3,004 research outputs found
On the Reverse Engineering of the Citadel Botnet
Citadel is an advanced information-stealing malware which targets financial
information. This malware poses a real threat against the confidentiality and
integrity of personal and business data. A joint operation was recently
conducted by the FBI and the Microsoft Digital Crimes Unit in order to take
down Citadel command-and-control servers. The operation caused some disruption
in the botnet but has not stopped it completely. Due to the complex structure
and advanced anti-reverse engineering techniques, the Citadel malware analysis
process is both challenging and time-consuming. This allows cyber criminals to
carry on with their attacks while the analysis is still in progress. In this
paper, we present the results of the Citadel reverse engineering and provide
additional insight into the functionality, inner workings, and open source
components of the malware. In order to accelerate the reverse engineering
process, we propose a clone-based analysis methodology. Citadel is an offspring
of a previously analyzed malware called Zeus; thus, using the former as a
reference, we can measure and quantify the similarities and differences of the
new variant. Two types of code analysis techniques are provided in the
methodology, namely assembly to source code matching and binary clone
detection. The methodology can help reduce the number of functions requiring
manual analysis. The analysis results prove that the approach is promising in
Citadel malware analysis. Furthermore, the same approach is applicable to
similar malware analysis scenarios.Comment: 10 pages, 17 figures. This is an updated / edited version of a paper
appeared in FPS 201
Recommended from our members
Optimal Solution of Nonlinear Equations Satisfying a Lipschitz Condition
For a given nonnegative e we seek a point x* such that if(x*)[ l) satisfying a Lipschitz condition with the constant K and having a zero in B. The information operator on f consists of n values of arbitrary linear functionals which are computed adaptively. The point x* is constructed by means of an algorithm which is a mapping depending on the information operator. We find an optimal algorithm, i.e., algorithm with the smallest error, which uses n function evaluations computed adaptively. We also exhibit nearly optimal information operators, i.e., the linear functionals for which the error of an optimal algorithm that uses them is almost minimal. Nearly optimal information operators consists of n nonadaptive function evaluations at equispaced points xj in the cube B. This result exhibits the superiority of the T. Aird and J. Rice procedure ZSRCH (IMSL library [1]) over Sobol's approach [7] for solving nonlinear equations in our class of functions. We also prove that the simple search algorithm which yields a point x*=x k such that If(Xk)]= min If(xj)l is nearly optimal. The complexity, i.e., the minimal cost of solving our problem is roughly equal to (K/e)m
Recommended from our members
Minimal number of function evaluations for computing topological degree in two dimensions
A lower bound n-min roughly equal log-2 (diam(T)/m) is established for the minimal number of function evaluations necessary to compute the topological degree of every function f in a class F. The class F consists of continuous functions f = (f1, f2) defined on a triangle T, f: T → R squared, such that the minimal distance between zeros of f1 and zeros of f2 on the boundary of T is not less than m, m > 0. Information is exhibited which permits the computation of the degree for every f in F with at most 2n-min function evaluations. An algorithm, due to Kearfott, uses this information to compute the degree. These results lead to tight lower and upper complexity bounds for this problem
Recommended from our members
Study of Linear Information for Classes of Polynomial Equations
Linear adaptive information for approximating a zero of f is studied where f belongs to the class of polynomials of unbounded degree. A theorem on constrained approximation of smooth functions by polynomials is established
The Analysis of Large Order Bessel Functions in Gravitational Wave Signals from Pulsars
In this work, we present the analytic treatment of the large order Bessel
functions that arise in the Fourier Transform (FT) of the Gravitational Wave
(GW) signal from a pulsar. We outline several strategies which employ
asymptotic expansions in evaluation of such Bessel functions which also happen
to have large argument. Large order Bessel functions also arise in the
Peters-Mathews model of binary inspiralling stars emitting GW and several
problems in potential scattering theory. Other applications also arise in a
variety of problems in Applied Mathematics as well as in the Natural Sciences
and present a challenge for High Performance Computing(HPC).Comment: 8 pages, Uses IEEE style files: Ieee.cls, Ieee.clo and floatsty.sty.
Accepted for publication in High Performance Computing Symposium, May 15-18
(HPCS 2005) Guelph, Ontario, Canad
Recommended from our members
For Which Error Criteria Can We Solve Nonlinear Equations?
For which error criteria can we solve a nonlinear scalar equation f(x) = 0 where f is a real function on the interval [a,b]
Pseudo-finite hard instances for a student-teacher game with a Nisan-Wigderson generator
For an NP intersect coNP function g of the Nisan-Wigderson type and a string
b outside its range we consider a two player game on a common input a to the
function. One player, a computationally limited Student, tries to find a bit of
g(a) that differs from the corresponding bit of b. He can query a
computationally unlimited Teacher for the witnesses of the values of constantly
many bits of g(a). The Student computes the queries from a and from Teacher's
answers to his previous queries. It was proved by Krajicek (2011) that if g is
based on a hard bit of a one-way permutation then no Student computed by a
polynomial size circuit can succeed on all a. In this paper we give a lower
bound on the number of inputs a any such Student must fail on. Using that we
show that there is a pseudo-finite set of hard instances on which all uniform
students must fail. The hard-core set is defined in a non-standard model of
true arithmetic and has applications in a forcing construction relevant to
proof complexity
Recommended from our members
Complexity of Computing Topological Degree of Lipschitz Functions in N Dimensions
Recommended from our members
Asymptotic Optimality of the Bisection Method
The bisection method is shown to possess the asymptotically best rate of convergence for infinitely differentiable functions having zeros of arbitrary multiplicity. If the multiplicity of zeros is bounded methods are known which have asymptotically at least quadratic rate of convergence
Learning Koopman eigenfunctions of stochastic diffusions with optimal importance sampling and ISOKANN
The dominant eigenfunctions of the Koopman operator characterize the metastabilities and slow-timescale dynamics of stochastic diffusion processes. In the context of molecular dynamics and Markov state modeling, they allow for a description of the location and frequencies of rare transitions, which are hard to obtain by direct simulation alone. In this article, we reformulate the eigenproblem in terms of the ISOKANN framework, an iterative algorithm that learns the eigenfunctions by alternating between short burst simulations and a mixture of machine learning and classical numerics, which naturally leads to a proof of convergence. We furthermore show how the intermediate iterates can be used to reduce the sampling variance by importance sampling and optimal control (enhanced sampling), as well as to select locations for further training (adaptive sampling). We demonstrate the usage of our proposed method in experiments, increasing the approximation accuracy by several orders of magnitude
- …