55,310 research outputs found
PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware
PowerShell is nowadays a widely-used technology to administrate and manage
Windows-based operating systems. However, it is also extensively used by
malware vectors to execute payloads or drop additional malicious contents.
Similarly to other scripting languages used by malware, PowerShell attacks are
challenging to analyze due to the extensive use of multiple obfuscation layers,
which make the real malicious code hard to be unveiled. To the best of our
knowledge, a comprehensive solution for properly de-obfuscating such attacks is
currently missing. In this paper, we present PowerDrive, an open-source, static
and dynamic multi-stage de-obfuscator for PowerShell attacks. PowerDrive
instruments the PowerShell code to progressively de-obfuscate it by showing the
analyst the employed obfuscation steps. We used PowerDrive to successfully
analyze thousands of PowerShell attacks extracted from various malware vectors
and executables. The attained results show interesting patterns used by
attackers to devise their malicious scripts. Moreover, we provide a taxonomy of
behavioral models adopted by the analyzed codes and a comprehensive list of the
malicious domains contacted during the analysis
Parallel and Distributed Simulation from Many Cores to the Public Cloud (Extended Version)
In this tutorial paper, we will firstly review some basic simulation concepts
and then introduce the parallel and distributed simulation techniques in view
of some new challenges of today and tomorrow. More in particular, in the last
years there has been a wide diffusion of many cores architectures and we can
expect this trend to continue. On the other hand, the success of cloud
computing is strongly promoting the everything as a service paradigm. Is
parallel and distributed simulation ready for these new challenges? The current
approaches present many limitations in terms of usability and adaptivity: there
is a strong need for new evaluation metrics and for revising the currently
implemented mechanisms. In the last part of the paper, we propose a new
approach based on multi-agent systems for the simulation of complex systems. It
is possible to implement advanced techniques such as the migration of simulated
entities in order to build mechanisms that are both adaptive and very easy to
use. Adaptive mechanisms are able to significantly reduce the communication
cost in the parallel/distributed architectures, to implement load-balance
techniques and to cope with execution environments that are both variable and
dynamic. Finally, such mechanisms will be used to build simulations on top of
unreliable cloud services.Comment: Tutorial paper published in the Proceedings of the International
Conference on High Performance Computing and Simulation (HPCS 2011). Istanbul
(Turkey), IEEE, July 2011. ISBN 978-1-61284-382-
Best practices for deploying digital games for personal empowerment and social inclusion
Digital games are being increasingly used in initiatives to promote personal empowerment and social inclusion (PESI) of disadvantaged groups through learning and participation. There is a lack of knowledge regarding best practices, however. The literature on game-based learning insufficiently addresses the process and context of game-based practice and the diversity of contexts and intermediaries involved in PESI work. This paper takes an important step in addressing this knowledge gap using literature review, case studies, and expert consultation. Based on our findings, we formulate a set of best practices for different stakeholders who wish to set up a project using digital games for PESI. The seven cases in point are projects that represent various application domains of empowerment and inclusion. Case studies were conducted using documentation and interviews, covering background and business case, game format/technology, user groups, usage context, and impact assessment. They provide insight into each case’s strengths and weaknesses, allowing a meta-analysis of the important features and challenges of using digital games for PESI. This analysis was extended and validated through discussion at two expert workshops. Our study shows that a substantial challenge lies in selecting or designing a digital game that strikes a balance between enjoyment, learning and usability for the given use context. The particular needs of the target group and those that help implement the digital game require a highly specific approach. Projects benefit from letting both intermediaries and target groups contribute to the game design and use context. Furthermore, there is a need for multi-dimensional support to facilitate the use and development of game-based practice. Integrating game use in the operation of formal and informal intermediary support organiszations increases the chances at reaching, teaching and empowering those at risk of exclusion. The teachers, caregivers and counsellors involved in the implementation of a game-based approach, in turn can be helped through documentation and training, in combination with structural support
Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild
In this paper, we seek to better understand Android obfuscation and depict a
holistic view of the usage of obfuscation through a large-scale investigation
in the wild. In particular, we focus on four popular obfuscation approaches:
identifier renaming, string encryption, Java reflection, and packing. To obtain
the meaningful statistical results, we designed efficient and lightweight
detection models for each obfuscation technique and applied them to our massive
APK datasets (collected from Google Play, multiple third-party markets, and
malware databases). We have learned several interesting facts from the result.
