Behavioral Analysis Of Malicious Code Through Network Traffic And System Call Monitoring

Malicious code (malware) that spreads through the Internet-such as viruses, worms and trojans-is a major threat to information security nowadays and a profitable business for criminals. There are several approaches to analyze malware by monitoring its actions while it is running in a controlled environment, which helps to identify malicious behaviors. In this article we propose a tool to analyze malware behavior in a non-intrusive and effective way, extending the analysis possibilities to cover malware samples that bypass current approaches and also fixes some issues with these approaches. © 2011 SPIE.8059The Society of Photo-Optical Instrumentation Engineers (SPIE)Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G., Efficient detection of split personalities in malware (2010) 17th Annual Network and Distributed System Security SymposiumBayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C., A view on current malware behaviors (2009) Usenix Workshop on Large-scale Exploits and Emergent Threats (LEET)Bayer, U., Kruegel, C., Kirda, E., TTanalyze: A tool for analyzing malware (2006) Proc. 15th Ann. Conf. European Inst. for Computer Antivirus Research (EICAR), pp. 180-192Bellard, F., QEMU, a fast and portable dynamic translator (2005) Proc. of the Annual Conference on USENIX Annual Technical Conference, pp. 41-41. , USENIX AssociationBinsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L., On the analysis of the zeus botnet crimeware toolkit (2010) Proc. of the Eighth Annual Conference on Privacy, Security and Trust, PST'2010Blunden, B., (2009) The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, , Jones and Bartlett Publishers, Inc, 1th editionChoi, Y., Kim, I., Oh, J., Ryou, J., PE file header analysis-based packed pe file detection technique (PHAD) (2008) Proc of the International Symposium on Computer Science and Its Applications, pp. 28-31Dinaburg, A., Royal, P., Sharif, M., Lee, W., Ether: Malware analysis via hardware virtualization extensions (2008) Proc. Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), , OctoberFather, H., Hooking windows API-technics of hooking API functions on windows (2004) CodeBreakers J., 1 (2)Franklin, J., Paxson, V., Perrig, A., Savage, S., An inquiry into the nature and causes of the wealth of internet miscreants (2007) Conference on Computer and Communications Security (CCS)Garfinkel, T., Rosenblum, M., A virtual machine introspection based architecture for intrusion detection (2003) Proc. Network and Distributed Systems Security Symposium, pp. 191-206Hoglund, G., Butler, J., (2005) Rootkits: Subverting the Windows Kernel, , Addison- Wesley Professional, 1th editionHolz, T., Engelberth, M., Freiling, F., Learning more about the underground economy: A case-study of keyloggers and dropzones (2008) Reihe Informatik TR-2008-006, , University of Mannheimhttp://www.joebox.org/Kang, M.G., Poosankam, P., Yin, H., Renovo: A hidden code extractor for packed exe-cutables (2007) Proc. of the 2007 ACM Workshop on Recurring Malcode (WORM 2007)Kong, J., (2007) Designing BSD Rootkits, , No Starch Press, 1th editionLeder, F., Werner, T., Know your enemy: Containing conficker (2009) The Honeynet Project & Research AllianceMartignoni, L., Christodorescu, M., Jha, S., Omniunpack: Fast, generic, and safe unpack-ing of malware (2007) Proc. of the Annual Computer Security Applications Conference (ACSAC)http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde- d599bac8184a/pecoff_v8.docxMoser, A., Kruegel, C., Kirda, E., Limits of static analysis for malware detection (2007) ACSAC, pp. 421-430. , IEEE Computer Societyhttp://www.securelist.com/en/descriptions/old145521http://www.softpanorama.org/Malware/Malware_defense_history/ Malware_gallery/Network_worms/allaple_rahack.shtmlSong, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Saxena, P., BitBlaze: A new approach to computer security via binary analysis (2008) Proc. of the 4th International Conference on Information Systems SecurityWillems, G., Holz, T., Freiling, F., Toward automated dynamic malware analysis using CWSandbox (2007) IEEE Security and Privacy, 5 (2), pp. 32-39. , DOI 10.1109/MSP.2007.45Yegneswaran, V., Saidi, H., Porras, P., Eureka: A framework for enabling static analysis on malware (2008) Technical Report SRI-CSL-08-01 Computer Science Laboratory and College of Computing, , Georgia Institute of Technolog

