681 resultados para malware attacks
Resumo:
Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.
Resumo:
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)
Resumo:
El Malware es una grave amenaza para la seguridad de los sistemas. Con el uso generalizado de la World Wide Web, ha habido un enorme aumento en los ataques de virus, haciendo que la seguridad informática sea esencial para todas las computadoras y se expandan las áreas de investigación sobre los nuevos incidentes que se generan, siendo una de éstas la clasificación del malware. Los “desarrolladores de malware” utilizan nuevas técnicas para generar malware polimórfico reutilizando los malware existentes, por lo cual es necesario agruparlos en familias para estudiar sus características y poder detectar nuevas variantes de los mismos. Este trabajo, además de presentar un detallado estado de la cuestión de la clasificación del malware de ficheros ejecutables PE, presenta un enfoque en el que se mejora el índice de la clasificación de la base de datos de Malware MALICIA utilizando las características estáticas de ficheros ejecutables Imphash y Pehash, utilizando dichas características se realiza un clustering con el algoritmo clustering agresivo el cual se cambia con la clasificación actual mediante el algoritmo de majority voting y la característica icon_label, obteniendo un Precision de 99,15% y un Recall de 99,32% mejorando la clasificación de MALICIA con un F-measure de 99,23%.---ABSTRACT---Malware is a serious threat to the security of systems. With the widespread use of the World Wide Web, there has been a huge increase in virus attacks, making the computer security essential for all computers. Near areas of research have append in this area including classifying malware into families, Malware developers use polymorphism to generate new variants of existing malware. Thus it is crucial to group variants of the same family, to study their characteristics and to detect new variants. This work, in addition to presenting a detailed analysis of the problem of classifying malware PE executable files, presents an approach in which the classification in the Malware database MALICIA is improved by using static characteristics of executable files, namely Imphash and Pehash. Both features are evaluated through clustering real malware with family labels with aggressive clustering algorithm and combining this with the current classification by Majority voting algorithm, obtaining a Precision of 99.15% and a Recall of 99.32%, improving the classification of MALICIA with an F-measure of 99,23%.
Resumo:
Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today's advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware. ^ We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests. ^ We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware. ^ We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks). ^ In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution.^
Resumo:
Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today's advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware. We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests. We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware. We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks). In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution.
Resumo:
The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Specifically, the paper addresses reconnaissance, DDoS, man-in-the-middle and replay/reflection attacks on IEEE C37.118 and IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.
Resumo:
Thesis (Ph.D.)--University of Washington, 2016-08
Resumo:
Hereditary angioedema (HAE) with C1 inhibitor deficiency manifests as recurrent episodes of edema involving the skin, upper respiratory tract and gastrointestinal tract. It can be lethal due to asphyxia. The aim here was to evaluate the response to therapy for these attacks using icatibant, an inhibitor of the bradykinin receptor, which was recently introduced into Brazil. Prospective experimental single-cohort study on the efficacy and safety of icatibant for HAE patients. Patients with a confirmed HAE diagnosis were enrolled according to symptoms and regardless of the time since onset of the attack. Icatibant was administered in accordance with the protocol that has been approved in Brazil. Symptom severity was assessed continuously and adverse events were monitored. 24 attacks in 20 HAE patients were treated (female/male 19:1; 19-55 years; median 29 years of age). The symptoms were: subcutaneous edema (22/24); abdominal pain (15/24) and upper airway obstruction (10/24). The time taken until onset of relief was: 5-10 minutes (5/24; 20.8%); 10-20 (5/24; 20.8%); 20-30 (8/24; 33.4%); 30-60 (5/24; 20.8%); and 2 hours (1/24; 4.3%). The time taken for complete resolution of symptoms ranged from 4.3 to 33.4 hours. Adverse effects were only reported at injection sites. Mild to moderate erythema and/or feelings of burning were reported by 15/24 patients, itching by 3 and no adverse effects in 6. HAE type I patients who received icatibant responded promptly; most achieved improved symptom severity within 30 minutes. Local adverse events occurred in 75% of the patients.
Resumo:
Bee males (drones) of stingless bees tend to congregate near entrances of conspecific nests, where they wait for virgin queens that initiate their nuptial flight. We observed that the Neotropical solitary wasp Trachypus boharti (Hymenoptera, Cabronidae) specifically preys on males of the stingless bee Scaptotrigona postica (Hymenoptera, Apidae); these wasps captured up to 50 males per day near the entrance of a single hive. Over 90% of the wasp attacks were unsuccessful; such erroneous attacks often involved conspecific wasps and worker bees. After the capture of non-male prey, wasps almost immediately released these individuals unharmed and continued hunting. A simple behavioral experiment showed that at short distances wasps were not specifically attracted to S. postica males nor were they repelled by workers of the same species. Likely, short-range prey detection near the bees' nest is achieved mainly by vision whereas close-range prey recognition is based principally on chemical and/or mechanical cues. We argue that the dependence on the wasp's visual perception during attack and the crowded and dynamic hunting conditions caused wasps to make many preying attempts that failed. Two wasp-density-related factors, wasp-prey distance and wasp-wasp encounters, may account for the fact that the highest male capture and unsuccessful wasp bee encounter rates occurred at intermediate wasp numbers.