For example, malware authors use string encryption more frequently, and more
apps on third-party markets than Google Play are packed. We are also interested
in the explanation of each finding. Therefore we carry out in-depth code
analysis on some Android apps after sampling. We believe our study will help
developers select the most suitable obfuscation approach, and in the meantime
help researchers improve code analysis systems in the right direction
Dynamic and Transparent Analysis of Commodity Production Systems
We propose a framework that provides a programming interface to perform
complex dynamic system-level analyses of deployed production systems. By
leveraging hardware support for virtualization available nowadays on all
commodity machines, our framework is completely transparent to the system under
analysis and it guarantees isolation of the analysis tools running on its top.
Thus, the internals of the kernel of the running system needs not to be
modified and the whole platform runs unaware of the framework. Moreover, errors
in the analysis tools do not affect the running system and the framework. This
is accomplished by installing a minimalistic virtual machine monitor and
migrating the system, as it runs, into a virtual machine. In order to
demonstrate the potentials of our framework we developed an interactive kernel
debugger, nicknamed HyperDbg. HyperDbg can be used to debug any critical kernel
component, and even to single step the execution of exception and interrupt
handlers.Comment: 10 pages, To appear in the 25th IEEE/ACM International Conference on
Automated Software Engineering, Antwerp, Belgium, 20-24 September 201
Supporting the Everyday Work of Scientists: Automating Scientific Workflows
This paper describes an action research project that we undertook with National Research Council Canada (NRC) scientists. Based on discussions about their \ud
difficulties in using software to collect data and manage processes, we identified three requirements for increasing research productivity: ease of use for end- \ud
users; managing scientific workflows; and facilitating software interoperability. Based on these requirements, we developed a software framework, Sweet, to \ud
assist in the automation of scientific workflows. \ud
\ud
Throughout the iterative development process, and through a series of structured interviews, we evaluated how the framework was used in practice, and identified \ud
increases in productivity and effectiveness and their causes. While the framework provides resources for writing application wrappers, it was easier to code the applications’ functionality directly into the framework using OSS components. Ease of use for the end-user and flexible and fully parameterized workflow representations were key elements of the framework’s success. \u
Integrated Design Tools for Embedded Control Systems
Currently, computer-based control systems are still being implemented using the same techniques as 10 years ago. The purpose of this project is the development of a design framework, consisting of tools and libraries, which allows the designer to build high reliable heterogeneous real-time embedded systems in a very short time at a fraction of the present day costs. The ultimate focus of current research is on transformation control laws to efficient concurrent algorithms, with concerns about important non-functional real-time control systems demands, such as fault-tolerance, safety,\ud
reliability, etc.\ud
The approach is based on software implementation of CSP process algebra, in a modern way (pure objectoriented design in Java). Furthermore, it is intended that the tool will support the desirable system-engineering stepwise refinement design approach, relying on past research achievements Âż the mechatronics design trajectory based on the building-blocks approach, covering all complex (mechatronics) engineering phases: physical system modeling, control law design, embedded control system implementation and real-life realization. Therefore, we expect that this project will result in an\ud
adequate tool, with results applicable in a wide range of target hardware platforms, based on common (off-theshelf) distributed heterogeneous (cheap) processing units
From supply chains to demand networks. Agents in retailing: the electrical bazaar
A paradigm shift is taking place in logistics. The focus is changing from operational effectiveness to adaptation. Supply Chains will develop into networks that will adapt to consumer demand in almost real time. Time to market, capacity of adaptation and enrichment of customer experience seem to be the key elements of this new paradigm. In this environment emerging technologies like RFID (Radio Frequency ID), Intelligent Products and the Internet, are triggering a reconsideration of methods, procedures and goals. We present a Multiagent System framework specialized in retail that addresses these changes with the use of rational agents and takes advantages of the new market opportunities. Like in an old bazaar, agents able to learn, cooperate, take advantage of gossip and distinguish between collaborators and competitors, have the ability to adapt, learn and react to a changing environment better than any other structure. Keywords: Supply Chains, Distributed Artificial Intelligence, Multiagent System.Postprint (published version
- …