85 research outputs found

    FIREFOX ADD-ON FOR METAMORPHIC JAVASCRIPT MALWARE DETECTION

    Get PDF
    With the increasing use of the Internet, malicious software has more frequently been designed to take control of users computers for illicit purposes. Cybercriminals are putting a lot of efforts to make malware difficult to detect. In this study, we demonstrate how the metamorphic JavaScript malware can effect a victim’s machine using a malicious or compromised Firefox add-on. Following the same methodology, we develop another add-on with malware static detection technique to detect metamorphic JavaScript malware

    Morphing Web Pages to Preclude Web Page Tampering Threats

    Get PDF
    O número de utilizadores da Internet continua a aumentar todos os anos e a Internet é cada vez mais uma ferramenta diária na vida de cada indivíduo, utilizada como instrumento de trabalho ou de entretenimento. Contudo, ao navegar na Internet, os utilizadores tornam-se possíveis alvos de ataques informáticos um vez que efetuam transações de dados, muitas vezes privados e sensíveis, com servidores remotos.Entre os diferentes ataques informáticos existentes, destaca-se o ataque MitB que deu origem ao tema desta dissertação. Os ataques MitB são realizados com recurso a Malware instalado e em execução nos computadores dos utilizadores, que tem acesso às informações das janelas dos navegadores de Internet - por exemplo através de bibliotecas de funções do sistema operativo ou até recorrendo a extensões dos navegadores de Internet. Estes ataques utilizam âncoras do DOM para identificar as secções de uma página web onde pretendem atacar - recolhendo dados ou modificando a própria página. O resultado do ataque será diretamente influenciado pela capacidade do Malware em identificar os pontos de ataque numa determinada página web.O Polimorfismo é um conceito geral que pode ser aplicado a páginas web como uma ferramenta para neutralizar e derrotar este tipo de ataques informáticos, tal como foi documentado pela empresa Shape Security, Inc. em 2014. Aplicando técnicas de polimorfismo a páginas web, as respostas de um servidor serão textualmente diferentes entre si, mas o resultado visual apresentado ao utilizador será sempre o mesmo. Concretamente, os valores dos atributos estáticos e a estrutura dos documentos HTML poderão ser modificados no servidor, criando assim versões polimorfas de uma página web. Estas transformações podem ser realizadas em tempo real no servidor ou pré-calculadas. Desta forma, nunca dois documentos HTML serão textualmente iguais, tornando as páginas em alvos em movimento, dificultando os ataques MitB. Este nível de proteção é necessário uma vez que todas as alterações da página realizadas pelo atacante são locais e portanto difíceis de detectar pelas estruturas de segurança e controlo implementadas nos servidores dos fornecedores dos serviços.Neste dissertação, pretende-se desenvolver uma ferramenta baseada em polimorfismo para proteger páginas web e os seus utilizadores dos ataques MitB que recorrem a âncoras do DOM. Esta ferramenta será avaliada em precisão e eficiência. A precisão será avaliada comparando a lista de erros e de avisos gerada pela navegador de Internet para a página original e as várias versões polimorfas produzidas, enquanto que a eficiência será calculada recorrendo a tentativas automáticas de alterações indevidas das páginas protegidas com a ferramenta desenvolvida.The number of Internet users keeps growing every year. Moreover, the Internet is becoming a daily tool, which impacts the individual's lives used either as a work tool or for entertainment purposes. However, by using it, people become possible targets for cyber attacks as they keep exchanging data, sometimes sensitive and private data, with remote servers.Among all the different attacks types, MitB is the reason behind the genesis of this thesis subject. MitB attacks are performed by a computer program running on user's computer that is commonly known as Malware, which has access to what happens inside a browser window. It can be a system library or even a browser extension programmed to, automatically, misrepresent the source code of the client-side server response, and other information stored in user's browsers. They rely on markup and DOM anchors to identify sections of a web page to attack. The end result of an attack will be dictated by the malware's ability to successfully identify the right location on the web page to perform the attack.Polymorphism is a broad concept that can be applied to web pages as a tool to both neutralize and defeat such kind of attacks, as documented by Shape Security, Inc. in 2014. Applying polymorphic techniques to web pages, the server response will be textually different between requests, but the visual display to the user will always be the same. That is, the values of static attributes and the structure of HTML documents may be modified on the server immediately before responses are sent off, creating a polymorphic version of the web page, or by pre-building this new versions on the server to decrease the real time computational costs. Therefore, no two HTML documents will be textually the same, turning web pages in somehow a moving target against MitB attacks. This level of protection is necessary since all changes are made locally, client side, making their detection difficult by control and security structures implemented on the service provider's servers.In this thesis, we aim to develop a tool based on polymorphism to protect web pages and users from MitB attacks based on markup and DOM anchors. This tool will be evaluated by accuracy and efficiency. The first metric will be evaluated by recording and comparing the list of errors and warnings generated by original web pages and by their polymorphic versions created with our tool. The efficiency will be evaluated by running automated attempts for tampering web pages protected by our tool

