X-ware: a proof of concept malware utilizing artificial intelligence

Recent years have witnessed a dramatic growth in utilizing computational intelligence techniques for various domains. Coherently, malicious actors are expected to utilize these techniques against current security solutions. Despite the importance of these new potential threats, there remains a paucity of evidence on leveraging these research literature techniques. This article investigates the possibility of combining artificial neural networks and swarm intelligence to generate a new type of malware. We successfully created a proof of concept malware named X-ware, which we tested against the Windows-based systems. Developing this proof of concept may allow us to identify this potential threat’s characteristics for developing mitigation methods in the future. Furthermore, a method for recording the virus’s behavior and propagation throughout a file system is presented. The proposed virus prototype acts as a swarm system with a neural network-integrated for operations. The virus’s behavioral data is recorded and shown under a complex network format to describe the behavior and communication of the swarm. This paper has demonstrated that malware strengthened with computational intelligence is a credible threat. We envisage that our study can be utilized to assist current and future security researchers to help in implementing more effective countermeasure

Euphony:Harmonious Unification of Cacophonous Anti-Virus Vendor Labels for Android Malware

Android malware is now pervasive and evolving rapidly. Thousands of malware samples are discovered every day with new models of attacks. The growth of these threats has come hand in hand with the proliferation of collective repositories sharing the latest specimens. Having access to a large number of samples opens new research directions aiming at efficiently vetting apps. However, automatically inferring a reference ground-truth from those repositories is not straightforward and can inadvertently lead to unforeseen misconceptions. On the one hand, samples are often mis-labeled as different parties use distinct naming schemes for the same sample. On the other hand, samples are frequently mis-classified due to conceptual errors made during labeling processes. In this paper, we analyze the associations between all labels given by different vendors and we propose a system called EUPHONY to systematically unify common samples into family groups. The key novelty of our approach is that no a-priori knowledge on malware families is needed. We evaluate our approach using reference datasets and more than 0.4 million additional samples outside of these datasets. Results show that EUPHONY provides competitive performance against the state-of-the-art

Survey of Machine Learning Techniques for Malware Analysis

Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies for keeping pace with the speed of development of novel malware. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis. We systematize surveyed papers according to their objectives (i.e., the expected output, what the analysis aims to), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of problems concerning the datasets used in considered works, and finally introduce the novel concept of malware analysis economics, regarding the study of existing tradeoffs among key metrics, such as analysis accuracy and economical costs

Developing resilient cyber-physical systems: A review of state-of-the-art malware detection approaches, gaps, and future directions

Cyber-physical systems (CPSes) are rapidly evolving in critical infrastructure (CI) domains such as smart grid, healthcare, the military, and telecommunication. These systems are continually threatened by malicious software (malware) attacks by adversaries due to their improvised tactics and attack methods. A minor configuration change in a CPS through malware has devastating effects, which the world has seen in Stuxnet, BlackEnergy, Industroyer, and Triton. This paper is a comprehensive review of malware analysis practices currently being used and their limitations and efficacy in securing CPSes. Using well-known real-world incidents, we have covered the significant impacts when a CPS is compromised. In particular, we have prepared exhaustive hypothetical scenarios to discuss the implications of false positives on CPSes. To improve the security of critical systems, we believe that nature-inspired metaheuristic algorithms can effectively counter the overwhelming malware threats geared toward CPSes. However, our detailed review shows that these algorithms have not been adapted to their full potential to counter malicious software. Finally, the gaps identified through this research have led us to propose future research directions using nature-inspired algorithms that would help in bringing optimization by reducing false positives, thereby increasing the security of such systems

Function classification for the retro-engineering of malwares

International audienceIn the past ten years, our team has developed a method called morphological analysis that deals with malware detection. Morphological analysis focuses on algorithms. Here, we want to identify programs through their functions, and more precisely with the intention of those functions. The intention is described as a vector in a high dimensional vector space in the spirit of compositional semantics. We show how to use the intention of functions for their clustering. In a last step, we describe some experiments showing the relevance of the clustering and some of some possible applications for malware identification

