Effective methods to detect metamorphic malware: A systematic review

The succeeding code for metamorphic Malware is routinely rewritten to remain stealthy and undetected within infected environments. This characteristic is maintained by means of encryption and decryption methods, obfuscation through garbage code insertion, code transformation and registry modification which makes detection very challenging. The main objective of this study is to contribute an evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen primary studies were included in this analysis based on a pre-defined protocol. The majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG) and API Call Graph. Key challenges facing the detection of metamorphic malware include code obfuscation, lack of dynamic capabilities to analyse code and application difficulty. Methods were further analysed on the basis of their approach, limitation, empirical evidence and key parameters such as dataset, Detection Rate (DR) and False Positive Rate (FPR)

Malware Propagation in Online Social Networks: Modeling, Analysis and Real-world Implementations

The popularity and wide spread usage of online social networks (OSNs) have attracted hackers and cyber criminals to use OSNs as an attack platform to spread malware. Over the last few years, Facebook users have experienced hundreds of malware attacks. A successful attack can lead to tens of millions of OSN accounts being compromised and computers being infected. Cyber criminals can mount massive denial of service attacks against Internet infrastructures or systems using compromised accounts and computers. Malware infecting a user's computer have the ability to steal login credentials and other confidential information stored on the computer, install ransomware and infect other computers on the same network. Therefore, it is important to understand propagation dynamics of malware in OSNs in order to detect, contain and remove them as early as possible. The objective of this dissertation is thus to model and study propagation dynamics of various types of malware in social networks such as Facebook, LinkedIn and Orkut. In particular, - we propose analytical models that characterize propagation dynamics of cross-site scripting and Trojan malware, the two major types of malware propagating in OSNs. Our models assume the topological characteristics of real-world social networks, namely, low average shortest distance, power-law distribution of node degrees and high clustering coefficient. The proposed models were validated using a real-world social network graph. - we present the design and implementation of a cellular botnet named SoCellBot that uses the OSN platform as a means to recruit and control cellular bots on smartphones. SoCellBot utilizes OSN messaging systems as communication channels between bots. We then present a simulation-based analysis of the botnet's strategies to maximize the number of infected victims within a short amount of time and, at the same time, minimize the risk of being detected. - we describe and analyze emerging malware threats in OSNs, namely, clickjacking, extension-based and Magnet malware. We discuss their implementations and working mechanics, and analyze their propagation dynamics via simulations. - we evaluate the performance of several selective monitoring schemes used for malware detection in OSNs. With selective monitoring, we select a set of important users in the network and monitor their and their friends activities and posts for malware threats. These schemes differ in how the set of important users is selected. We evaluate and compare the effectiveness of several selective monitoring schemes in terms of malware detection in OSNs

Novel Analytical Modelling-based Simulation of Worm Propagation in Unstructured Peer-to-Peer Networks

