Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection

Improving fairness and utilisation in ad hoc networks

Ad hoc networks represent the current de-facto alternative for infrastructure-less environments, due to their self-configuring and resilience characteristics. Ad hoc networks flexibility benefits, such as unrestrained computing, lack of centralisation, and ease of deployment at low costs, are tightly bound with relevant deficiencies such as limited resources and management difficulty. Ad hoc networks witnessed high attention from the research community due to the numerous challenges faced when deploying such a technology in real scenarios. Starting with the nature of the wireless environment, which raises significant transmission issues when compared with the wired counterpart, ad hoc networks require a different approach when addressing the data link problems. Further, the high packet loss due to wireless contention, independent of network congestion, requires a different approach when considering quality of service degradation and unfair channel resources distribution among competing flows. Although these issues have already been considered to some extent by researchers, there is still room to improve quality of service by reducing the effect of packet loss and fairly distributing the medium access among competing nodes. The aim of this thesis is to propose a set of mechanisms to alleviate the effect of packet loss and to improve fairness in ad hoc networks. A transport layer algorithm has been proposed to overcome the effects of hidden node collisions and to reduce the impact of wireless link contention by estimating the four hop delay and pacing packet transmissions accordingly. Furthermore, certain topologies have been identified, in which the standard IEEE 802.11 faces degradation in channel utilisation and unfair bandwidth allocation. Three link layer mechanisms have been proposed to tackle the challenges the IEEE 802.11 faces in the identified scenarios to impose fairness in ad hoc networks through fairly distributing channel resources between competing nodes. These mechanisms are based on monitoring the collision rate and penalising the greedy nodes where no competing nodes can be detected but interference exists, monitoring traffic at source nodes to police access to the channel where only source nodes are within transmission range of each other, and using MAC layer acknowledgements to flag unfair bandwidth allocation in topologies where only the receivers are within transmission range of each other. The proposed mechanisms have been integrated into a framework designed to adapt and to dynamically select which mechanism to adopt, depending on the network topology. It is important to note that the proposed mechanisms and framework are not alternatives to the standard MAC protocol but are an enhancement and are triggered by the failure of the IEEE 802.11 protocol to distribute the channel resources fairly. All the proposed mechanisms have been validated through simulations and the results obtained from the experiments show that the proposed schemes fairly distribute channel resources fairly and outperform the performance of the IEEE 802.11 protocol in terms of channel utilisation as well as fairness.EThOS - Electronic Theses Online ServiceGBUnited Kingdo