a framework for automated similarity analysis of malware

Malware, a category of software including viruses, worms, and other malicious programs, is developed by hackers to damage, disrupt, or perform other harmful actions on data, computer systems and networks. Malware analysis, as an indispensable part of the work of IT security specialists, aims to gain an in-depth understanding of malware code. Manual analysis of malware is a very costly and time-consuming process. As more malware variants are evolved by hackers who occasionally use a copy-paste-modify programming style to accelerate the generation of large number of malware, the effort spent in analyzing similar pieces of malicious code has dramatically grown. One approach to remedy this situation is to automatically perform similarity analysis on malware samples and identify the functions they share in order to minimize duplicated effort in analyzing similar codes of malware variants. In this thesis, we present a framework to match cloned functions in a large chunk of malware samples. Firstly, the instructions of the functions to be analyzed are extracted from the disassembled malware binary code and then normalized. We propose a new similarity metric and use it to determine the pair-wise similarity among malware samples based on the calculated similarity of their functions. The developed tool also includes an API class recognizer designed to determine probable malicious operations that can be performed by malware functions. Furthermore, it allows us to visualize the relationship among functions inside malware codes and locate similar functions importing the same API class. We evaluate this framework on three malware datasets including metamorphic viruses created by malware generation tools, real-life malware variants in the wild, and two well-known botnet trojans. The obtained experimental results confirm that the proposed framework is effective in detecting similar malware code

Cyber Security and Critical Infrastructures

This book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles: an editorial explaining current challenges, innovative solutions, real-world experiences including critical infrastructure, 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems, and a review of cloud, edge computing, and fog's security and privacy issues

Formalizing evasion attacks against machine learning security detectors

Recent work has shown that adversarial examples can bypass machine learning-based threat detectors relying on static analysis by applying minimal perturbations. To preserve malicious functionality, previous attacks either apply trivial manipulations (e.g. padding), potentially limiting their effectiveness, or require running computationally-demanding validation steps to discard adversarial variants that do not correctly execute in sandbox environments. While machine learning systems for detecting SQL injections have been proposed in the literature, no attacks have been tested against the proposed solutions to assess the effectiveness and robustness of these methods. In this thesis, we overcome these limitations by developing RAMEn, a unifying framework that (i) can express attacks for different domains, (ii) generalizes previous attacks against machine learning models, and (iii) uses functions that preserve the functionality of manipulated objects. We provide new attacks for both Windows malware and SQL injection detection scenarios by exploiting the format used for representing these objects. To show the efficacy of RAMEn, we provide experimental results of our strategies in both white-box and black-box settings. The white-box attacks against Windows malware detectors show that it takes only the 2% of the input size of the target to evade detection with ease. To further speed up the black-box attacks, we overcome the issues mentioned before by presenting a novel family of black-box attacks that are both query-efficient and functionality-preserving, as they rely on the injection of benign content, which will never be executed, either at the end of the malicious file, or within some newly-created sections, encoded in an algorithm called GAMMA. We also evaluate whether GAMMA transfers to other commercial antivirus solutions, and surprisingly find that it can evade many commercial antivirus engines. For evading SQLi detectors, we create WAF-A-MoLE, a mutational fuzzer that that exploits random mutations of the input samples, keeping alive only the most promising ones. WAF-A-MoLE is capable of defeating detectors built with different architectures by using the novel practical manipulations we have proposed. To facilitate reproducibility and future work, we open-source our framework and corresponding attack implementations. We conclude by discussing the limitations of current machine learning-based malware detectors, along with potential mitigation strategies based on embedding domain knowledge coming from subject-matter experts naturally into the learning process

Special oils for halal and safe cosmetics

Three types of non conventional oils were extracted, analyzed and tested for toxicity. Date palm kernel oil (DPKO), mango kernel oil (MKO) and Ramputan seed oil (RSO). Oil content for tow cultivars of dates Deglect Noor and Moshkan was 9.67% and 7.30%, respectively. The three varieties of mango were found to contain about 10% oil in average. The red yellow types of Ramputan were found to have 11 and 14% oil, respectively. The phenolic compounds in DPKO, MKO and RSO were 0.98, 0.88 and 0.78 mg/ml Gallic acid equivalent, respectively. Oils were analyzed for their fatty acid composition and they are rich in oleic acid C18:1 and showed the presence of (dodecanoic acid) lauric acid C12:0, which reported to appear some antimicrobial activities. All extracted oils, DPKO, MKO and RSO showed no toxic effect using prime shrimp bioassay. Since these oils are stable, melt at skin temperature, have good lubricity and are great source of essential fatty acids; they could be used as highly moisturizing, cleansing and nourishing oils because of high oleic acid content. They are ideal for use in such halal cosmetics such as Science, Engineering and Technology 75 skin care and massage, hair-care, soap and shampoo products

