Intelligent OS X malware threat detection with code inspection

With the increasing market share of Mac OS X operating system, there is a corresponding increase in the number of malicious programs (malware) designed to exploit vulnerabilities on Mac OS X platforms. However, existing manual and heuristic OS X malware detection techniques are not capable of coping with such a high rate of malware. While machine learning techniques offer promising results in automated detection of Windows and Android malware, there have been limited efforts in extending them to OS X malware detection. In this paper, we propose a supervised machine learning model. The model applies kernel base Support Vector Machine (SVM) and a novel weighting measure based on application library calls to detect OS X malware. For training and evaluating the model, a dataset with a combination of 152 malware and 450 benign were is created. Using common supervised Machine Learning algorithm on the dataset, we obtain over 91% detection accuracy with 3.9% false alarm rate. We also utilize Synthetic Minority Over-sampling Technique (SMOTE) to create three synthetic datasets with different distributions based on the refined version of collected dataset to investigate impact of different sample sizes on accuracy of malware detection. Using SMOTE datasets we could achieve over 96% detection accuracy and false alarm of less than 4%. All malware classification experiments are tested using cross validation technique. Our results reflect that increasing sample size in synthetic datasets has direct positive effect on detection accuracy while increases false alarm rate in compare to the original dataset

Graph-Based Comparison Of Iot And Android Malware

The growth in the number of android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware) that can run on both, affecting their ecosystems. Thus, it is essential to understand those malware towards their detection. In this work, we look into a comparative study of android and IoT malware through the lenses of graph measures: we construct abstract structures, using the control flow graph (CFG) to represent malware binaries. Using those structures, we conduct an in-depth analysis of malicious graphs extracted from the android and IoT malware. By reversing 2,874 and 201 malware binaries corresponding to the IoT and android platforms, respectively, extract their CFGs, and analyze them across both general characteristics, such as the number of nodes and edges, as well as graph algorithmic constructs, such as average shortest path, betweenness, closeness, density, etc. Using the CFG as an abstract structure, we emphasize various interesting findings, such as the prevalence of unreachable code in android malware, noted by the multiple components in their CFGs, the high density, strong closeness and betweenness, and larger number of nodes in the android malware, compared to the IoT malware, highlighting its higher order of complexity. We note that the number of edges in android malware is larger than that in IoT malware, highlighting a richer flow structure of those malware samples, despite their structural simplicity (number of nodes). We note that most of those graph-based properties can be used as discriminative features for classification

Certified PUPP: abuse in authenticode code signing

Code signing is a solution to verify the integrity of software and its publisher\u2019s identity, but it can be abused by malware and potentially unwanted programs (PUP) to look benign. This work performs a systematic analysis of Windows Authenticode code signing abuse, evaluating the effectiveness of existing defenses by certification authorities. We identify a problematic scenario in Authenticode where timestamped signed malware successfully validates even after the revocation of their code signing certificate. We propose hard revocations as a solution. We build an infrastructure that automatically analyzes potentially malicious executables, selects those signed, clusters them into operations, determines if they are PUP or malware, and produces a certificate blacklist. We use our infrastructure to evaluate 356 K samples from 2006-2015. Our analysis shows that most signed samples are PUP (88%-95%) and that malware is not commonly signed (5%\u201312%). We observe PUP rapidly increasing over time in our corpus. We measure the effectiveness of CA defenses such as identity checks and revocation, finding that 99.8% of signed PUP and 37% of signed malware use CA-issued certificates and only 17% of malware certificates and 15% of PUP certificates have been revoked. We observe most revocations lack an accurate revocation reason. We analyze the code signing infrastructure of the 10 largest PUP operations exposing that they heavily use file and certificate polymorphism and that 7 of them have multiple certificates revoked. Our infrastructure also generates a certificate blacklist 9x larger than current ones

EFFECT OF ELEVATED TEMPERATURE ON MECHANICAL PROPERTIES OF FIBER SELF COMPACTING CONCRETE

This study presents the effect of elevated temperature on mass loss ratio, ultrasonic pulse velocity, compressive strength, tensile strength, and flexural strength of self-compacting concrete (SCC) and fiber reinforced self-compacting (FRSCC). Slump flow, T50 flowing time, L-box and GTM screen stabilities were investigated. The experimental program consist of six mixtures. The control mixture SCC were made without fibers. The other five mixtures made with added three different types of fibers (Polypropylene, steel, and glass). 0.1% Polypropylene fibers, 1% glass fibers and 1% steel fibers by concrete volume were used for PFSCC, GFSCC and SFSCC mixtures respectively. For HFSCC1, 0.05% polypropylene fibers and 0.5% steel fibers by concrete volume were added. For HFSCC2 mix added 0.5% glass fibers and 0.5% steel fibers by concrete volume.The properties of SCC and FRSCC mixtures at 20 °C, 200°C, 400°C, 600°C, and 800 °C were measured after 28 days. The specimens were heated by using electric furnace at a rate of 5 °C /min. The results show that the compressive strength, tensile strength and flexural strength increased with the increasing temperature up to 200 °C and decreased at a temperature higher than 200°C. The PP fibers reduced and eliminated the risk of the spalling in the SCC. With increasing temperature the concrete mixes including steel fibers and hybrid fibers appear the best mechanical properties and spalling resistance. The weight losses for the SCC mixtures with PP and steel fiber were lower than those without PP and steel fibers. In general, fibers decreased fresh concrete properties

The Behavior of a Strengthened Steel Beam Section Under Eccentric Loadings

Thirteen simply supported steel samples have been tested to explain the effects of strengthening steel beams using an external prestressing strand. The samples have the same cross-sectional dimensions and overall length. One steel beam without strengthening was taken as a reference, while the other twelve of them had been strengthening by two external strands at various eccentricity locations and jacking stresses. The strengthening by external prestressing strands is sub-divided into two series according to jacking stress. Each series consists of six steel samples divided according to the eccentricity location of prestressing strand. During tests, it was found that the Load deflection response for the strengthened samples is stiffer as compared with the reference. The increasing percentage in ultimate load capacity was increased to 0.347, 2.758, 3.921, 8.898, 9.326, and 10.256% for beams under jacking stress of 1120 MPa, while increasing percentage in ultimate load capacity were increased to 0.17, 26, 33, 48.5, 13.7, and 69.56% for beams under jacking stress of 815 MPa. On the other hand, the maximum percentages of deflection were decreased to 4.88, 2.44, 20.62, 15, and 9.7% when the jacking stress increase from 815 to 1120 MPa and the ratio of the quarter to mid-span deflection (δ quarter / δ mid) is about 0.528 and 0.497 when jacking stress is 1120 and 815 MPa respectively. So, the increase in jacking stresses from 815 to 1120 MPa will not be preferable because it has a little increasing percentage in stiffening and behaviors compared with other tested beams at the same condition