Metamorphic Detection Using Singular Value Decomposition

Metamorphic malware changes its internal structure with each infection, while maintaining its original functionality. Such malware can be difficult to detect using static techniques, since there may be no common signature across infections. In this research we apply a score based on Singular Value Decomposition (SVD) to the problem of metamorphic detection. SVD is a linear algebraic technique which is applicable to a wide range of problems, including facial recognition. Previous research has shown that a similar facial recognition technique yields good results when applied to metamorphic malware detection. We present experimental results and we analyze the effectiveness and efficiency of this SVD-based approach

Hunting for Pirated Software Using Metamorphic Analysis

In this paper, we consider the problem of detecting software that has been pirated and modified. We analyze a variety of detection techniques that have been previously studied in the context of malware detection. For each technique, we empirically determine the detection rate as a function of the degree of modification of the original code. We show that the code must be greatly modified before we fail to reliably distinguish it, and we show that our results offer a significant improvement over previous related work. Our approach can be applied retroactively to any existing software and hence, it is both practical and effective

Hunting For Metamorphic JavaScript Malware

Internet plays a major role in the propagation of malware. A recent trend is the infection of machines through web pages, often due to malicious code inserted in JavaScript. From the malware writer’s perspective, one potential advantage of JavaScript is that powerful code obfuscation techniques can be applied to evade de- tection. In this research, we analyze metamorphic JavaScript malware. We compare the effectiveness of several static detection strategies and we quantify the degree of morphing required to defeat each of these techniques

FIREFOX ADD-ON FOR METAMORPHIC JAVASCRIPT MALWARE DETECTION

With the increasing use of the Internet, malicious software has more frequently been designed to take control of users computers for illicit purposes. Cybercriminals are putting a lot of efforts to make malware difficult to detect. In this study, we demonstrate how the metamorphic JavaScript malware can effect a victim’s machine using a malicious or compromised Firefox add-on. Following the same methodology, we develop another add-on with malware static detection technique to detect metamorphic JavaScript malware

Masquerade detection using Singular Value Decomposition

Information systems and networks are highly susceptible to attacks in the form of intrusions. One such attack is by the masqueraders who impersonate legitimate users. Masqueraders can be detected in anomaly based intrusion detection by identifying the abnormalities in user behavior. This user behavior is logged in log files of different types. In our research we use the score based technique of Singular Value Decomposition to address the problem of masquerade detection on a unix based system. We have data collected in the form of sequential unix commands ran by 50 users. SVD is a linear algebraic technique, which has been previously used for applications like facial recognition. We present experimental results and we analyze the effectiveness and efficiency of this SVD-based masquerade detection

Suppression of threading defects formation during Sb-assisted metamorphic buffer growth in InAs/InGaAs/InP structure

A virtual substrate for high quality InAs epitaxial layer has been attained via metalorganic vapor-phase epitaxy growth of Sb-assisted InxGa1-xAs metamorphic buffers, following a convex compositional continuous gradient of the In content from x = 53 % to 100 %. The use of trimethylantimony (or its decomposition products) as a surfactant has been found to crucially enable the control over the defect formation during the relaxation process. Moreover, an investigation of the wafer offcut-dependence of the defect formation and surface morphology has enabled the achievement of a reliably uniform growth on crystals with offcut towards the [111]B direction

Earth observations from space: Outlook for the geological sciences

Remote sensing from space platforms is discussed as another tool available to geologists. The results of Nimbus observations, the ERTS program, and Skylab EREP are reviewed, and a multidisciplinary approach is recommended for meeting the challenges of remote sensing

Neural malware detection

At the heart of today’s malware problem lies theoretically infinite diversity created by metamorphism. The majority of conventional machine learning techniques tackle the problem with the assumptions that a sufficiently large number of training samples exist and that the training set is independent and identically distributed. However, the lack of semantic features combined with the models under these wrong assumptions result largely in overfitting with many false positives against real world samples, resulting in systems being left vulnerable to various adversarial attacks. A key observation is that modern malware authors write a script that automatically generates an arbitrarily large number of diverse samples that share similar characteristics in program logic, which is a very cost-effective way to evade detection with minimum effort. Given that many malware campaigns follow this paradigm of economic malware manufacturing model, the samples within a campaign are likely to share coherent semantic characteristics. This opens up a possibility of one-to-many detection. Therefore, it is crucial to capture this non-linear metamorphic pattern unique to the campaign in order to detect these seemingly diverse but identically rooted variants. To address these issues, this dissertation proposes novel deep learning models, including generative static malware outbreak detection model, generative dynamic malware detection model using spatio-temporal isomorphic dynamic features, and instruction cognitive malware detection. A comparative study on metamorphic threats is also conducted as part of the thesis. Generative adversarial autoencoder (AAE) over convolutional network with global average pooling is introduced as a fundamental deep learning framework for malware detection, which captures highly complex non-linear metamorphism through translation invariancy and local variation insensitivity. Generative Adversarial Network (GAN) used as a part of the framework enables oneshot training where semantically isomorphic malware campaigns are identified by a single malware instance sampled from the very initial outbreak. This is a major innovation because, to the best of our knowledge, no approach has been found to this challenging training objective against the malware distribution that consists of a large number of very sparse groups artificially driven by arms race between attackers and defenders. In addition, we propose a novel method that extracts instruction cognitive representation from uninterpreted raw binary executables, which can be used for oneto- many malware detection via one-shot training against frequency spectrum of the Transformer’s encoded latent representation. The method works regardless of the presence of diverse malware variations while remaining resilient to adversarial attacks that mostly use random perturbation against raw binaries. Comprehensive performance analyses including mathematical formulations and experimental evaluations are provided, with the proposed deep learning framework for malware detection exhibiting a superior performance over conventional machine learning methods. The methods proposed in this thesis are applicable to a variety of threat environments here artificially formed sparse distributions arise at the cyber battle fronts.Doctor of Philosoph