Automatic Malware Detection

The problem of automatic malware detection presents challenges for antivirus vendors. Since the manual investigation is not possible due to the massive number of samples being submitted every day, automatic malware classication is necessary. Our work is focused on an automatic malware detection framework based on machine learning algorithms. We proposed several static malware detection systems for the Windows operating system to achieve the primary goal of distinguishing between malware and benign software. We also considered the more practical goal of detecting as much malware as possible while maintaining a suciently low false positive rate. We proposed several malware detection systems using various machine learning techniques, such as ensemble classier, recurrent neural network, and distance metric learning. We designed architectures of the proposed detection systems, which are automatic in the sense that extraction of features, preprocessing, training, and evaluating the detection model can be automated. However, antivirus program relies on more complex system that consists of many components where several of them depends on malware analysts and researchers. Malware authors adapt their malicious programs frequently in order to bypass antivirus programs that are regularly updated. Our proposed detection systems are not automatic in the sense that they are not able to automatically adapt to detect the newest malware. However, we can partly solve this problem by running our proposed systems again if the training set contains the newest malware. Our work relied on static analysis only. In this thesis, we discuss advantages and drawbacks in comparison to dynamic analysis. Static analysis still plays an important role, and it is used as one component of a complex detection system.The problem of automatic malware detection presents challenges for antivirus vendors. Since the manual investigation is not possible due to the massive number of samples being submitted every day, automatic malware classication is necessary. Our work is focused on an automatic malware detection framework based on machine learning algorithms. We proposed several static malware detection systems for the Windows operating system to achieve the primary goal of distinguishing between malware and benign software. We also considered the more practical goal of detecting as much malware as possible while maintaining a suciently low false positive rate. We proposed several malware detection systems using various machine learning techniques, such as ensemble classier, recurrent neural network, and distance metric learning. We designed architectures of the proposed detection systems, which are automatic in the sense that extraction of features, preprocessing, training, and evaluating the detection model can be automated. However, antivirus program relies on more complex system that consists of many components where several of them depends on malware analysts and researchers. Malware authors adapt their malicious programs frequently in order to bypass antivirus programs that are regularly updated. Our proposed detection systems are not automatic in the sense that they are not able to automatically adapt to detect the newest malware. However, we can partly solve this problem by running our proposed systems again if the training set contains the newest malware. Our work relied on static analysis only. In this thesis, we discuss advantages and drawbacks in comparison to dynamic analysis. Static analysis still plays an important role, and it is used as one component of a complex detection system

Malware Detection Using a Heterogeneous Distance Function

Classification of automatically generated malware is an active research area. The amount of new malware is growing exponentially and since manual investigation is not possible, automated malware classification is necessary. In this paper, we present a static malware detection system for the detection of unknown malicious programs which is based on combination of the weighted k-nearest neighbors classifier and the statistical scoring technique from [12]. We have extracted the most relevant features from portable executable (PE) file format using gain ratio and have designed a heterogeneous distance function that can handle both linear and nominal features. Our proposed detection method was evaluated on a dataset with tens of thousands of malicious and benign samples and the experimental results show that the accuracy of our classifier is 98.80 %. In addition, preliminary results indicate that the proposed similarity metric on our feature space could be used for clustering malware into families

Útoky na bitově orientované proudové šifry obsahující LFSR

V predloženej práci sa venujeme kryptoanalýze jednej z najznámejších prúdových šifier - šifre A5/1. Táto šifra sa používa na zabezpečenie komunikácie mobilných telefónov, ktoré sú v súlade so štandardom GSM. Základným prvkom šifry A5/1 je LFSR(posuvný register s lineárnymi spätnými väzbami), ktorý sa používa v prúdových šifrách, pretože produkuje postupnosť bitov s vysokou periódou, má dobré štatistické vlastnosti a ľahko sa analyzuje pomocou rôznych algebraických metód. V práci sme popísali a implementovali tri útoky na šifru, ktoré predpokladajú znalosť otvoreného textu. Prvé dva útoky sú typu uhádni a odvoď a posledný je korelačný. Ťažiskom práce je kryptoanalýza od Golića, ktorá predpokladá len 64 bitov otvoreného textu. Charakter jeho implementácie dovoľuje úlohu rozdeliť na paralelne prebiehajúce výpočty, vďaka čomu je možné používať program aj v praxi. Na záver práce sa venujeme korelačnému útoku, ktorý je podstatne rýchleší, ale predpokladá znalosť pomerne veľkého množstva otvoreného textu.In this work we study cryptanalysis one of the most current stream ciphers A5/1. The cipher is used to provide mobile communication privacy in the GSM cellular telephone standard. An essential element of the cipher A5/1 is LFSR( Linear feedback shift register) which is used in stream ciphers because it produces a sequence of bits with high periodicity, has good statistical properties and is easily analyzed using various algebraic methods. At work, we describe and implement three known-plaintext attacks on the cipher. The first two attacks are of the type Guess and Determine and the last one is correlation attack. The focus of the work is cryptanalysis by Golić, which assumes only 64 bits of plaintext. The character of implementation allows to split the work and use parallel-computing, making it possible to use the program in practice. At the end of the work we devote to correlation attack, that is considerably faster, but it assumes knowledge of the relatively large amount of plaintext.Department of AlgebraKatedra algebryFaculty of Mathematics and PhysicsMatematicko-fyzikální fakult