GUIDE FOR THE COLLECTION OF INSTRUSION DATA FOR MALWARE ANALYSIS AND DETECTION IN THE BUILD AND DEPLOYMENT PHASE

During the COVID-19 pandemic, when most businesses were not equipped for remote work and cloud computing, we saw a significant surge in ransomware attacks. This study aims to utilize machine learning and artificial intelligence to prevent known and unknown malware threats from being exploited by threat actors when developers build and deploy applications to the cloud. This study demonstrated an experimental quantitative research design using Aqua. The experiment\u27s sample is a Docker image. Aqua checked the Docker image for malware, sensitive data, Critical/High vulnerabilities, misconfiguration, and OSS license. The data collection approach is experimental. Our analysis of the experiment demonstrated how unapproved images were prevented from running anywhere in our environment based on known vulnerabilities, embedded secrets, OSS licensing, dynamic threat analysis, and secure image configuration. In addition to the experiment, the forensic data collected in the build and deployment phase are exploitable vulnerability, Critical/High Vulnerability Score, Misconfiguration, Sensitive Data, and Root User (Super User). Since Aqua generates a detailed audit record for every event during risk assessment and runtime, we viewed two events on the Audit page for our experiment. One of the events caused an alert due to two failed controls (Vulnerability Score, Super User), and the other was a successful event meaning that the image is secure to deploy in the production environment. The primary finding for our study is the forensic data associated with the two events on the Audit page in Aqua. In addition, Aqua validated our security controls and runtime policies based on the forensic data with both events on the Audit page. Finally, the study’s conclusions will mitigate the likelihood that organizations will fall victim to ransomware by mitigating and preventing the total damage caused by a malware attack

Malware detection methods for Android mobile applications

Advancements in mobile computing are attracting traditional device users to transition toward mobile platforms to fulfil their data processing needs. Among these, the Android platform is the most popular, holding the majority of the market share due to its open-source policy and ability to install applications from different application stores. This fact, coupled with the amount of sensitive data these devices now store, makes it attractive for malware authors to attack the Android platform, causing a large influx of malicious applications in the ecosystem. Traditional malware detection methods cannot effectively control and prevent this influx, demanding an automatic and intelligent approach such as machine learning. In this thesis, three machine learning algorithms, XGBoost, SVM and K-NN were trained with several features, with a focus on Android permissions , to measure the effectiveness of applying machine learning techniques to combat the proliferation of malware. Given goodware to malware ratio of 99/1, four experiments with an under-sampled version of the dataset with a ratio of 70/30 were conducted to test different subsets of the feature space as well as feature elimination and aggregation before training the algorithms with the full set of features using feature normalization across two distinct scenarios. This approach showed promising results, with XGBoost, SVM and K-NN distinguishing between malware and goodware with a score of 90 % (Area Under the Receiver Operating Curve values).Os avanços na computação móvel estão a atrair utilizadores de dispositivos tradicionais a transitar para as plataformas móveis para atender às suas necessidades de processamento de dados. Entre estas, a plataforma Android é a mais popular, detendo a maioria da quota de mercado devido à sua política open-source e capacidade de instalar aplicações através de várias lojas de aplicações. Este facto, conjuntamente com a quantidade de dados sensíveis que estes dispositivos agora armazenam, torna o ataque à plataforma Android atraente para os autores de malware, causando um grande fluxo de aplicações maliciosas no ecossistema. Os métodos tradicionais de deteção de malware não conseguem controlar e prevenir este fluxo eficazmente, exigindo uma abordagem automática e inteligente, como a aprendizagem automática. Nesta tese, três algoritmos de aprendizagem automática, XGBoost, SVM e K-NN, foram treinados com diversas características, focando-se nas permissões Android e características estáticas das aplicações, para medir a eficácia da aplicação de técnicas de aprendizagem automática no combate à proliferação de malware. Dado o rácio de goodware para malware de 99/1 do conjunto de dados, realizaram-se quatro experiências com uma versão subamostrada do mesmo com um rácio de 70/30 para testar diferentes subconjuntos do espaço de características bem como eliminação e agregação de características antes de treinar os algoritmos com o conjunto completo de características usando normalização de características em dois cenários. Esta abordagem apresentou resultados promissores, com XGBoost, SVM e K-NN distinguindo entre malware e goodware com um score de 90 % (valores Area Under the Receiver Operating Curve)