    Counteracting Phishing Page Polymorphism: An Image Layout Analysis Approach

    Full text link
    Abstract. Many visual similarity-based phishing page detectors have been developed to detect phishing webpages, however, scammers now cre-ate polymorphic phishing pages to breach the defense of those detectors. We call this kind of countermeasure phishing page polymorphism. Poly-morphic pages are visually similar to genuine pages they try to mimic, but they use different representation techniques. It increases the level of difficulty to detect phishing pages. In this paper, we propose an effective detection mechanism to detect polymorphic phishing pages. In contrast to existing approaches, we analyze the layout of webpages rather than the HTML codes, colors, or content. Specifically, we compute the sim-ilarity degree of a suspect page and an authentic page through image processing techniques. Then, the degrees of similarity are ranked by a classifier trained to detect phishing pages. To verify the efficacy of our phishing detection mechanism, we collected 6, 750 phishing pages and 312 mimicked targets for the performance evaluation. The results show that our method achieves an excellent detection rate of 99.6%.

    A Competent Approach for Type of Phishing Attack Detection Using Multi-Layer Neural Network

    Full text link
    With the enlargement of contemporary technologies and the large-scale global computer networks web-attacks are escalating because of emergent curiosity of people and lawful institutions towards internet. Phishing is one of web-attack carried out by attacker using both social and technical engineering. Generally on web more attacks are launched every month with seek of crafting web addict to consider that they are contacting with a legalized entity for the intention of embezzle identity information, logon records and account details. The phishing attack detection and classification methods are utilized for the prevention and in-depth analysis of the attacks. In this paper, the proposed model has been designed with the multi-directional feature analysis along with the Back-Propagation Probabilistic neural network (BP-PNN) classification. The proposed model has performed better in the terms of the accuracy in all of the domains based upon the attack detection and classification

    Ransomware: A New Era of Digital Terrorism

    Get PDF
    This work entails the study of ten nasty ransomwares to reveal out the analytical similarities and differences among them, which will help in understanding the mindset of cyber crooks crawling over the dark net. It also reviews the traps used by ransomware for its distribution and side by side examining the new possibilities of its dispersal. It conclude by divulging inter-relationship between various distribution approaches adopted by ransomwares and some attentive measures to hinder the ransomware and supporting alertness as ultimate tool of defense at user’s hand

    Mimicking anti-viruses with machine learning and entropy profiles

    Get PDF
    The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware

    Mimicking anti-viruses with machine learning and entropy profiles

    Get PDF
    The quality of anti-virus software relies on simple patterns extracted from binary files. Although these patterns have proven to work on detecting the specifics of software, they are extremely sensitive to concealment strategies, such as polymorphism or metamorphism. These limitations also make anti-virus software predictable, creating a security breach. Any black hat with enough information about the anti-virus behaviour can make its own copy of the software, without any access to the original implementation or database. In this work, we show how this is indeed possible by combining entropy patterns with classification algorithms. Our results, applied to 57 different anti-virus engines, show that we can mimic their behaviour with an accuracy close to 98% in the best case and 75% in the worst, applied on Windows’ disk resident malware

    Malware Resistant Data Protection in Hyper-connected Networks: A survey

    Full text link
    Data protection is the process of securing sensitive information from being corrupted, compromised, or lost. A hyperconnected network, on the other hand, is a computer networking trend in which communication occurs over a network. However, what about malware. Malware is malicious software meant to penetrate private data, threaten a computer system, or gain unauthorised network access without the users consent. Due to the increasing applications of computers and dependency on electronically saved private data, malware attacks on sensitive information have become a dangerous issue for individuals and organizations across the world. Hence, malware defense is critical for keeping our computer systems and data protected. Many recent survey articles have focused on either malware detection systems or single attacking strategies variously. To the best of our knowledge, no survey paper demonstrates malware attack patterns and defense strategies combinedly. Through this survey, this paper aims to address this issue by merging diverse malicious attack patterns and machine learning (ML) based detection models for modern and sophisticated malware. In doing so, we focus on the taxonomy of malware attack patterns based on four fundamental dimensions the primary goal of the attack, method of attack, targeted exposure and execution process, and types of malware that perform each attack. Detailed information on malware analysis approaches is also investigated. In addition, existing malware detection techniques employing feature extraction and ML algorithms are discussed extensively. Finally, it discusses research difficulties and unsolved problems, including future research directions.Comment: 30 pages, 9 figures, 7 tables, no where submitted ye
    • …
    corecore