat, Sanjeev

doi:10.5120/21738-4937

Cited by 9 publications

(5 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The malware developers use obfuscation techniques to conceal the malicious code in order to bypass the malware detection system. The camouflage in malware has an exponential growth over the years from simple encryption to complex polymorphic and metamorphic malware [23], [52]. These two malware are the main types of malicious code using obfuscation techniques to hide themselves from virus scanners.…”

Section: Specific Obfuscation Techniques: Malware Applicationmentioning

confidence: 99%

See 1 more Smart Citation

Hiding a fault enabled virus through code construction

Hamadouche

Lanet

Mezghiche

2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Smart cards are very secure devices designed to execute applications and store confidential data. Therefore, they become the target of many hardware and software attacks that aim to bypass their embedded security mechanisms in order to gain access to the sensitive stored data. Recently, a new kind of attacks called combined attacks has appeared. They aim to induce perturbations in the application's execution environment. Thus, correct and legitimate application can be dynamically modified to become a hostile one after being loaded in the card using a fault injection. In this paper, we treat the problem from another angle: how to design an innocent looking code in such a way that it becomes intentionally hostile after being activated by a fault injection? We present an original approach of backward code construction based on constraints satisfaction and a tree traversal algorithm. After that, we propose a way to optimize the search process by introducing heuristics for a faster convergence towards more realistic solutions.We implement this approach in a Trace Generator tool; thereafter evaluate its capacity to generate the required solutions while giving a proof-of-concept of the code desynchronization technique.

show abstract

Section: Specific Obfuscation Techniques: Malware Applicationmentioning

confidence: 99%

“…Below are the most common obfuscation techniques, among many others, that are particularly used to hide malware. More details and practical examples can be found in [11], [61], [48], [52], [51].…”

Section: Specific Obfuscation Techniques: Malware Applicationmentioning

confidence: 99%

Hiding a fault enabled virus through code construction

Hamadouche

Lanet

Mezghiche

2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

show abstract

“…Subsequently, these are executed automatically (using a python script) in a sandboxed environment set up at Cyber Security Research Centre (CSRC), PEC University of Technology, Chandigarh, India. We used Brad Accuvant 3 , a modified version of Cuckoo sandbox 4 for this purpose which offers numerous improvements over regular Cuckoo. It is an open source automated malware analysis system developed in python.…”

Section: Malware Analysis Enginementioning

confidence: 99%

“…Malware writers are making use of obfuscation techniques like insertion of dead code, subroutine reordering, instruction substitution etc. for creating polymorphic and metamorphic malware [4]. Moreover, the malware are becoming sophisticated, targeted, persistent, stealthy and unknown day by day.…”

mentioning

confidence: 99%

A Framework for Generating Malware Threat Intelligence

Gandotra¹,

Bansal²,

Sofat³

2017

SCPE

Self Cite

View full text Add to dashboard Cite

Ubiquitous computing devices with network capabilities have become the critical cyber infrastructure for academia, industry and government in day-to-day life. The cyber-attacks being launched on this critical infrastructure have shifted to the pursuit of financial profit and political gains which lead to cyber warfare on various scales. The evolution of new practices like social networking, explosion of mobile devices and cloud computing have given opportunities to attackers for discovering vulnerabilities and exploiting these for creating sophisticated attacks. Malware is one of the most dreadful security threats fronting the Internet today. It is evolving and making use of new ways to target computers and mobile devices. Moreover, the exponential escalation in their volume and complexity has increased the damage caused by them. These have the capability to circumvent the earlier developed methods of detection and mitigation which clearly shows the need of shifting from traditional cyber security to cyber security intelligence. This paper purposes a design of a framework for generating Malware Threat Intelligence that can analyze, identify and predict the malware threats and can act as an Early Warning System (EWS). It also presents the real-time testing of the proposed framework which is realized by designing a prototype for providing security-as-a-service.

show abstract

“…According to the report of McAfee, more than 31 million samples were discovered as Android malware and 1.9 million new samples are found every year [2]. However, most of the new malicious applications are installed as variants of earlier known ones [3], [4]. As a result, malicious programs can be grouped into their families having a set of similar characteristics and behaviors.…”

Section: Introductionmentioning

confidence: 99%

Convolutional Neural Network for Classification of Android Applications Represented as Grayscale Images

2019

IJITEE

View full text Add to dashboard Cite

A rapid dissemination of Android operating system in smart phone market has resulted in an exponential growth of threats to mobile applications. Various studies have been carried out in academia and industry for the identification and classification of malicious applications using machine learning and deep learning algorithms. Convolution Neural Network is a deep learning technique which has gained popularity in speech and image recognition. The conventional solution for identifying Android malware needs learning based on pre-extracted features to preserve high performance for detecting Android malware. In order to reduce the efforts and domain expertise involved in hand-feature engineering, we have generated the grayscale images of AndroidManifest.xml and classes.dex files which are extracted from the Android package and applied Convolution Neural Network for classifying the images. The experiments are conducted on a recent dataset of 1747 malicious Android applications. The results indicate that classes.dex file gives better results as compared to the AndroidManifest.xml and also demonstrate that model performs better as the image become larger.

show abstract

Detecting and Classifying Morphed Malwares: A Survey

Cited by 9 publications

References 38 publications

Hiding a fault enabled virus through code construction

Hiding a fault enabled virus through code construction

A Framework for Generating Malware Threat Intelligence

Convolutional Neural Network for Classification of Android Applications Represented as Grayscale Images

Contact Info

Product

Resources

About