Acetylcholine esterase as a possible marker for the detection of halal way of slaughtering

Introduction: Different methods of slaughtering are being practiced because of differences in religious guidelines and environmental issues (use of electricity) or convenience of handling etc. Variation in methods of slaughtering results in different conditions namely, release of varying amount of blood and different degree of movement of its body parts prior to death. These issues are related to the release of neurotransmitter (NT) at the neuro-muscular junction (NMJ) eventually is subject to be released from the body through the blood flow. Experimental design: Muscle samples from chicken in small pieces were collected immediately after slaughtering. Slaughtering was carried out using sharp knife. Two different conditions pertaining to the Islamic guidelines of slaughtering were investigated. such as whether the neck was severed (S+) or not (S-) from the body during slaughtering and whether the animal just after slaughtering was released (R+) or not (R-). The level of acetylecholine esterase mRNA involved in the degradation of acetylecholine, a NT at NMJ was investigated by RT-PCR. Results: The level of acetylecholine esterase mRNA was not detected in the sample obtained from the chicken slaughtered following Islamic guidelines i.e., neck should not be severed and body should be released just after the slaughtering (R+S-). Conclusions: Level of acetylcholine or acetylcholine esterase can be used as a biomarker to identify if the slaughtering is performed following Islamic guidelines

Calophyllum canum : antibacterial and anticancer plant

Human have used plants as a source of medicine throughout the world since time immemorial. Today there are at least 120 distinct chemical substances derived from plants that are considered as important drugs currently in use in one or more countries in the world. In particular, 60% drugs currently in clinical use for treatment of cancer were found to be of natural origin. Calophyllum canum is a large tree which grows in South East Asia and which is popular for its timber. This plant belongs to the family Guttiferae; a family that boasts species which are rich in bioactive phytochemicals. Some species are believed to having medicinal values and are used against several diseases including anti-inflammatory, anti infectious, astringent and antipyretic. We have successfully isolated two compounds from the methanol extract of Calophyllum canum stembarks that active inhibit the growth of Staphylococcus aureus (ATCC 29213 and ATCC 25923). The cytotoxic study on the extracts revealed that the n-hexane extract had the strongest antiproliferation activity, followed by the methanol extract. n-hexane strongly inhibited the growth of TE1 and MCF7 cell lines. IC50 for n-hexane and methanol extract activity on the A549 cell line was found to be 27.96 μg/mL and 78.9 μg/mL respectively.The compounds (CE0 - CE5) isolated from ethyl acetate extract of C. canum are active to inhibit cell proliferation of human cervix adenocarcinoma cells

Computer Science & Technology Series : XXI Argentine Congress of Computer Science. Selected papers

CACIC’15 was the 21thCongress in the CACIC series. It was organized by the School of Technology at the UNNOBA (North-West of Buenos Aires National University) in Junín, Buenos Aires. The Congress included 13 Workshops with 131 accepted papers, 4 Conferences, 2 invited tutorials, different meetings related with Computer Science Education (Professors, PhD students, Curricula) and an International School with 6 courses. CACIC 2015 was organized following the traditional Congress format, with 13 Workshops covering a diversity of dimensions of Computer Science Research. Each topic was supervised by a committee of 3-5 chairs of different Universities. The call for papers attracted a total of 202 submissions. An average of 2.5 review reports werecollected for each paper, for a grand total of 495 review reports that involved about 191 different reviewers. A total of 131 full papers, involving 404 authors and 75 Universities, were accepted and 24 of them were selected for this book.Red de Universidades con Carreras en Informática (RedUNCI

Computer Science & Technology Series : XXI Argentine Congress of Computer Science. Selected papers

CACIC’15 was the 21thCongress in the CACIC series. It was organized by the School of Technology at the UNNOBA (North-West of Buenos Aires National University) in Junín, Buenos Aires. The Congress included 13 Workshops with 131 accepted papers, 4 Conferences, 2 invited tutorials, different meetings related with Computer Science Education (Professors, PhD students, Curricula) and an International School with 6 courses. CACIC 2015 was organized following the traditional Congress format, with 13 Workshops covering a diversity of dimensions of Computer Science Research. Each topic was supervised by a committee of 3-5 chairs of different Universities. The call for papers attracted a total of 202 submissions. An average of 2.5 review reports werecollected for each paper, for a grand total of 495 review reports that involved about 191 different reviewers. A total of 131 full papers, involving 404 authors and 75 Universities, were accepted and 24 of them were selected for this book.Red de Universidades con Carreras en Informática (RedUNCI