Function classification for the retro-engineering of malwares

International audienceIn the past ten years, our team has developed a method called morphological analysis that deals with malware detection. Morphological analysis focuses on algorithms. Here, we want to identify programs through their functions, and more precisely with the intention of those functions. The intention is described as a vector in a high dimensional vector space in the spirit of compositional semantics. We show how to use the intention of functions for their clustering. In a last step, we describe some experiments showing the relevance of the clustering and some of some possible applications for malware identification

Scholarly digital libraries as a platform for malware distribution

Researchers from academic institutions and the corporate sector rely heavily on scholarly digital libraries for accessing journal articles and conference proceedings. Primarily downloaded in the form of PDF files, there is a risk that these documents may be compromised by attackers. PDF files have many capabilities that have been widely used for malicious operations. Attackers increasingly take advantage of innocent users who open PDF files with little or no concern, mistakenly considering these files safe and relatively non-threatening. Researchers also consider scholarly digital libraries reliable and home to a trusted corpus of papers and untainted by malicious files. For these reasons, scholarly digital libraries are an attractive target for cyber-attacks launched via PDF files. In this study, we present several vulnerabilities and practical distribution attack approaches tailored for scholarly digital libraries. To support our claim regarding the attractiveness of scholarly digital libraries as an attack platform, we evaluated more than two million scholarly papers in the CiteSeerX library that were collected over 8 years and found it to be contaminated with a surprisingly large number (0.3%-2%) of malicious scholarly PDF documents, the origin of which is 46 different countries spread worldwide. More than 55% of the malicious papers in CiteSeerX were crawled from IP's belonging to USA universities, followed by those belonging to Europe (33.6%). We show how existing scholarly digital libraries can be easily leveraged as a distribution platform both for a targeted attack and in a worldwide manner. On average, a certain malicious paper caused high impact damage as it was downloaded 167 times in 5 years by researchers from different countries worldwide. In general, the USA and Asia downloaded the most malicious scholarly papers, 40.15% and 27.9%, respectively. The top malicious scholarly document downloaded is a malicious version of a popular paper in the computer forensics domain, with 2213 downloads in a worldwide coverage of 108 different countries. Finally, we suggest several concrete solutions for mitigating such attacks, including simple deterministic solutions and also advanced machine learning-based frameworks

Detecção de novidade para sistemas de sonar passivo

Sound is a mechanical wave that propagates over great distances in the oceans and it can, therefore, be used for vessel detection and classification in underwater environments, which are basic sonar system tasks. The development of such systems is directly linked to the country defense, especially, in countries with continental dimensions, such as Brazil. Recently, the Brazilian Navy defined underwater acoustics as a strategic priority area. Passive sonar systems can be installed to monitor the Brazilian coast in a stealthy and efficient way. In addition, these are used in military submarines for different applications. As in this operating environment, each ship has a unique acoustic signature, and ships whose data have not been acquired can be observed, it is necessary to develop a novelty detector operating in conjunction with the contact classifiers implemented in Brazilian Navy systems. Because classification systems operate competing for computing resources with novelty detectors, they can impact in classification efficiency. The number of classes in this environment is very large, and because of this, specific performance indices were created to evaluate the developed model efficiency. In addition, different data compressors were developed to access relevant ship information of, among them can be cited PCD, kPCA, NLPCA and SAE. The novelty detection development was based on the operating environment of the Brazilian Navy and since it can have its operating conditions changed over time, a stationarity monitoring system based on higher order statistics was proposed. Both the novelty detector and the stationarity monitoring system were developed with experimental data provided by the Brazilian Navy.O som é uma onda mecânica que se propaga por grandes distâncias nos oceanos e, por essa razão, pode ser utilizado para a detecção e classificação de contatos em meios submarinos, tarefas básicas de um sistema sonar. O desenvolvimento de tais sistemas está diretamente ligado a defesa de um país com dimensões continentais, como o Brasil. Recentemente, a Marinha do Brasil definiu como prioridade estratégica a área de acústica submarina. Sistemas de sonar passivo podem ser instalados para monitorar a costa brasileira de maneira furtiva e eficiente. Ademais, estes são utilizados em submarinos militares para diferentes aplicações. Como neste ambiente de operação, cada navio possui uma assinatura acústica única, e navios cujos dados não foram adquiridos podem ser observados, faz-se necessário o desenvolvimento de um detector de novidade operando em conjunto com os classificadores de contatos implementados em sistemas da Marinha do Brasil. Como os classificadores operam competindo por recursos computacionais com os detectores de novidade, estes podem impactar na eficiência de classificação. A quantidade de classes, neste ambiente, ´e muito grande e, devido a isso, índices de desempenho específicos foram criados para avaliar a eficiência dos modelos desenvolvidos. Além disso, diferentes extratores de informação foram desenvolvidos para acessar informações relevantes dos navios em questão, dentre eles podem ser citados PCD, kPCA, NLPCA e SAE. O desenvolvimento deste modelo de detecção foi baseado no ambiente de operação da Marinha do Brasil e, como este pode ter suas condições operativas alteradas ao longo do tempo, um sistema de monitoramento da estacionaridade baseado em estatística de ordem superior foi proposto. Tanto o detector de novidade quanto o sistema de monitoramento de estacionaridade foram desenvolvidos com dados experimentais disponibilizados pela Marinha do Brasil