Millions of users world-wide are sharing content using Peer-to-Peer (P2P) networks, such as Skype and Bit Torrent. While such new innovations undoubtedly bring benefits, there are nevertheless some associated threats. One of the main hazards is that P2P worms can penetrate the network, even from a single node and then spread rapidly. Understanding the propagation process of such worms has always been a challenge for researchers. Different techniques, such as simulations and analytical models, have been adopted in the literature. While simulations provide results for specific input parameter values, analytical models are rather more general and potentially cover the whole spectrum of given parameter values. Many attempts have been made to model the worm propagation process in P2P networks. However, the reported analytical models to-date have failed to cover the whole spectrum of all relevant parameters and have therefore resulted in high false-positives. This consequently affects the immunization and mitigation strategies that are adopted to cope with an outbreak of worms. The first key contribution of this thesis is the development of a susceptible, exposed, infectious, and Recovered (SEIR) analytical model for the worm propagation process in a P2P network, taking into account different factors such as the configuration diversity of nodes, user behaviour and the infection time-lag. These factors have not been considered in an integrated form previously and have been either ignored or partially addressed in state-of-the-art analytical models. Our proposed SEIR analytical model holistically integrates, for the first time, these key factors in order to capture a more realistic representation of the whole worm propagation process. The second key contribution is the extension of the proposed SEIR model to the mobile M-SEIR model by investigating and incorporating the role of node mobility, the size of the worm and the bandwidth of wireless links in the worm propagation process in mobile P2P networks. The model was designed to be flexible and applicable to both wired and wireless nodes. The third contribution is the exploitation of a promising modelling paradigm, Agent-based Modelling (ABM), in the P2P worm modelling context. Specifically, to exploit the synergies between ABM and P2P, an integrated ABM-Based worm propagation model has been built and trialled in this research for the first time. The introduced model combines the implementation of common, complex P2P protocols, such as Gnutella and GIA, along with the aforementioned analytical models. Moreover, a comparative evaluation between ABM and conventional modelling tools has been carried out, to demonstrate the key benefits of ease of real-time analysis and visualisation. As a fourth contribution, the research was further extended by utilizing the proposed SEIR model to examine and evaluate a real-world data set on one of the most recent worms, namely, the Conficker worm. Verification of the model was achieved using ABM and conventional tools and by then comparing the results on the same data set with those derived from developed benchmark models. Finally, the research concludes that the worm propagation process is to a great extent affected by different factors such as configuration diversity, user-behaviour, the infection time lag and the mobility of nodes. It was found that the infection propagation values derived from state-of-the-art mathematical models are hypothetical and do not actually reflect real-world values. In summary, our comparative research study has shown that infection propagation can be reduced due to the natural immunity against worms that can be provided by a holistic exploitation of the range of factors proposed in this work

Modeling the propagation and defense study of internet malicious information

 Dr. Wen\u27s research includes modelling the propagation dynamics of malicious information, exposing the most influential people and source identification of epidemics in social networks. His research is beneficial to both academia and industry in the field of Internet social networks

Multi-level analysis of Malware using Machine Learning

Multi-level analysis of Malware using Machine Learnin

Deep Learning in Mobile and Wireless Networking: A Survey

The rapid uptake of mobile devices and the rising popularity of mobile applications and services pose unprecedented demands on mobile and wireless networking infrastructure. Upcoming 5G systems are evolving to support exploding mobile traffic volumes, agile management of network resource to maximize user experience, and extraction of fine-grained real-time analytics. Fulfilling these tasks is challenging, as mobile environments are increasingly complex, heterogeneous, and evolving. One potential solution is to resort to advanced machine learning techniques to help managing the rise in data volumes and algorithm-driven applications. The recent success of deep learning underpins new and powerful tools that tackle problems in this space. In this paper we bridge the gap between deep learning and mobile and wireless networking research, by presenting a comprehensive survey of the crossovers between the two areas. We first briefly introduce essential background and state-of-the-art in deep learning techniques with potential applications to networking. We then discuss several techniques and platforms that facilitate the efficient deployment of deep learning onto mobile systems. Subsequently, we provide an encyclopedic review of mobile and wireless networking research based on deep learning, which we categorize by different domains. Drawing from our experience, we discuss how to tailor deep learning to mobile environments. We complete this survey by pinpointing current challenges and open future directions for research

Napredna (edge computing) softverska arhitektura za upravljanje resursima i unutrašnje pozicioniranje

