Increasing chances of survival for malware using theory of natural selection and the selfish gene

Malware, short for malicious software, is used as a general term for computer viruses, Trojan horses, worms, and other harmful software or code. Malware authors try to obfuscate their code in order to evade antiviral programs. Different analysis techniques are used by antiviral programs in order to detect different encryption and obfuscation methods. Survivability of malware becomes the main concern for an attacker since the malware should usually be able to spread to other computers; use resources of victim's computer; and create new copies of itself. In this thesis, inspired by Darwin's theory of natural selection and the selfish gene concept explained by Richard Dawkins, we propose novel methods which increase the chance of survivability for malware. We implement selfishness, altruistic behavior, mimicry, group selection, and similar behavior models into our experimental malware and we also test our techniques against existing solutions. We develop tools in order to enhance existing malware with features presented in this thesis. Effectiveness of proposed techniques are presented and an experimental test is carried out with a dataset containing more than 300.000 malware samples. Group behavior models are also introduced and methods proposed for enhancing botnets to have better stability (Evolutionarily stable botnet)

TRAPDROID: bare-metal android malware behavior analysis framework

In the realm of mobile devices, malicious applications pose considerable threats to individuals, companies and governments. Cyber security researchers are in a constant race against malware developers and analyze their new methods to exploit them for better detection. In this paper, we present TRAPDROID, a dynamic malware analysis framework mostly focused on capturing unified behavior profiles of applications by analyzing them on physical devices in real-time. Our framework processes events, which are collected from system calls, binder communications, process stats, and hardware performance counters and combines them into a simple, yet meaningful behavior format. We evaluated our framework's detection rate and performance by analyzing an up-to-date malware dataset, which also contains specially crafted applications with malicious intent. The framework is easy to use, fast and providing high accuracy in malware detection with relatively low overhead

An efficient and scalable meeting minutes generation and presentation technique

Meetings are essential for a group of individuals to work together. An important output of meetings is minutes. Taking and distributing minutes is a time consuming task. Also, any new member of a meeting series will not be able to easily refer to old minutes if they are in written or e-mail format. Our contribution to this problem is to propose a new approach for taking meeting minutes that will allow dynamic and cooperative note taking. In addition, resulting minutes will allow any new participant to spend a smaller integration time

Distributed privacy preserving clustering via homomorphic secret sharing and its application to (vertically) partitioned spatio-temporal data

Recent concerns about privacy issues have motivated data mining researchers to develop methods for performing data mining while preserving the privacy of individuals. One approach to develop privacy preserving data mining algorithms is secure multiparty computation, which allows for privacy preserving data mining algorithms that do not trade accuracy for privacy. However, earlier methods suffer from very high communication and computational costs, making them infeasible to use in any real world scenario. Moreover, these algorithms have strict assumptions on the involved parties, assuming involved parties will not collude with each other. In this paper, the authors propose a new secure multiparty computation based k-means clustering algorithm that is both secure and efficient enough to be used in a real world scenario. Experiments based on realistic scenarios reveal that this protocol has lower communication costs and significantly lower computational costs