Detecting unknown anomalous program behavior using API system calls

This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.

Zero-day malware detection based on supervised learning algorithms of API call signatures

Zero-day or unknown malware are created using code obfuscation techniques that can modify the parent code to produce offspring copies which have the same functionality but with different signatures. Current techniques reported in literature lack the capability of detecting zero-day malware with the required accuracy and efficiency. In this paper, we have proposed and evaluated a novel method of employing several data mining techniques to detect and classify zero-day malware with high levels of accuracy and efficiency based on the frequency of Windows API calls. This paper describes the methodology employed for the collection of large data sets to train the classifiers, and analyses the performance results of the various data mining algorithms adopted for the study using a fully automated tool developed in this research to conduct the various experimental investigations and evaluation. Through the performance results of these algorithms from our experimental analysis, we are able to evaluate and discuss the advantages of one data mining algorithm over the other for accurately detecting zero-day malware successfully. The data mining framework employed in this research learns through analysing the behavior of existing malicious and benign codes in large datasets. We have employed robust classifiers, namely Naïve Bayes (NB) Algorithm, k−Nearest Neighbor (kNN) Algorithm, Sequential Minimal Optimization (SMO) Algorithm with 4 differents kernels (SMO - Normalized PolyKernel, SMO – PolyKernel, SMO – Puk, and SMO- Radial Basis Function (RBF)), Backpropagation Neural Networks Algorithm, and J48 decision tree and have evaluated their performance. Overall, the automated data mining system implemented for this study has achieved high true positive (TP) rate of more than 98.5%, and low false positive (FP) rate of less than 0.025, which has not been achieved in literature so far. This is much higher than the required commercial acceptance level indicating that our novel technique is a major leap forward in detecting zero-day malware. This paper also offers future directions for researchers in exploring different aspects of obfuscations that are affecting the IT world today.

API X80 steel transformation microstructures

The data includes EBSD orientation maps of the specimens preheated at 1200 degrees celsius, and deformed at 1100 degrees celsius with 30% reduction and control cooled at the rates of 1, 18, and 95 degrees per second. The resultant microstructures correspond to quasipolygonal ferrite plus granular bainite, and lath bainite, respectively.

An evaluation of API calls hooking performance

An open research question in malware detection is how to accurately and reliably distinguish a malware program from a benign one, running on the same machine. In contrast to code signatures, which are commonly used in commercial protection software, signatures derived from system calls have the potential to form the basis of a much more flexible defense mechanism. However, the performance degradation caused by monitoring systems calls could adversely impact the machine. In this paper we report our experimental experience in implementing API hooking to capture sequences of API calls. The loading time often common programs was benchmarked with three different settings: plain, computer with antivirus and computer with API hook. Results suggest that the performance of this technique is sufficient to provide a viable approach to distinguishing between benign and malware code execution

The relevance of import competition to merger assessment in Australia

The Australian Competition and Consumer Commission has been criticised for failing to take due account of the impact import competition has on domestic firms when assessing whether or not a proposed merger will be likely to substantially lessen competition. This article reviews the approach taken by the ACCC to import competition in its merger assessments. Consideration is given to both the policy adopted by the ACCC and the statistical relevance that has, in fact, been placed on import competition in merger assessment. A conclusion is then drawn as to the appropriateness of the ACCC's current policy and practice.

The times are they a-changin'? Can the Commonwealth parliament legislate for same sex marriages?

This article considers whether the marriage power contained in the Australian Constitution could support a Commonwealth law that recognised same sex marriages. To this end and after outlining the current constitutional meaning according to the High Court, three methods used for interpreting constitutional terms (connotation/denotation, moderate originalism, non-originalism) are examined to ascertain whether they could source such a law to the marriage power. It is submitted that none can do so without betraying their own core interpretative principle or the text and structure of the Constitution. However an alternative method for interpreting [*2] constitutional terms is proffered which may be able to establish a sufficient connection between a law that recognises same sex marriages and the marriage power. It involves recognising 'marriage' as a constitutionalised legal term of art whose meaning can be informed by developments since federation in common law and statute.

The high court on vicarious liability

Vicarious liability (respondeat superior) is a venerable common law doctrine which holds an employer liable for the torts of employees, regardless of the fault of the employer. An employer's liability for the torts of its employees can represent a significant financial obligation and can affect both hiring and operational decisions of businesses. Vicarious liability is a prominent theme in the background of much litigation and is often the reason for litigating the issue of whether or not a worker is an employee. Vicarious liability may also arise through other relationships, such as partnership and agency. Two recent decisions by the High Court of Australia have drawn attention to the issue of vicarious liability. These decisions illuminate the High Court's view of vicarious liability's two main streams: negligence (Hollis v Vabu Pty Ltd) n2 and intentional tort (NSW v Lepore). [*2] n3

Disloyality and divorce: why (and when) the traitor should pay

Loyalty n3 is the catalyst for an enormous amount of admirable human conduct. It is also a desirable virtue: 'in loyalty . . . is the fulfilment of the whole of morality'. n4 It may be justly argued that loyalty grounds more of the principled, honourable and other kinds of non-selfish behaviour in which people engage than does any other moral principle. Curiously, loyalty is almost totally ignored by the law. The area of law in which the principle of loyalty most acutely applies (at least potentially) is family law -- in particular to the concept of marriage. n5 Loyalty is the brussel sprout of the law. Almost everyone recognises [*2] its inherent goodness but few are prepared to make a meal of it. Despite its moral desirability, there are virtually no legal principles that are expressly derived from, or give effect to, the virtue of loyalty. This paper examines the extent to which loyalty should be given legal recognition in matrimonial law. Although the main purpose of this paper is to raise awareness of the potential relevance of loyalty to the dissolution of marriage (and therefore to encourage further consideration and debate on this issue), for the sake of completeness we provide an example of a legal framework in which loyalty should be incorporated into matrimonial law. We argue that within the scope of the 'no-fault' based system of divorce in some circumstances betrayals should be penalised by means of a reduced property settlement.

Reconsidering the benefits of equitable classification

A deductive system that enables us to derive many legal rules from a few principles makes the law more, rather than less certain, since this approach parallels the actual process by which judicial decisions are reached. Uncertainty as to the meaning of equity in the law is inevitably . .. due to the absence of legal guidance for the standard of moral values to be observed in transactions . .. 1