In Part I, this thesis aims to shed light on IoT and edge com-puting systems and accompanying computing and architectural paradigms, their definition, areas of application, and common use-cases, as well as operational, business, economical, social challenges and benefits. It illustrates modern needs and requests in building IoT systems and current State-of-The-Art (SoTA) approaches to designing them. Additionally, it discusses the security and privacy topics of IoT and edge computing systems. It also encompasses research, design, and implementation of an MQTT-based Resource Management Framework for Edge Com-puting systems that handle: resource management, failover detection and handover administration, logical and physical workload balancing and protection, and monitoring of physical and logical system resources designed for a real-world IoT platform. The thesis offers insights into modern requests for such frameworks, current SoTA approaches, and offer a solution in the form of a software framework, with minimal implementation and communication overhead. In Part II, the thesis elaborates on IPS, their definition, deploy-ment types, commonly used positioning techniques, areas of application, and common use-cases, as well as operational, business, economic, social challenges, and benefits. It specifically discusses designing IPS for the typical IoT infrastructure. It offers insights to modern IPS requests, current SoTA in solving them, and under-line original approaches from this thesis. It elaborates on the research, design and authors’ implementation of an IPS for the IoT – Bluetooth LowEnergyMicrolocation Asset Tracking (BLEMAT), including its software engines (collections of software components) for: indoor positioning, occupancy detection, visualization, pattern discovery and prediction, geofencing, movement pattern detection, visualization, discovery and prediction, social dynamics analysis, and indoor floor plan layout detection.Deo I teze ima je za cilj da rasvetli IoT i edge computing računarske sisteme i prateće računarske paradigme softverskih arhitektura, njihovu definiciju, područja primene i slučajeve uobičajene upotrebe, kao i operativne, poslovne, ekonomske, i socijalne izazove i koristi. Teza ilustruje savremene potrebe i zahtevi u izgradnji IoT sistema i najsavremeniji pristupi u njihovom dizajniranju. Raspravlja se o temama bezbednosti i privatnosti u IoT i edge computing računarskim sistemima. Kao još jedan glavni zadatak, teza je obuhvata istraživanje, dizajn i implementaciju softverske arhitekture za upravljanje resursima zasnovanim na MQTT komunikacionom protokolu za edge computing računarske sisteme koja se bavi: upravljanjem resursima, detekcijom prestanka rada upravljačkih algoritama i administracijom primopredaje tj. transporta upravljačkih algoritama, i logičkim i fizičkim balansiranjem i zaštitom radnog opterećenja sistema. Diskutuju se savremeni zahtevi za takve softverske arhitekture, trenutni pristupi. Na kraju, prikazuje se rešenje sa minimalnim troškovima implementacije i  komunikacije. Deo II teze ima za cilj da objasni sisteme za unutrašnje pozicioniranje, njihovu definiciju, vrste primene, najčešće korišćene tehnike pozicioniranja, područja primene i uobičajene slučajeve upotrebe, kao i operativne, poslovne, ekonomske, i socijalne izazove i koristi. Posebno se diskutuje o dizajniranju ovakvih sistema za tipičnu IoT infrastrukturu. Nudi se uvid u savremene zahteve sisteme za unutrašnje pozicioniranje, trenutne pristupe u rešavanju istih, i naglašeni su originalni pristupe iz ove teze. Dalje je fokus na istraživanju, dizajniranju i implementaciji sistema za unutrašnje pozicioniranje (BLEMAT), uključujući njegove softverske podsisteme (kolekcije softverskih komponenti) za: pozicioniranje u zatvorenom prostoru, detekciju zauzeća prostorija, vizualizaciju, otkrivanje i predviđanje obrazaca kretanja, geofencing, vizualizaciju i analizu društvene dinamike i detekciju rasporeda prostorija unutrašnjeg prostora

Information security behaviour of smartphone users: An empirical study on the students of University of Dhaka, Bangladesh.

Smartphone is the most popular electronic device in the present world. Along with the use of internet, smartphone has made revolution in the information communication technology sector. The current operating systems of smartphones allow to download mobile applications providing diverse types of features and functions. At the present days, the use of smartphone increases to a large extent that it is impossible to think a single day without using the smartphones. The widespread use of smartphones has introduced new types of information security threats, risks and vulnerabilities. The risky user behaviours, non-implementation of security counter measures and storage, and transmission of the vast amount of sensitive information in the smartphones are causing massive information security problems. Security of information is greatly depending on the information security behaviour of the users. Moreover, Information security behaviour has a direct impact to secure the information in the use of smartphone. In this study, the information security behaviour of the students of university of Dhaka, Bangladesh in the use of smartphone has been explored. This study will help to raise information security awareness among the students and encourage the authority to adopt appropriate strategy, policy and develop necessary training program to resolve information security risks in the use of smartphones. However, further research can be conducted by inclusion of a large sample size out of the students of other universities also

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph