833 research outputs found
Techniques for the reverse engineering of banking malware
Malware attacks are a signiïŹcant and frequently reported problem, adversely aïŹecting the productivity of organisations and governments worldwide. The well-documented consequences of malware attacks include ïŹnancial loss, data loss, reputation damage, infrastructure damage, theft of intellectual property, compromise of commercial negotiations, and national security risks. Mitiga-tion activities involve a signiïŹcant amount of manual analysis. Therefore, there is a need for automated techniques for malware analysis to identify malicious behaviours. Research into automated techniques for malware analysis covers a wide range of activities. This thesis consists of a series of studies: an anal-ysis of banking malware families and their common behaviours, an emulated command and control environment for dynamic malware analysis, a technique to identify similar malware functions, and a technique for the detection of ransomware. An analysis of the nature of banking malware, its major malware families, behaviours, variants, and inter-relationships are provided in this thesis. In doing this, this research takes a broad view of malware analysis, starting with the implementation of the malicious behaviours through to detailed analysis using machine learning. The broad approach taken in this thesis diïŹers from some other studies that approach malware research in a more abstract sense. A disadvantage of approaching malware research without domain knowledge, is that important methodology questions may not be considered. Large datasets of historical malware samples are available for countermea-sures research. However, due to the age of these samples, the original malware infrastructure is no longer available, often restricting malware operations to initialisation functions only. To address this absence, an emulated command and control environment is provided. This emulated environment provides full control of the malware, enabling the capabilities of the original in-the-wild operation, while enabling feature extraction for research purposes. A major focus of this thesis has been the development of a machine learn-ing function similarity method with a novel feature encoding that increases feature strength. This research develops techniques to demonstrate that the machine learning model trained on similarity features from one program can ïŹnd similar functions in another, unrelated program. This ïŹnding can lead to the development of generic similar function classiïŹers that can be packaged and distributed in reverse engineering tools such as IDA Pro and Ghidra. Further, this research examines the use of API call features for the identi-ïŹcation of ransomware and shows that a failure to consider malware analysis domain knowledge can lead to weaknesses in experimental design. In this case, we show that existing research has diïŹculty in discriminating between ransomware and benign cryptographic software. This thesis by publication, has developed techniques to advance the disci-pline of malware reverse engineering, in order to minimize harm due to cyber-attacks on critical infrastructure, government institutions, and industry.Doctor of Philosoph
Dataset Construction and Analysis of Screenshot Malware
Among the various types of spyware, screenloggers are distinguished by their ability to capture screenshots. This gives them considerable nuisance capacity, giving rise to theft of sensitive data or, failing that, to serious invasions of the privacy of users. Several examples of attacks relying on this screen capture feature have been documented in recent years. However, there is not sufficient empirical and experimental evidence on this topic. Indeed, to the best of our knowledge, there is no dataset dedicated to screenshot-taking malware until today. The lack of datasets or common testbed platforms makes it difficult to analyse and study their behaviour in order to develop effective countermeasures. The screenshot feature is often a smart feature that does not activate automatically once the malware has infected the machine; the activation mechanisms of this function are often more complex. Consequently, a dataset which is completely dedicated to them would make it possible to better understand the subtleties of triggering screenshots and even to learn to distinguish them from the legitimate applications widely present on devices. The main purpose of this paper is to build such a dataset and analyse the behaviour of screenloggers
Comparing Three Countriesâ Higher Education Studentsâ Cyber Related Perceptions and Behaviours during COVID-19
In 2020, a global pandemic led to lockdowns, and subsequent social and business restrictions. These required overnight implementation of emergency measures to permit continued functioning of vital industries. Digital technologies and platforms made this switch feasible, but it also introduced several cyber related vulnerabilities, which students might not have known how to mitigate. For this study, the Global Cyber Security Index and the Cyber Risk literacy and education index were used to provide a cyber security context for each country. This research projectâan international, cross-university, comparative, quantitative projectâaimed to explore the risk attitudes and concerns, as well as protective behaviours adopted by, students at a South African, a Welsh and a Hungarian University, during the pandemic. This studyâs findings align with the relative rankings of the Oliver Wyman Risk Literacy and Education Index for the countries in which the universities reside. This study revealed significant differences between the student behaviours of students within these universities. The most important differences were identified between studentsâ risk attitudes and concerns. It was also discovered that South African students reported having changed their protective online behaviours to the greatest extent, since the pandemic commenced. Recommendations are made suggesting that cyber security training and education, as well as improving the digital trust and confidence in digital platforms, are critical
Have Usability and Security Trade-offs in Mobile Financial Services (MFS) become Untrustworthy?
The trade-off between Usability and Security has been well researched with various models
proposed on how best to improve Usability without jeopardizing Security and vice visa. Usable
Security has become a key factor in Mobile Financial Services (MFS), the new frontier for mobile
phones utilisation. However, have the compromises gone too far? The trustworthiness of MFS
system has already slowed down new adoption and impacted ongoing security trust issues and
user confidence in spite of potential MFS benefits for its users. To understand this growing lack of
trust with MFS, we need to comprehend the nature of Usable Security in assuring the behaviours of
MFS users and determine the right trade-off to improve trust whilst facilitating future uptake. We
conducted an empirical survey of 698 userâs experience of MFS and here present our findings of
this investigation for further synthesis towards proposing practical control elements to assure
Usable Security in MFS
A Conceptual Framework for Smartphone Security Among Arab Millennials
The rapid growth of smartphone adoption and use in the Middle East has led to some critical post-adoption issues, including ensuring that smartphones are used securely. Moreover, there is a gap in the existing literature on the perceptions and behaviour of individual consumers, especially millennials, in relation to mobile security and dealing with smartphone security threats. Little research on this subject has been carried out in developing countries, particularly in the Middle East, in a cross-national context. Therefore, this research aims to analyse the factors that can affect smartphone security behaviour among millennials in a cross-national context in the Middle East. The model developed in this research is based on a combination of the protection motivation theory (PMT) and the extended unified theory of acceptance and use of technology (UTAUT2), with additional factors specifically related to millennialsâ smartphone security behaviour in the Middle East. The initial findings indicate that (1) there is a gap in research on the security behaviour of Arab millennials, despite the existence of serious security threats associated with their use of these technologies; and (2) there is a gap in research on similarities and differences in smartphone security behaviour among consumers in a cross-national context. A questionnaire will be distributed online to consumers who are 18â29 years old in Iraq, Jordan and the UAE. This is the first research to study millennial Arabsâ security behaviour around smartphones and mobile applications in a cross- national context. In addition, the conceptual framework proposed in this research combines the PMT and the UTAUT2, with a further extension via the inclusion of three additional factors: privacy concerns; security threats related to smartphone-specific characteristics; and cybersecurity acculturation. Furthermore, this research bridges the gap in knowledge in terms of addressing the lack of research on millennials smartphone users in the Middle East region as they form the largest segment of the population
A cyber-kill-chain based taxonomy of crypto-ransomware features
In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services. Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. Although the ransomware attack strategy seems to be simple, security specialists ranked ransomware as a sophisticated attack vector with many variations and families. Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis. Though the existing body of research provides significant discussions about ransomware details and capabilities, the all research body is fragmented. Therefore, a ransomware feature taxonomy would advance cyber defendersâ understanding of associated risks of ransomware. In this paper we provide, to the best of our knowledge, the first scientific taxonomy of ransomware features, aligned with Lockheed Martin Cyber Kill Chain (CKC) model. CKC is a well-established model in industry that describes stages of cyber intrusion attempts. To ease the challenge of applying our taxonomy in real world, we also provide the corresponding ransomware defence taxonomy aligned with Courses of Action matrix (an intelligence-driven defence model). We believe that this research study is of high value for the cyber security research community, as it provides the researchers with a means of assessing the vulnerabilities and attack vectors towards the intended victims
Bridging Information Security and Environmental Criminology Research to Better Mitigate Cybercrime
Cybercrime is a complex phenomenon that spans both technical and human
aspects. As such, two disjoint areas have been studying the problem from
separate angles: the information security community and the environmental
criminology one. Despite the large body of work produced by these communities
in the past years, the two research efforts have largely remained disjoint,
with researchers on one side not benefitting from the advancements proposed by
the other. In this paper, we argue that it would be beneficial for the
information security community to look at the theories and systematic
frameworks developed in environmental criminology to develop better mitigations
against cybercrime. To this end, we provide an overview of the research from
environmental criminology and how it has been applied to cybercrime. We then
survey some of the research proposed in the information security domain,
drawing explicit parallels between the proposed mitigations and environmental
criminology theories, and presenting some examples of new mitigations against
cybercrime. Finally, we discuss the concept of cyberplaces and propose a
framework in order to define them. We discuss this as a potential research
direction, taking into account both fields of research, in the hope of
broadening interdisciplinary efforts in cybercrime researc
- âŠ