Biologicky motivované algoritmy a možnosti jejich využití v kryptoanalýze

Department of AlgebraKatedra algebryFaculty of Mathematics and PhysicsMatematicko-fyzikální fakult

Yet Another Algebraic Cryptanalysis of Small Scale Variants of AES

This work presents new advances in algebraic cryptanalysis of small scale derivatives of AES. We model the cipher as a system of polynomial equations over GF(2), which involves only the variables of the initial key, and we subsequently attempt to solve this system using Gröbner bases. We show, for example, that one of the attacks can recover the secret key for one round of AES-128 under one minute on a contemporary CPU. This attack requires only two known plaintexts and their corresponding ciphertexts. We also compare the performance of Gröbner bases to a SAT solver, and provide an insight into the propagation of diffusion within the cipher

Attacks against bit-oriented stream ciphers with LFSRs

In this work we study cryptanalysis one of the most current stream ciphers A5/1. The cipher is used to provide mobile communication privacy in the GSM cellular telephone standard. An essential element of the cipher A5/1 is LFSR( Linear feedback shift register) which is used in stream ciphers because it produces a sequence of bits with high periodicity, has good statistical properties and is easily analyzed using various algebraic methods. At work, we describe and implement three known-plaintext attacks on the cipher. The first two attacks are of the type Guess and Determine and the last one is correlation attack. The focus of the work is cryptanalysis by Golić, which assumes only 64 bits of plaintext. The character of implementation allows to split the work and use parallel-computing, making it possible to use the program in practice. At the end of the work we devote to correlation attack, that is considerably faster, but it assumes knowledge of the relatively large amount of plaintext

Attacks against bit-oriented stream ciphers with LFSRs

In this work we study cryptanalysis one of the most current stream ciphers A5/1. The cipher is used to provide mobile communication privacy in the GSM cellular telephone standard. An essential element of the cipher A5/1 is LFSR( Linear feedback shift register) which is used in stream ciphers because it produces a sequence of bits with high periodicity, has good statistical properties and is easily analyzed using various algebraic methods. At work, we describe and implement three known-plaintext attacks on the cipher. The first two attacks are of the type Guess and Determine and the last one is correlation attack. The focus of the work is cryptanalysis by Golić, which assumes only 64 bits of plaintext. The character of implementation allows to split the work and use parallel-computing, making it possible to use the program in practice. At the end of the work we devote to correlation attack, that is considerably faster, but it assumes knowledge of the relatively large amount of plaintext

Development of mini-tennis in South-Moravian region in 2005-2007

Název práce: Vývoj minitenisu na území Jihomoravského kraje 2005 - 2007 Title: Development ofmini-tennis in South-Moravian region in 2005 - 2007 Cíle práce: Cílem bylo zjistit, jakým způsobem v letech 2005 - 2007 docházelo ke změnám počtu tenisových klubů, které se tréninku minitenisu věnují, stejně tak jako ke změnám struktury hráčské základny, na kterou je touto formou působeno. Metoda: Pro zjištění požadovaných informací byl vypracován strukturovaný dotazník, který byl následně rozeslán zástupcům vybraných tenisových klubů příslušného regionu. Další metodou byla analýza dokumentů. Výsledky: Výsledky poukazují na rozšíření zkoumaných ukazatelů během sledovaného období a na podmínky, ve kterých se tréninkové lekce minitenisu realizují. Klíčová slova: sportovní příprava, minitenis, osobnost trenéra, tenisová výuka.