106 resultados para evasive malware
Resumo:
This paper addresses the problem of intercepting highly maneuverable threats using seeker-less interceptors that operate in the command guidance mode. These systems are more prone to estimation errors than standard seeker-based systems. In this paper, an integrated estimation/guidance (IEG) algorithm, which combines interactive multiple model (IMM) estimator with differential game guidance law (DGL), is proposed for seeker-less interception. In this interception scenario, the target performs an evasive bang-bang maneuver, while the sensor has noisy measurements and the interceptor is subject to acceleration bound. The IMM serves as a basis for the synthesis of efficient filters for tracking maneuvering targets and reducing estimation errors. The proposed game-based guidance law for two-dimensional interception, later extended to three-dimensional interception scenarios, is used to improve the endgame performance of the command-guided seeker-less interceptor. The IMM scheme and an optimal selection of filters, to cater to various maneuvers that are expected during the endgame, are also described. Furthermore, a chatter removal algorithm is introduced, thus modifying the differential game guidance law (modified DGL). A comparison between modified DGL guidance law and conventional proportional navigation guidance law demonstrates significant improvement in miss distance in a pursuer-evader scenario. Simulation results are also presented for varying flight path angle errors. A numerical study is provided which demonstrates the performance of the combined interactive multiple model with game-based guidance law (IMM/DGL). Simulation study is also carried out for combined IMM and modified DGL (IMM/modified DGL) which exhibits the superior performance and viability of the algorithm reducing the chattering phenomenon. The results are illustrated by an extensive Monte Carlo simulation study in the presence of estimation errors.
Resumo:
An enclosure experiment was carried out to test trophic cascade effect of filter-feeding fish on the ecosystem: growth of crustacean zooplankton, and possible mechanism of changes of crustacean community structure. Four fish biomass levels were set as follows: 0, 116, 176 and 316 g m(-2), and lake water ( containing ca. 190 g m(-2) of filter-feeding fishes) was comparatively monitored. Nutrient levels were high in all treatments during the experiment. Lowest algal biomass were measured in fishless treatment. Algal biomass decreased during days 21-56 as a function of fish biomass in treatments of low (LF), medium (MF) and high (HF) fish biomass. Crustaceans biomass decreased with increasing fish biomass. Small-bodied cladocerans, Moina micrura, Diaphanosoma brachyurum and Scapholeberis kingii survived when fish biomass was high whilst, large-bodied cladocerans Daphnia spp. and the cyclopoids Theromcyclops taihokuensis, T. brevifuratus, Mescyclops notius and Cyclops vicinus were abundant only in NF enclosures. Evasive calanoid Sinodiaptomus sarsi was significantly enhanced in LF, but decreased significantly with further increase of fish biomass. Demographic data indicated that M. micrura was well developed in all treatments. Our study indicates that algal biomass might be controlled by silver carp biomass in eutrophic environment. Changes of crustacean community are probably affected by the age of the first generation of species. Species with short generation time were dominant and species with long generation time survived less with high fish biomass. Evasive calanoids hardly developed in treatments with high fish biomass because of the ( bottle neck) effect of nauplii. Species abundance were positively related to fish predation avoidance. Other than direct predation, zooplankton might also be suppressed by filter-feeding fish via competition.
Resumo:
传统的恶意代码动态分析每次分析的对象只是恶意代码的某一个执行路径,难以保证分析的全面性.恶意代码多路径分析是解决该问题的思路之一.本文提出一种基于代码覆盖的多路径分析方法,通过标识判断条件节点,减少局部路径被重复遍历的次数,在保证分析效果的同时,提高分析系统的分析效率以及代码覆盖率.通过对大量典型恶意代码的分析验证表明,本方法可明显缩短分析时间,提高分析效率和分析的全面性.
Resumo:
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the Bytecode Verifier, a critical component used to verify class semantics before loading is complete. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of the approach in the context of known security exploits is provided. This type of analysis represents a significant departure from standard malware analysis methods based on signatures or anomaly detection.