Chemical and spectroscopic characterization of humic acids extracted from the bottom sediments of a Brazilian subtropical microbasin

International audienceHumic substances (HS) perform a fundamental role in aquatic environments, exhibiting different levels of reactivity in retaining metal ions and organic pollutants. Also, they control the primary production of these ecosystems and act in the carbon sequestering process. In order to improve our understanding vis-à-vis the structural and functional features of HS from aquatic systems, this study aimed to chemically and spectroscopically characterize humic acids (HA) isolated from bottom sediment samples of a stream in a Brazilian subtropical microbasin by elemental analysis, and infrared (FT-IR), ultraviolet and visible (UV-Vis) and solid-state 13C nuclear magnetic resonance (CP-MAS 13C NMR) spectroscopies, thermogravimetry (TG), and scanning electron microscopy (SEM). Although all samples originated from the same environment, the data showed that the HA have distinct chemical and spectroscopic properties, and that the location and characteristics of the sampling points from which the sediments were collected played an important role in the differences observed. Furthermore, vascular plant matter is probably the main contributor to these samples

Large atom number dual-species magneto-optical trap for fermionic 6Li and 40K atoms

We present the design, implementation and characterization of a dual-species magneto-optical trap (MOT) for fermionic 6Li and 40K atoms with large atom numbers. The MOT simultaneously contains 5.2x10^9 6Li-atoms and 8.0x10^9 40K-atoms, which are continuously loaded by a Zeeman slower for 6Li and a 2D-MOT for 40K. The atom sources induce capture rates of 1.2x10^9 6Li-atoms/s and 1.4x10^9 40K-atoms/s. Trap losses due to light-induced interspecies collisions of ~65% were observed and could be minimized to ~10% by using low magnetic field gradients and low light powers in the repumping light of both atomic species. The described system represents the starting point for the production of a large-atom number quantum degenerate Fermi-Fermi mixture

Surto alimentar por Salmonella Enteritidis no Noroeste do Estado de São Paulo, Brasil

A foodborne outbreak which affected 211 persons occurred, in a School, in 1993. The epidemiological data obtained by interviewing the affected and non affected persons sampled showed as predominant symptoms: diarrhoea, fever (77.7%), abdominal cramps (67.7%), vomiting (65.8%), hot-and-cold sensations (54.5%) and headache (44.5%). The median incubation period was of 17 hours, the limits being 3 and 29 hours. The disease period was of from 3 to 4 days. The food concerned was a kind of paté, a mayonnaise mixture prepared with fresh eggs with boiled potatoes that was consumed with bread. The biological material analysis - 3 coprocultures, and leftovers of the food revealed the presence of one and the same organism: Salmonella Enteritidis. In the food, the numbers of this bacterium per gram were sufficient to account for the manifestation of the disease (104 and 105/g). The antibiogram of all the isolates showed the same sensibility pattern. The preparation related to this outbreak suggests the endogenous contamination of the eggs; the cross contamination - the outbreak affected three school periods, as the food was prepared separately for each school period; and the conditions under which the food was kept during the time from preparation to consumption. The observation of the 3 food handlers, by successive coprocultures, for one week, indicates that they were not asymptomatic carriers nor were they affected as a result of this outbreak by the causal bacteria.Em 1993 ocorreu um surto alimentar em escola, com 211 afetados. Os dados epidemiológicos levantados por entrevista de amostragem de afetados e não afetados mostraram que os sintomas predominantes foram diarréia, febre (77,7%), dor abdominal (67,7%), vômito (65,8%), calafrios (54,5%) e cefaléia (44,5%). A mediana de incubação foi de 17 horas, com limites entre 3 e 29 horas. A duração da doença foi de 3 a 4 dias. O alimento consumido foi um tipo de patê, mistura de molho de maionese preparada com ovos crus com batata cozida, passado em pão. A análise de material biológico (3 coproculturas) e de restos de alimentos revelou a presença do mesmo microrganismo, a Salmonella Enteritidis. No caso dos alimentos, o número encontrado desta bactéria por gramo de produto era compatível com a quantidade de células necessária para desencadear a doença (10(4)e 10(5)/g). O antibiograma de todas as cepas isoladas revelou o mesmo padrão de sensibilidade. As falhas no preparo do alimento relacionadas com o levantamento indicam a possibilidade de contaminação endógena dos ovos; contaminação cruzada - o surto afetou três períodos escolares, sendo que para cada um o alimento foi preparado em separado - e as condições de manutenção do alimento após preparo e até o consumo. A observação por uma semana seguida das 3 merendeiras envolvidas, através de coprocultura, não indicaram que as mesmas fossem portadoras assintomáticas desta bactéria ou que tivessem sido envolvidas no surto em questão