Abuse of combination of reverse engineering, obfuscation, exploits and security vulnerability

What is the major treat on the internet today? We can all agree that malicious software is one among the long list. Malware is getting better and better every day. We witnessed and we observed the very beginning of the malware era. In the beginning, we knew basic malware, and nowadays, we go up to the polymorphic and metamorphic implementations of those. Malware can sometimes destroy businesses, factories and it can also affect people. This thesis provides an overview of how powerful and stealthy malware can be, how it can be made, obfuscated and revealed. Finally, we look into the practical approach of how to automatically identify a Visual Studio exploit(s). The thesis also introduces ways to avoid getting infected with malicious content

Global Cyber Attack Forecast using AI Techniques

The advancement of internet technology and growing involvement in the cyber world have made us prone to cyber-attacks inducing severe damage to individuals and organizations, including financial loss, identity theft, and reputational damage. The rapid emergence and evolution of new networks and new opportunities for businesses and technologies are increasing threats to security vulnerabilities. Hence cyber-crime analysis is one of the wide range applications of Data Mining that can be eventually used to predict and detect crime. However, there are several constraints while analyzing cyber-attacks, which are yet to be resolved for more accurate cyber security inspection. Although there are many strategies for intrusion detection, predicting upcoming cyber threats remains an open research challenge. Hence, this thesis seeks to utilize temporal correlations among attack frequencies within specific time periods to predict the future severity of cyber incidents. The research aims to address the current research limitations by introducing a real-time data collection framework that will provide up-to-date cyber-attack data. Furthermore, a platform for cyber-attack trend analysis has been developed using Power BI to provide insight into the current cyber-attack trend. A correlation was identified in the reported attack volume across consecutive time frames through collected attack data analysis. This thesis introduces a predictive model that forecasts the frequency of cyber-attacks within a specified time window, using solely a historical record of attack counts. The research includes various machine learning and deep learning methods to develop a prediction system based on multiple time frames with an over 15% improvement in accuracy compared to the conventional baseline model. Namely, our research demonstrates that cyber incidents are not entirely random, and by analyzing patterns and trends in past incidents, developed AI techniques can be used to improve cybersecurity measures and prevent future attacks

Empirical investigation on the barriers of adoption of cryptocurrency-based transaction from an Islamic perspective

Purpose: This paper presents a user study of “perception of the cryptocurrency-based transaction from the Islamic views”. Bitcoin is considered the special type of cryptocurrency used in this study. Users view bitcoin is as an app that provides a personal currency in a digital wallet through which transactions can occur in order to either send, receive, buy, or sell the currency (bitcoins). Information System is an enabler of this mode of transaction, unfortunately, some users raised concern about the nature of transactions with Bitcoin. Specifically, some argued that Bitcoin can be easily used for illegal purposes and that the global public already uses Bitcoin mostly for illegal and Shari’ah non-compliant purposes under Islamic views. Design/methodology/approach: This study adopted “Technological Acceptance Model” and utilized quantitative research methodology, in order to formulate and test some hypotheses that will lead to an establishment of a model. A sample of 306 participants was used in the study. Findings: The result of the hypothesis testing indicate that “Behavioral Intention to Use Cryptocurrency from the Islamic perspective” is influenced directly by Shari’ah Compliance, Perceived Ease of Use, Emotionality, Perceived Usefulness, and Financial Concern. As evident from the analysis, Emotionality is influenced directly by Financial concern and Shari’ah Compliance. Whereas, Behavioral Intention is influenced indirectly by Financial Concerns. Research limitations/implications: The sample is general and does not specify a specific group of study. Practical implications: This study has contributed to understanding the Islamic issues behind the implementation of Cryptocurrency Originality/value: The study formulates and tests a theory for cryptocurrency-based transaction from an Islamic view