Resumo:
In this dissertation, we explore the use of pursuit interactions as a building block for collective behavior, primarily in the context of constant bearing (CB) cyclic pursuit. Pursuit phenomena are observed throughout the natural environment and also play an important role in technological contexts, such as missile-aircraft encounters and interactions between unmanned vehicles. While pursuit is typically regarded as adversarial, we demonstrate that pursuit interactions within a cyclic pursuit framework give rise to seemingly coordinated group maneuvers. We model a system of agents (e.g. birds, vehicles) as particles tracing out curves in the plane, and illustrate reduction to the shape space of relative positions and velocities. Introducing the CB pursuit strategy and associated pursuit law, we consider the case for which agent i pursues agent i+1 (modulo n) with the CB pursuit law. After deriving closed-loop cyclic pursuit dynamics, we demonstrate asymptotic convergence to an invariant submanifold (corresponding to each agent attaining the CB pursuit strategy), and proceed by analysis of the reduced dynamics restricted to the submanifold. For the general setting, we derive existence conditions for relative equilibria (circling and rectilinear) as well as for system trajectories which preserve the shape of the collective (up to similarity), which we refer to as pure shape equilibria. For two illustrative low-dimensional cases, we provide a more comprehensive analysis, deriving explicit trajectory solutions for the two-particle "mutual pursuit" case, and detailing the stability properties of three-particle relative equilibria and pure shape equilibria. For the three-particle case, we show that a particular choice of CB pursuit parameters gives rise to remarkable almost-periodic trajectories in the physical space. We also extend our study to consider CB pursuit in three dimensions, deriving a feedback law for executing the CB pursuit strategy, and providing a detailed analysis of the two-particle mutual pursuit case. We complete the work by considering evasive strategies to counter the motion camouflage (MC) pursuit law. After demonstrating that a stochastically steering evader is unable to thwart the MC pursuit strategy, we propose a (deterministic) feedback law for the evader and demonstrate the existence of circling equilibria for the closed-loop pursuer-evader dynamics.
Resumo:
Burkholderia cenocepacia is an opportunistic pathogen threatening patients with cystic fibrosis. Flagella are required for biofilm formation, as well as adhesion to and invasion of epithelial cells. Recognition of flagellin via the Toll-like receptor 5 (TLR5) contributes to exacerbate B. cenocepacia-induced lung epithelial inflammatory responses. In this study, we report that B. cenocepacia flagellin is glycosylated on at least 10 different sites with a single sugar, 4,6-dideoxy-4-(3-hydroxybutanoylamino)-d-glucose. We have identified key genes that are required for flagellin glycosylation, including a predicted glycosyltransferase gene that is linked to the flagellin biosynthesis cluster and a putative acetyltransferase gene located within the O-antigen lipopolysaccharide cluster. Another O-antigen cluster gene, rmlB, which is required for flagellin glycan and O-antigen biosynthesis, was essential for bacterial viability, uncovering a novel target against Burkholderia infections. Using glycosylated and nonglycosylated purified flagellin and a cell reporter system to assess TLR5-mediated responses, we also show that the presence of glycan in flagellin significantly impairs the inflammatory response of epithelial cells. We therefore suggest that flagellin glycosylation reduces recognition of flagellin by host TLR5, providing an evasive strategy to infecting bacteria.
Resumo:
Innate immunity represents the first line of defence against invading pathogens. It consists of an initial inflammatory response that recruits white blood cells to the site of infection in an effort to destroy and eliminate the pathogen. Some pathogens replicate within host cells, and cell death by apoptosis is an important effector mechanism to remove the replication niche for such microbes. However, some microbes have evolved evasive strategies to block apoptosis, and in these cases host cells may employ further countermeasures, including an inflammatory form of cell death know as necroptosis. This review aims to highlight the importance of the RIP kinase family in controlling these various defence strategies. RIP1 is initially discussed as a key component of death receptor signalling and in the context of dictating whether a cell triggers a pathway of pro-inflammatory gene expression or cell death by apoptosis. The molecular and functional interplay of RIP1 and RIP3 is described, especially with respect to mediating necroptosis and as key mediators of inflammation. The function of RIP2, with particular emphasis on its role in NOD signalling, is also explored. Special attention is given to emphasizing the physiological and pathophysiological contexts for these various functions of RIP kinases.
Resumo:
Cyber-attacks against Smart Grids have been found in the real world. Malware such as Havex and BlackEnergy have been found targeting industrial control systems (ICS) and researchers have shown that cyber-attacks can exploit vulnerabilities in widely used Smart Grid communication standards. This paper addresses a deep investigation of attacks against the manufacturing message specification of IEC 61850, which is expected to become one of the most widely used communication services in Smart Grids. We investigate how an attacker can build a custom tool to execute man-in-the-middle attacks, manipulate data, and affect the physical system. Attack capabilities are demonstrated based on NESCOR scenarios to make it possible to thoroughly test these scenarios in a real system. The goal is to help understand the potential for such attacks, and to aid the development and testing of cyber security solutions. An attack use-case is presented that focuses on the standard for power utility automation, IEC 61850 in the context of inverter-based distributed energy resource devices; especially photovoltaic (PV) generators.
