WannaCry Ransomware: Analysis of Infection, Persistence, Recovery Prevention and Propagation Mechanisms, Journal of Telecommunications and Information Technology, 2019, nr 1

In recent years, we have been experiencing fast proliferation of different types of ransomware targeting home users, companies and even critical telecommunications infrastructure elements. Modern day ransomware relies on sophisticated infection, persistence and recovery prevention mechanisms. Some recent examples that received significant attention include WannaCry, Petya and BadRabbit. To design and develop appropriate defense mechanisms, it is important to understand the characteristics and the behavior of different types of ransomware. Dynamic analysis techniques are typically used to achieve that purpose, where the malicious binaries are executed in a controlled environment and are then observed. In this work, the dynamic analysis results focusing on the infamous WannaCry ransomware are presented. In particular, WannaCry is examined, during its execution in a purpose-built virtual lab environment, in order to analyze its infection, persistence, recovery prevention and propagation mechanisms. The results obtained may be used for developing appropriate detection and defense solutions for WannaCry and other ransomware families that exhibit similar behavior

Journal of Telecommunications and Information Technology, 2018, nr 1

We consider a two-link system that accommodates Poisson arriving calls from different service-classes and propose a multirate teletraffic loss model for its analysis. Each link has two thresholds, which refer to the number of in-service calls in the link. The lowest threshold, named support threshold, defines up to which point the link can support calls offloaded from the other link. The highest threshold, named offloading threshold, defines the point where the link starts offloading calls to the other link. The adopted bandwidth sharing policy is the complete sharing policy, in which a call can be accepted in a link if there exist enough available bandwidth units. The model does not have a product form solution for the steady state probabilities. However, we propose approximate formulas, based on a convolution algorithm, for the calculation of call blocking probabilities. The accuracy of the formulas is verified through simulation and found to be quite satisfactory

Call Blocking Probabilities of Multirate Elastic and Adaptive Traffic under the Threshold and Bandwidth Reservation Policies, Journal of Telecommunications and Information Technology, 2016, nr 1

This paper proposes multirate teletraffic loss models of a link that accommodates different service-classes of elastic and adaptive calls. Calls follow a Poisson process, can tolerate bandwidth compression and have an exponentially distributed service time. When bandwidth compression occurs, the service time of new and in-service elastic calls increases. Adaptive calls do not alter their service time. All calls compete for the available link bandwidth under the combination of the Threshold (TH) and the Bandwidth Reservation (BR) policies. The TH policy can provide different QoS among service-classes by limiting the number of calls of a service-class up to a predefined threshold, which can be different for each service-class. The BR policy reserves part of the available link bandwidth to benefit calls of high bandwidth requirements. The analysis of the proposed models is based on approximate but recursive formulas, whereby authors determine call blocking probabilities and link utilization. The accuracy of the proposed formulas is verified through simulation and found to be very satisfactory

QoS Equalization in a W-CDMA Cell Supporting Calls of Innite or Finite Sources with Interference Cancelation, Journal of Telecommunications and Information Technology, 2014, nr 3

In this paper, a multirate loss model for the calculation of time and call congestion probabilities in a Wideband Code Division Multiple Access (W-CDMA) cell is considered. It utilizes the Bandwidth Reservation (BR) policy and supports calls generated by an innite or nite number of users. The BR policy achieves QoS equalization by equalizing congestion probabilities among calls of dierent service-classes. In the proposed models a multiple access interference is considered, and the notion of local blocking, user's activity and interference cancelation. Although the analysis of the proposed models reveals that the steady state probabilities do not have a product form solution, the authors show that the calculation of time and call congestion probabilities can be based on approximate but recursive formulas, whose accuracy is veried through simulation and found to be quite satisfactory

A Survey of Attacks Against Twitter Spam Detectors in an Adversarial Environment

Online Social Networks (OSNs), such as Facebook and Twitter, have become a very important part of many people’s daily lives. Unfortunately, the high popularity of these platforms makes them very attractive to spammers. Machine learning (ML) techniques have been widely used as a tool to address many cybersecurity application problems (such as spam and malware detection). However, most of the proposed approaches do not consider the presence of adversaries that target the defense mechanism itself. Adversaries can launch sophisticated attacks to undermine deployed spam detectors either during training or the prediction (test) phase. Not considering these adversarial activities at the design stage makes OSNs’ spam detectors vulnerable to a range of adversarial attacks. Thus, this paper surveys the attacks against Twitter spam detectors in an adversarial environment, and a general taxonomy of potential adversarial attacks is presented using common frameworks from the literature. Examples of adversarial activities on Twitter that were discovered after observing Arabic trending hashtags are discussed in detail. A new type of spam tweet (adversarial spam tweet), which can be used to undermine a deployed classifier, is examined. In addition, possible countermeasures that could increase the robustness of Twitter spam detectors to such attacks are investigated

WannaCry Ransomware: Analysis of Infection, Persistence, Recovery Prevention and Propagation Mechanisms

In recent years, we have been experiencing fast proliferation of different types of ransomware targeting home users, companies and even critical telecommunications infrastructure elements. Modern day ransomware relies on sophisticated infection, persistence and recovery prevention mechanisms. Some recent examples that received significant attention include WannaCry, Petya and BadRabbit. To design and develop appropriate defense mechanisms, it is important to understand the characteristics and the behavior of different types of ransomware. Dynamic analysis techniques are typically used to achieve that purpose, where the malicious binaries are executed in a controlled environment and are then observed. In this work, the dynamic analysis results focusing on the infamous WannaCry ransomware are presented. In particular, WannaCry is examined, during its execution in a purpose-built virtual lab environment, in order to analyze its infection, persistence, recovery prevention and propagation mechanisms. The results obtained may be used for developing appropriate detection and defense solutions for WannaCry and other ransomware families that exhibit similar behaviors

Selecting Bloom-filter header lengths for secure information centric networking

Information-centric networking (ICN) is a new communication paradigm that shifts the focus from end hosts to information objects. Recent studies have shown that ICN can provide more efficient mobility support and multicast/anycast content delivery compared to traditional host-centric solutions. Nevertheless, the ICN solutions proposed so far are not very mature from the security viewpoint. In this paper, we study one of the most important Bloom-filter based ICN forwarding mechanisms and discuss its security vulnerabilities. Next, we propose some enhancements to this mechanism, which aim at increasing its resistance to brute-force attacks. Our proposed solutions are supported by simulation studies