Identification of pathogens and virulence profile of Rhodococcus equi and Escherichia coli strains obtained from sand of parks

The identification of pathogens of viral (Rotavirus, Coronavirus), parasitic (Toxocara spp.) and bacterial (Escherichia coli, Salmonella spp., Rhodococcus equi) origin shed in feces, and the virulence profile of R. equi and E. coli isolates were investigated in 200 samples of sand obtained from 40 parks, located in central region of state of Sao Paulo, Brazil, using different diagnostic methods. From 200 samples analyzed, 23 (11.5%) strains of R. equi were isolated. None of the R. equi isolates showed a virulent (vapA gene) or intermediately virulent (vapB gene) profiles. Sixty-three (31.5%) strains of E. coli were identified. The following genes encoding virulence factors were identified in E. coli: eae, bfp, saa, iucD, papGI, sfa and hly. Phylogenetic classification showed that 63 E. coli isolates belonged to groups B1 (52.4%), A (25.4%) and B2 (22.2%). No E. coli serotype O157:H7 was identified. Eggs of Toxocara sp. were found in three parks and genetic material of bovine Coronavirus was identified in one sample of one park. No Salmonella spp. and Rotavirus isolates were identified in the samples of sand. The presence of R. equi, Toxocara sp, bovine Coronavirus and virulent E. coli isolates in the environment of parks indicates that the sanitary conditions of the sand should be improved in order to reduce the risks of fecal transmission of pathogens of zoonotic potential to humans in these places.485492Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP

The Lamb shift in muonic hydrogen and the proton radius

By means of pulsed laser spectroscopy applied to muonic hydrogen (μ− p) we have measured the 2S F = 1 1/2 − 2PF = 2 3/2 transition frequency to be 49881.88(76) GHz. By comparing this measurement with its theoretical prediction based on bound-state QED we have determined a proton radius value of rp = 0.84184 (67) fm. This new value is an order of magnitude preciser than previous results but disagrees by 5 standard deviations from the CODATA and the electronproton scattering values. An overview of the present effort attempting to solve the observed discrepancy is given. Using the measured isotope shift of the 1S-2S transition in regular hydrogen and deuterium also the rms charge radius of the deuteron rd = 2.12809 (31) fm has been determined. Moreover we present here the motivations for the measurements of the μ 4He + and μ 3He + 2S-2P splittings. The alpha and triton charge radii are extracted from these measurements with relative accuracies of few 10 − 4. Measurements could help to solve the observed discrepancy, lead to the best test of hydrogen-like energy levels and provide crucial tests for few-nucleon ab-initio theories and potentials

Anisotropic flow of charged hadrons, pions and (anti-)protons measured at high transverse momentum in Pb-Pb collisions at sNN=2.76\sqrt{s_{\rm NN}}=2.76 TeV

The elliptic, $v_2$, triangular, $v_3$, and quadrangular, $v_4$, azimuthal anisotropic flow coefficients are measured for unidentified charged particles, pions and (anti-)protons in Pb-Pb collisions at $\sqrt{s_{\rm NN}} = 2.76$ TeV with the ALICE detector at the Large Hadron Collider. Results obtained with the event plane and four-particle cumulant methods are reported for the pseudo-rapidity range $|\eta|<0.8$ at different collision centralities and as a function of transverse momentum, $p_{\rm T}$, out to $p_{\rm T}=20$ GeV/$c$. The observed non-zero elliptic and triangular flow depends only weakly on transverse momentum for $p_{\rm T}>8$ GeV/$c$. The small $p_{\rm T}$ dependence of the difference between elliptic flow results obtained from the event plane and four-particle cumulant methods suggests a common origin of flow fluctuations up to $p_{\rm T}=8$ GeV/$c$. The magnitude of the (anti-)proton elliptic and triangular flow is larger than that of pions out to at least $p_{\rm T}=8$ GeV/$c$ indicating that the particle type dependence persists out to high $p_{\rm T}$.Comment: 16 pages, 5 captioned figures, authors from page 11, published version, figures at http://aliceinfo.cern.ch/ArtSubmission/node/186