Resumo:
This paper proposes a novel method of detecting packed executable files using steganalysis, primarily targeting the detection of obfuscated malware through packing. Considering that over 80% of malware in the wild is packed, detection accuracy and low false negative rates are important properties of malware detection methods. Experimental results outlined in this paper reveal that the proposed approach achieving an overall detection accuracy of greater than 99%, a false negative rate of 1% and a false positive rate of 0%.
Resumo:
Dissertação de Mestrado apresentada ao Instituto de Contabilidade e Administração do Porto para a obtenção do grau de Mestre em Marketing Digital, sob orientação de Mestre António da Silva Vieira.
Resumo:
Orientador: Doutor, José Domingos Silva Fernandes
Resumo:
Tax evasion and fraud threaten the economic and social objectives of modern tax systems, precluding the state funding for the satisfaction of collective needs and the fair distribution of wealth, being a violation of basic principles and values of our society. In tax law, to give tax administration the necessary powers to supervise and control the information provided by taxpayers and combat tax evasion and fraud, over the last years the grounds for a derogation of bank secrecy without judicial authorization have been extended, which raises some constitutional compatibility issues. Similarly, this tendency of making this legal regime more flexible and increasing automatic exchange of information has been followed by the European Union and the international community. Banking secrecy, as a professional secrecy, is an instrument to protect the right to privacy but also appears as an anti-abuse and repressive mechanism of evasive and fraudulent behaviors. Because of the conflict of interests will always be necessary to make a practical agreement between them, ensuring the legality and the due guarantees of the taxpayers but also an effective way to combat tax evasion and fraud. Bank secrecy cannot be one method to, behind the right to privacy, taxpayers practice illegal activities. But the practice of these irregular conducts also does not justify a total annihilation of the right to banking secrecy, uncovering all documents and bank information’s. Although considering the legislative changes, the administrative derogation of bank secrecy will always be what the tax administration does of it.
Resumo:
Mobile malwares are increasing with the growing number of Mobile users. Mobile malwares can perform several operations which lead to cybersecurity threats such as, stealing financial or personal information, installing malicious applications, sending premium SMS, creating backdoors, keylogging and crypto-ransomware attacks. Knowing the fact that there are many illegitimate Applications available on the App stores, most of the mobile users remain careless about the security of their Mobile devices and become the potential victim of these threats. Previous studies have shown that not every antivirus is capable of detecting all the threats; due to the fact that Mobile malwares use advance techniques to avoid detection. A Network-based IDS at the operator side will bring an extra layer of security to the subscribers and can detect many advanced threats by analyzing their traffic patterns. Machine Learning(ML) will provide the ability to these systems to detect unknown threats for which signatures are not yet known. This research is focused on the evaluation of Machine Learning classifiers in Network-based Intrusion detection systems for Mobile Networks. In this study, different techniques of Network-based intrusion detection with their advantages, disadvantages and state of the art in Hybrid solutions are discussed. Finally, a ML based NIDS is proposed which will work as a subsystem, to Network-based IDS deployed by Mobile Operators, that can help in detecting unknown threats and reducing false positives. In this research, several ML classifiers were implemented and evaluated. This study is focused on Android-based malwares, as Android is the most popular OS among users, hence most targeted by cyber criminals. Supervised ML algorithms based classifiers were built using the dataset which contained the labeled instances of relevant features. These features were extracted from the traffic generated by samples of several malware families and benign applications. These classifiers were able to detect malicious traffic patterns with the TPR upto 99.6% during Cross-validation test. Also, several experiments were conducted to detect unknown malware traffic and to detect false positives. These classifiers were able to detect unknown threats with the Accuracy of 97.5%. These classifiers could be integrated with current NIDS', which use signatures, statistical or knowledge-based techniques to detect malicious traffic. Technique to integrate the output from ML classifier with traditional NIDS is discussed and proposed for future work.