Resumo:
Moyamoya disease (MMD) is an uncommon cerebrovascular disorder characterized by progressive stenosis of the terminal portion of the internal carotid artery and its main branches. Direct and indirect bypass techniques have been devised with the aim of promoting neoangiogenesis. The current study aimed to investigate the role of multiple cranial burr hole (MCBH) operations in the prevention of cerebral ischemic attacks in children with MMD. Seven children suffering from progressive MMD were submitted to the MCBH and arachnoid opening technique. Ten to 20 burr holes were drilled in the fronto-temporo-parieto-occipital area of each hemisphere in each patient, depending on the site and extent of the disease. All patients were evaluated pre- and postoperatively by means of Barthel index (BI), CT, MR, angio-MR, and angiography. Patients had no recurrence of ischemic attacks postoperatively. Neoangiogenesis was observed in both hemispheres. One patient developed a persistent subdural collection after surgery, thus requiring placement of a subdural-peritoneal shunt. Postoperative BI was statistically significantly improved (P = 0.02). This report suggests that MCBH for revascularization in MMD is a simple procedure with a relatively low risk of complications and effective for preventing cerebral ischemic attacks in children. In addition, MCBH may be placed as an adjunct to other treatments for MMD.
Resumo:
The drugs which provide specific relief from migraine attacks, the ergopeptides (ergotamine and dihydroergotamine) and the various 'triptans' (notably sumatriptan), are often prescribed for persons already taking various migraine preventative agents, and sometimes drugs for other indications. As a result, migraine-specific drugs may become involved in drug-drug interactions. The migraine-specific drugs all act as agonists at certain subclasses of serotonin (5-hydroxytryptamine; 5-MT) receptor, particularly those of the 5-HT1D subtype, and produce vasoconstriction through these receptor-mediated mechanisms. The oral bioavailabilities of these drugs, particularly those of the ergopeptides, are often incomplete, due to extensive presystemic metabolism. As a result, if migraine-specific agents are coadministered with drugs with vasoconstrictive properties, or with drugs which inhibit the metabolism of the migraine-specific agents, there is a risk of interactions occurring which produce manifestations of excessive vasoconstriction. This can also occur through pharmacodynamic mechanisms, as when ergopeptides or triptans are coadministered with methysergide or propranolol (although a pharmacokinetic element may apply in relation to the latter interaction), or if one migraine-specific agent is used shortly after another. When egopeptide metabolism is inhibited by the presence of macrolide antibacterials, particularly troleandomycin and erythromycin, the resultant interaction can produce ergotism, sometimes leading to gangrene. Similar pharmacokinetic mechanisms, with their vasoconstrictive consequences, probably apply to combination of the ergopeptides with HIV protease inhibitors (indinavir and ritonavir), heparin, cyclosporin or tacrolimus. Inhibition of triptan metabolism by monoamine oxidase A inhibitors, e.g. moclobemide, may raise circulating triptan concentrations, although this does not yet seem to have led to reported clinical problems. Caffeine may cause increased plasma ergotamine concentrations through an as yet inadequately defined pharmacokinetic interaction. However, a direct antimigraine effect of caffeine may contribute to the claimed increased efficacy of ergotamine-caffeine combinations in relieving migraine attacks. Serotonin syndromes have been reported as probable pharmacodynamic consequences of the use of ergots or triptans in persons taking serotonin reuptake inhibitors. There have been two reports of involuntary movement disorders when sumatriptan has been used by patients already taking loxapine. Nearly all the clinically important interactions between the ergopeptide antimigraine agents and currently marketed drugs are likely to have already come to notice. In contrast, new interactions involving the triptans are likely to be recognised as additional members of this family of drugs, with their different patterns of metabolism and pharmacokinetics, are marketed.
Resumo:
One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter's computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election's integrity. For instance, it is possible to write a virus that changes the voter's vote to a predetermined vote on election's day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter's vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors. We propose the use of Code Voting to overcome insecurity of the client platform. Code Voting consists in creating a secure communication channel to communicate the voter's vote between the voter and a trusted component attached to the voter's computer. Consequently, no one controlling the voter's computer can change the his/her's vote. The trusted component can then process the vote according to a cryptographic voting protocol to enable cryptographic verification at the server's side.
Resumo:
In recent years, attacks by piranhas have become a common problem in dammed portions of rivers and streams in the State of Sao Paulo, Southeastern Brazil. In two outbreaks recorded in two neighboring counties in the Northwest region of the state, 74 bathers were bitten. Only one bite per person was recorded during a short period of the year. The bites were related to parental care and/or defense of spawning territory, which confirms previous studies and demystify the attacks by these legendary fish, as they are perceived by most people. Placement of fine mesh nets and removal of aquatic vegetation stopped the attacks.
Resumo:
Magdeburg, Univ., Fak. für Informatik, Diss., 2014
