Using of Sound-Based Communication in the Process of Malware Distribution without Connectivity to Network Services

Nowadays, in today’s society based on a wide range of the technical and computing devices, it opens wide scope for misusing vulnerabilities of managing software, for destructive or enriching purposes. Daily are developed and deployed increasingly sophisticated malicious software, enabling the controlling of contested system or misusing sensitive information that infected system stores. One of the yet unexplored areas represent non-standard forms of communication used by such software, without access to network services, which could in the future represent a real threat to certain conditions. This article describes the design and subsequent implementation of a special type of malicious software that communications components are based on IRC (Internet Relay Chat) and in case of unavailability of the network connection takes into account the possibility of communicating infected computer systems by generating sound waves. It examines the various branches of behavior, based on ongoing conditions, its weaknesses, and finally points out the most important indicators of the effectiveness of its activities. The second part of the article is devoted to experimental methods of communication using sound waves with frequencies outside the audible range. The last part of the article presents the results of a questionnaire, which clearly point to the widespread use of equipment needed to run the branches of the virus, which is closely associated with the generation of signals with the help of sound waves, and thus point to the threat of the possible use of similarly based viruses in real operation. In conclusion, it is pointed out to the fact that a similar type of malware is fully usable under certain conditions, and it can be fully deployed in real environment

ΔRLE: Lossless data compression algorithm using delta transformation and optimized bit-level run-length encoding

Lossless data compression algorithms can use statistical redundancy to represent data using a fewer number of bits in comparison to the original uncompressed data. Run-Length Encoding (RLE) is one of the simplest lossless compression algorithms in terms of understanding its principles and software implementation, as well as in terms of temporal and spatial complexity. If this principle is applied to individual bits of original uncompressed data without respecting the byte boundaries, this approach is referred to as bit-level Run-Length Encoding. Lightweight algorithm for lossless data compression proposed in this paper optimizes bit-level RLE data compression, uses special encoding of repeating data blocks, and, if necessary, combines it with delta data transformation or representation of data in its original form intending to increase compression efficiency compared to a conventional bit-level RLE approach. The advantage of the algorithm proposed in this paper is in its low time and memory consumption which are basic features of RLE, along with the simultaneous increase of compression ratio, compared to the classical bit-level RLE approach

MLMD—A Malware-Detecting Antivirus Tool Based on the XGBoost Machine Learning Algorithm

This paper focuses on training machine learning models using the XGBoost and extremely randomized trees algorithms on two datasets obtained using static and dynamic analysis of real malicious and benign samples. We then compare their success rates—both mutually and with other algorithms, such as the random forest, the decision tree, the support vector machine, and the naïve Bayes algorithms, which we compared in our previous work on the same datasets. The best performing classification models, using the XGBoost algorithm, achieved 91.9% detection accuracy and 98.2% sensitivity, 0.853 AUC, and 0.949 F1 score on the static analysis dataset, and 96.4% accuracy and 98.5% sensitivity, 0.940 AUC, and 0.977 F1 score on the dynamic analysis dataset. Then, we exported the best performing machine learning models and used them in our proposed MLMD program, automating the process of static and dynamic analysis and allowing the trained models to be used for classification on new samples