Resumo:
Die zunehmende Vernetzung der Informations- und Kommunikationssysteme führt zu einer weiteren Erhöhung der Komplexität und damit auch zu einer weiteren Zunahme von Sicherheitslücken. Klassische Schutzmechanismen wie Firewall-Systeme und Anti-Malware-Lösungen bieten schon lange keinen Schutz mehr vor Eindringversuchen in IT-Infrastrukturen. Als ein sehr wirkungsvolles Instrument zum Schutz gegenüber Cyber-Attacken haben sich hierbei die Intrusion Detection Systeme (IDS) etabliert. Solche Systeme sammeln und analysieren Informationen von Netzwerkkomponenten und Rechnern, um ungewöhnliches Verhalten und Sicherheitsverletzungen automatisiert festzustellen. Während signatur-basierte Ansätze nur bereits bekannte Angriffsmuster detektieren können, sind anomalie-basierte IDS auch in der Lage, neue bisher unbekannte Angriffe (Zero-Day-Attacks) frühzeitig zu erkennen. Das Kernproblem von Intrusion Detection Systeme besteht jedoch in der optimalen Verarbeitung der gewaltigen Netzdaten und der Entwicklung eines in Echtzeit arbeitenden adaptiven Erkennungsmodells. Um diese Herausforderungen lösen zu können, stellt diese Dissertation ein Framework bereit, das aus zwei Hauptteilen besteht. Der erste Teil, OptiFilter genannt, verwendet ein dynamisches "Queuing Concept", um die zahlreich anfallenden Netzdaten weiter zu verarbeiten, baut fortlaufend Netzverbindungen auf, und exportiert strukturierte Input-Daten für das IDS. Den zweiten Teil stellt ein adaptiver Klassifikator dar, der ein Klassifikator-Modell basierend auf "Enhanced Growing Hierarchical Self Organizing Map" (EGHSOM), ein Modell für Netzwerk Normalzustand (NNB) und ein "Update Model" umfasst. In dem OptiFilter werden Tcpdump und SNMP traps benutzt, um die Netzwerkpakete und Hostereignisse fortlaufend zu aggregieren. Diese aggregierten Netzwerkpackete und Hostereignisse werden weiter analysiert und in Verbindungsvektoren umgewandelt. Zur Verbesserung der Erkennungsrate des adaptiven Klassifikators wird das künstliche neuronale Netz GHSOM intensiv untersucht und wesentlich weiterentwickelt. In dieser Dissertation werden unterschiedliche Ansätze vorgeschlagen und diskutiert. So wird eine classification-confidence margin threshold definiert, um die unbekannten bösartigen Verbindungen aufzudecken, die Stabilität der Wachstumstopologie durch neuartige Ansätze für die Initialisierung der Gewichtvektoren und durch die Stärkung der Winner Neuronen erhöht, und ein selbst-adaptives Verfahren eingeführt, um das Modell ständig aktualisieren zu können. Darüber hinaus besteht die Hauptaufgabe des NNB-Modells in der weiteren Untersuchung der erkannten unbekannten Verbindungen von der EGHSOM und der Überprüfung, ob sie normal sind. Jedoch, ändern sich die Netzverkehrsdaten wegen des Concept drif Phänomens ständig, was in Echtzeit zur Erzeugung nicht stationärer Netzdaten führt. Dieses Phänomen wird von dem Update-Modell besser kontrolliert. Das EGHSOM-Modell kann die neuen Anomalien effektiv erkennen und das NNB-Model passt die Änderungen in Netzdaten optimal an. Bei den experimentellen Untersuchungen hat das Framework erfolgversprechende Ergebnisse gezeigt. Im ersten Experiment wurde das Framework in Offline-Betriebsmodus evaluiert. Der OptiFilter wurde mit offline-, synthetischen- und realistischen Daten ausgewertet. Der adaptive Klassifikator wurde mit dem 10-Fold Cross Validation Verfahren evaluiert, um dessen Genauigkeit abzuschätzen. Im zweiten Experiment wurde das Framework auf einer 1 bis 10 GB Netzwerkstrecke installiert und im Online-Betriebsmodus in Echtzeit ausgewertet. Der OptiFilter hat erfolgreich die gewaltige Menge von Netzdaten in die strukturierten Verbindungsvektoren umgewandelt und der adaptive Klassifikator hat sie präzise klassifiziert. Die Vergleichsstudie zwischen dem entwickelten Framework und anderen bekannten IDS-Ansätzen zeigt, dass der vorgeschlagene IDSFramework alle anderen Ansätze übertrifft. Dies lässt sich auf folgende Kernpunkte zurückführen: Bearbeitung der gesammelten Netzdaten, Erreichung der besten Performanz (wie die Gesamtgenauigkeit), Detektieren unbekannter Verbindungen und Entwicklung des in Echtzeit arbeitenden Erkennungsmodells von Eindringversuchen.
Resumo:
As part of the INFO2009 coursework; an interactive resource set to teach students about the Computer Misuse Act, encompassing an explanation of the law and multiple-choice questions.
