5,524 research outputs found
Deterring Malicious Behavior in Cyberspace
Recent incidents reveal cyberattacks are being employed and honed
in a systematic, coordinated fashion to achieve the objectives of malicious
actors. Deterrence of the wide array of actors in cyberspace is difficult,
since deterrence has to work in the mind of the attacker. Each
attacker will weigh the effort of the attack against the expected benefit
under their own criteria or rationality. This article analyzes whether the
contemporary and complementary deterrence strategies of retaliation,
denial, and entanglement are sufficient to deter malicious cyber actors or
if the alternative of active cyberdefense is necessary and viable
Visualizing the outcome of dynamic analysis of Android malware with VizMal
Malware detection techniques based on signature extraction require security analysts to manually inspect samples to find evidences of malicious behavior. This time-consuming task received little attention by researchers and practitioners, as most of the effort is on the identification as malware or non-malware of an entire sample. There are no tools for supporting the analyst in identifying when the malicious behavior occurs, given a sample. In this paper we propose VizMal, a tool able to visualize the execution traces of Android applications and to highlight which portions of the traces correspond to a potentially malicious behavior. The aim of VizMal is twofold: assisting the malware analyst during the inspection of an application and pushing the research community to organize and focus its effort on the malicious behavior localization. VizMal is able to discern if the application behavior during each second of execution are legitimate or malicious and to show this information in a simple and understandable way. We validate VizMal experimentally and by means of a user study: the results are promising and confirm that the tool can be useful
Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence
Open-source software (OSS) supply chain enlarges the attack surface, which
makes package registries attractive targets for attacks. Recently, package
registries NPM and PyPI have been flooded with malicious packages. The
effectiveness of existing malicious NPM and PyPI package detection approaches
is hindered by two challenges. The first challenge is how to leverage the
knowledge of malicious packages from different ecosystems in a unified way such
that multi-lingual malicious package detection can be feasible. The second
challenge is how to model malicious behavior in a sequential way such that
maliciousness can be precisely captured. To address the two challenges, we
propose and implement Cerebro to detect malicious packages in NPM and PyPI. We
curate a feature set based on a high-level abstraction of malicious behavior to
enable multi-lingual knowledge fusing. We organize extracted features into a
behavior sequence to model sequential malicious behavior. We fine-tune the BERT
model to understand the semantics of malicious behavior. Extensive evaluation
has demonstrated the effectiveness of Cerebro over the state-of-the-art as well
as the practically acceptable efficiency. Cerebro has successfully detected 306
and 196 new malicious packages in PyPI and NPM, and received 385 thank letters
from the official PyPI and NPM teams
The Wireless Control Network: Monitoring for Malicious Behavior
We consider the problem of stabilizing a plant with a network of resource constrained wireless nodes. In a companion paper, we developed a protocol where each node repeatedly transmits an appropriate (stabilizing) linear combination of the values in its neighborhood. In this paper, we design an Intrusion Detection System (IDS) for this control scheme, which observes the transmissions of certain nodes and uses that information to (a) recover the plant outputs (for datalogging and diagnostic purposes) and (b) identify malicious behavior by any of the wireless nodes in the network. We show that if the connectivity of the network is sufficiently high, the IDS only needs to observe a subset of the nodes in the network in order to achieve this objective. Our approach provides a characterization of the set of nodes that should be observed, a systematic procedure for the IDS to use to identify the malicious nodes and recover the outputs of the plant, and an upper bound on the delay required to obtain the necessary information
A New Scheme for Minimizing Malicious Behavior of Mobile Nodes in Mobile Ad Hoc Networks
The performance of Mobile Ad hoc networks (MANET) depends on the cooperation
of all active nodes. However, supporting a MANET is a cost-intensive activity
for a mobile node. From a single mobile node perspective, the detection of
routes as well as forwarding packets consume local CPU time, memory,
network-bandwidth, and last but not least energy. We believe that this is one
of the main factors that strongly motivate a mobile node to deny packet
forwarding for others, while at the same time use their services to deliver its
own data. This behavior of an independent mobile node is commonly known as
misbehaving or selfishness. A vast amount of research has already been done for
minimizing malicious behavior of mobile nodes. However, most of them focused on
the methods/techniques/algorithms to remove such nodes from the MANET. We
believe that the frequent elimination of such miss-behaving nodes never allowed
a free and faster growth of MANET. This paper provides a critical analysis of
the recent research wok and its impact on the overall performance of a MANET.
In this paper, we clarify some of the misconceptions in the understating of
selfishness and miss-behavior of nodes. Moreover, we propose a mathematical
model that based on the time division technique to minimize the malicious
behavior of mobile nodes by avoiding unnecessary elimination of bad nodes. Our
proposed approach not only improves the resource sharing but also creates a
consistent trust and cooperation (CTC) environment among the mobile nodes. The
simulation results demonstrate the success of the proposed approach that
significantly minimizes the malicious nodes and consequently maximizes the
overall throughput of MANET than other well known schemes.Comment: 10 pages IEEE format, International Journal of Computer Science and
Information Security, IJCSIS July 2009, ISSN 1947 5500, Impact Factor 0.42
- …