9 resultados para obfuscation
em QUB Research Portal - Research Directory and Institutional Repository for Queen's University Belfast
Resumo:
A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of malware, undermine antimalware software, and thwart malware analysis. Malware writers use packers, polymorphic techniques, and metamorphic techniques to evade intrusion detection systems. The need exists for new antimalware approaches that focus on what malware is doing rather than how it's doing it.
Resumo:
Key stakeholders in the UK charity sector have, in recent years, advocated greater accountability for charity performance. Part of that debate has focussed on the use of conversion ratios as indicators of efficiency, with importance to stakeholders being contrasted with charities’ apparent reluctance to report such measures. Whilst, before 2005, conversion ratios could have been computed from financial statements, changes in the UK charity SORP have radically altered the ability of users to do this. This article explores the impact on the visibility of such information through an analysis of the financial statements of large UK charities before and after the 2005 changes. Overall, the findings suggest that, despite the stated intention of increasing transparency in respect of charity costs, the application of the changes has resulted in charities ‘managing’ the numbers and limiting their disclosures, possibly to the detriment of external stakeholders.
Resumo:
This paper contests traditional analyses of high policing, suggesting that it needs to be decoupled (in theoretical terms) from its umbilical linkage to public actors and the preservation and augmentation of state authority. Arguing that conventional conceptualizations of high policing fail to acknowledge the role of private actors, we adopt the term `private high policing' to more accurately reflect the complexity of this paradigm. In particular, we note a long legacy of protecting dominant interests within corporate power structures, as well as increased involvement in outsourced security services for Western states. This has reached its zenith in the recent conflict/reconstruction efforts in Iraq. Eschewing conventional notions of the `proxy' debate, we propose a more complex relationship of obfuscation whereby both public and private high policing actors cross-permeate and coalesce in the pursuit of symbiotic state and corporate objectives.
Resumo:
N-gram analysis is an approach that investigates the structure of a program using bytes, characters, or text strings. A key issue with N-gram analysis is feature selection amidst the explosion of features that occurs when N is increased. The experiments within this paper represent programs as operational code (opcode) density histograms gained through dynamic analysis. A support vector machine is used to create a reference model, which is used to evaluate two methods of feature reduction, which are 'area of intersect' and 'subspace analysis using eigenvectors.' The findings show that the relationships between features are complex and simple statistics filtering approaches do not provide a viable approach. However, eigenvector subspace analysis produces a suitable filter.
Resumo:
This paper presents a new encryption scheme implemented at the physical layer of wireless networks employing orthogonal frequency-division multiplexing (OFDM). The new scheme obfuscates the subcarriers by randomly reserving several subcarriers for dummy data and resequences the training symbol by a new secure sequence. Subcarrier obfuscation renders the OFDM transmission more secure and random, while training symbol resequencing protects the entire physical layer packet, but does not affect the normal functions of synchronization and channel estimation of legitimate users while preventing eavesdroppers from performing these functions. The security analysis shows the system is robust to various attacks by analyzing the search space using an exhaustive key search. Our scheme is shown to have a better performance in terms of search space, key rate and complexity in comparison with other OFDM physical layer encryption schemes. The scheme offers options for users to customize the security level and key rate according to the hardware resource. Its low complexity nature also makes the scheme suitable for resource limited devices. Details of practical design considerations are highlighted by applying the approach to an IEEE 802.11 OFDM system case study.
Resumo:
Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The framework provides the capability to analyse the behaviour of applications based on an extensive number of dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities for effective analysis and detection of malicious applications.