Image and Video Age Estimation Algorithm

Trabajo de Fin de Grado en Ingenieria del Software, Facultad de Informática UCM, Departamento de Ingeniería de Software e Inteligencia Artificial, Curso 2020/2021.Las técnicas para la detección de la edad pueden ser determinantes para personas que no se encuentren identificadas y se necesite saber la edad por diversos motivos, como delitos, abusos sexuales, etc, ya que la intervención humana en estos casos se trata de una tarea muy lenta y ralentizarían todo el proceso. Es por esto que perfeccionar las actuales técnicas de estimación de la edad, puede constituir una mejora para los ámbitos forenses y de seguridad. Este trabajo puede resultar un progreso en este ámbito, ya que muchos delitos son cometidos con nocturnidad y procesar las imágenes con filtros antes de introducirlas en un modelo de detección, podrían ser resultantes. Por ello, en este trabajo se muestran los objetivos obtenidos de aplicar preprocesamiento a las imágenes antes de introducirlas en un modelo de detección. Después de una ardua investigación en la que ha habido momentos complicados, como la búsqueda de un buen equipo para poder realizar la ejecución del modelo y el procesamiento de todas las imágenes del dataset, manejar de manera fluida TensorFlow, etc, se consigue solucionar mediante la creación de una instancia en Google Cloud. Una vez conseguido ésto, se procede a la realización de un estudio sobre la mejora de la calidad de las imágenes relacionadas con los datasets mencionados en este trabajo. Con este análisis, se pretende abordar los problemas que pueden ocasionar la mala calidad de las imágenes, así como, su mal tratamiento a la hora de introducirlas en un modelo. Para el desarrollo de este estudio se ha investigado sobre distintos filtros para la mejora de imágenes, ejecutándose y viendo el desempeño de cada uno y guardando los mejores resultados, para su posterior elección. También, se han investigado otras formas de detección del rostro, como la detección de perfil. Tras reunir todo el preprocesamiento con mejores resultados e introducirlo en un modelo para ver las mejoras respecto a las imágenes sin tratar, sale como vencedor el modelo entrenado con aquellas imágenes preprocesadas anteriormente, obteniéndose una mejora en la detección de la edad.Age detection techniques can be decisive for people who are not identified and age needs to be known for various reasons, such as crimes, sexual abuse, etc., since human intervention in these cases is a very difficult task. slow and slow down the whole process. This is why perfecting current age estimation techniques can be an improvement for forensic and security fields. This work can be a progress in this area, since many crimes are committed at night and processing the images with filters before introducing them into a detection model could be the result. For this reason, this work shows the objectives obtained from applying preprocessing to the images before introducing them into a detection model. After an arduous investigation in which there have been complicated moments, such as the search for a good team to be able to carry out the execution of the model and the processing of all the images of the dataset, to handle TensorFlow in a fluid way, etc., it is possible to solve by means of the creating an instance in Google Cloud. Once this has been achieved, a study is carried out on improving the quality of the images related to the datasets mentioned in this work. With this analysis, it is intended to address the problems that can cause the poor quality of the images, as well as their poor treatment when introducing them into a model. For the development of this study, different filters have been investigated for the improvement of images, executing and seeing the performance of each one and saving the best results, for later selection. Also, other forms of face detection have been investigated, such as profile detection. After gathering all the preprocessing with better results and introducing it into a model to see the improvements compared to the untreated images, the model trained with those images previously preprocessed was the winner, obtaining an MAE of 0.24 %.Depto. de Ingeniería de Software e Inteligencia Artificial (ISIA)Fac. de InformáticaTRUEsubmitte

CHARACTERIZATION, DETECTION AND EXPLOITATION OF DATA INJECTION VULNERABILITIES IN ANDROID

Ph.DDOCTOR OF PHILOSOPH

2018-2019 Undergraduate Catalog

https://digitalcommons.sacredheart.edu/g_cat/1059/thumbnail.jp

Constructing and restraining the societies of surveillance: Accountability, from the rise of intelligence services to the expansion of personal data networks in Spain and Brazil (1975-2020)

541 p.The objective of this study is to examine the development of socio-technical accountability mechanisms in order to: a) preserve and increase the autonomy of individuals subjected to surveillance and b) replenish the asymmetry of power between those who watch and those who are watched. To do so, we address two surveillance realms: intelligence services and personal data networks. The cases studied are Spain and Brazil, from the beginning of the political transitions in the 1970s (in the realm of intelligence), and from the expansion of Internet digital networks in the 1990s (in the realm of personal data) to the present time. The examination of accountability, thus, comprises a holistic evolution of institutions, regulations, market strategies, as well as resistance tactics. The conclusion summarizes the accountability mechanisms and proposes universal principles to improve the legitimacy of authority in surveillance and politics in a broad sense