The malSource dataset: quantifying complexity and code reuse in malware development

During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today's cyberattacks and has consolidated as a commodity in the underground economy. In this paper, we analyze the evolution of malware from 1975 to date from a software engineering perspective. We analyze the source code of 456 samples from 428 unique families and obtain measures of their size, code quality, and estimates of the development costs (effort, time, and number of people). Our results suggest an exponential increment of nearly one order of magnitude per decade in aspects such as size and estimated effort, with code quality metrics similar to those of benign software. We also study the extent to which code reuse is present in our dataset. We detect a significant number of code clones across malware families and report which features and functionalities are more commonly shared. Overall, our results support claims about the increasing complexity of malware and its production progressively becoming an industry.This work was supported in part by the Spanish Government through MINECO grants SMOG-DEV (TIN2016-79095-C2-2-R) and DEDETIS (TIN2015-7013-R), and in part by the Regional Government of Madrid through grantsCIBERDINE (S2013/ICE-3095) and N-GREENS (S2013/ICE-2731)

Extracción de información semántica en redes inalámbricas

Desde hace unos años, los dispositivos móviles y en particular los Smartphone y tablets se han consolidado como el producto estrella en el mundo de la electrónica de consumo para el gran público. Un estudio publicado en el verano de 2013 por la consultora Gartner asegura que las ventas de teléfonos móviles inteligentes superaron a las ventas de teléfonos móviles convencionales por primera vez y a nivel mundial durante el segundo trimestre de 2013. Uno de los principales motivos que hacen que este tipo de dispositivos sea tan popular entre los usuarios es que ofrece la oportunidad de disfrutar de un ordenador en la palma de la mano. Permiten navegar por Internet, enviar y recibir correos, chatear con nuestros contactos o compartir las últimas novedades en las redes sociales, esto unido al hecho de que las redes WiFi cada vez tienen más presencia en los lugares de ocio, han hecho posible que estemos conectados las 24h del día con nuestro entorno digital. Sin embargo, para la gran mayoría de los usuarios la seguridad de estos dispositivos no supone un tema preocupante. A pesar de esto, es un aspecto que no conviene olvidar dado que a través de nuestros dispositivos compartimos gran cantidad de información privada y de carácter personal, información que pude acabar en manos de terceras personas si no se presta atención a la seguridad de los dispositivos y de las redes En este documento se detallará el proceso de desarrollo de dos nuevos módulos para la aplicación dSploit, orientada a la auditoría y a pruebas de penetración en redes inalámbricas. Además, se expondrán los mecanismos en los que se sustentan las comunicaciones móviles a través de Internet y como una red insegura puede poner en riesgo nuestra privacidad en la red.In recent years, mobile devices and, in particular, smartphones and tablets have emerged as the star product in the market of consumer electronics for the general public. A study published in the summer of 2013 by technological consultancy Gartner says smartphone sales have surpassed sales of conventional mobile phones for the first time and worldwide in the second quarter of 2013. One of the main reasons why these devices are so popular is that they offer users the opportunity to enjoy a computer in their hands, as it enables you to browse the Internet, send and receive emails, chat with your contacts or share the latest news in social networks. This coupled with the fact that wireless networks are increasingly present in our entertainment places have allow us to be online all long the day. However, for most of the people, the security on mobile devices is not a serious matter. Despite of this, this is an issue that should not be unnoticed about because while using our mobile devices, we share a lot of private information which could be available to third persons if you don’t take care about security on devices and networks. In this document, it’s detailed the development process of two new modules for the dSploit app, used for network analysis and penetration testing. Besides, the mechanisms behind the security of mobile networks will be explained and how an unsecured network could put our online privacy on a jeopardy situation.Ingenieria Informátic