910 resultados para Malware collection
Resumo:
Malware has become a major threat in the last years due to the ease of spread through the Internet. Malware detection has become difficult with the use of compression, polymorphic methods and techniques to detect and disable security software. Those and other obfuscation techniques pose a problem for detection and classification schemes that analyze malware behavior. In this paper we propose a distributed architecture to improve malware collection using different honeypot technologies to increase the variety of malware collected. We also present a daemon tool developed to grab malware distributed through spam and a pre-classification technique that uses antivirus technology to separate malware in generic classes. © 2009 SPIE.
Resumo:
Mobile malware has been growing in scale and complexity as smartphone usage continues to rise. Android has surpassed other mobile platforms as the most popular whilst also witnessing a dramatic increase in malware targeting the platform. A worrying trend that is emerging is the increasing sophistication of Android malware to evade detection by traditional signature-based scanners. As such, Android app marketplaces remain at risk of hosting malicious apps that could evade detection before being downloaded by unsuspecting users. Hence, in this paper we present an effective approach to alleviate this problem based on Bayesian classification models obtained from static code analysis. The models are built from a collection of code and app characteristics that provide indicators of potential malicious activities. The models are evaluated with real malware samples in the wild and results of experiments are presented to demonstrate the effectiveness of the proposed approach.
Resumo:
Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.
Resumo:
Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today's advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware. ^ We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests. ^ We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware. ^ We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks). ^ In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution.^
Resumo:
The aim of this study was to determine the collection efficiency of ultrafine particles into an impinger fitted with a fritted nozzle tip as a means to increase contact surface area between the aerosol and the liquid. The influence of liquid sampling volume, frit porosity and the nature of the sampling liquid was explored and it was shown that all impact on the collection efficiency of particles smaller than 220 nm. Obtained values for overall collection efficiency were substantially higher (~30–95%) than have been previously reported, mainly due to the high deposition of particles in the fritted nozzle tip, especially in case of finer porosity frits and smaller particles. Values for the capture efficiency of the solvent alone ranged from 20 to 45%, depending on the type and the volume of solvent. Additionally, our results show that airstream dispersion into bubbles improves particle trapping by the liquid and that there is a difference in collection efficiencies based on the nature and volume of the solvent used.
Resumo:
In recent years considerable effort has gone into quantifying the reuse and recycling potential of waste generated by residential construction. Unfortunately less information is available for the commercial refurbishment sector. It is hypothesised that significant economic and environmental benefit can be derived from closer monitoring of the commercial construction waste stream. With the aim of assessing these benefits, the authors are involved in ongoing case studies to record both current standard practice and the most effective means of improving the eco-efficiency of materials use in office building refurbishments. This paper focuses on the issues involved in developing methods for obtaining the necessary information on better waste management practices and establishing benchmark indicators. The need to create databases to establish benchmarks of waste minimisation best practice in commercial construction is stressed. Further research will monitor the delivery of case study projects and the levels of reuse and recycling achieved in directly quantifiable ways
Resumo:
Transit agencies across the world are increasingly shifting their fare collection mechanisms towards fully automated systems like the smart card. One of the objectives in implementing such a system is to reduce the boarding time per passenger and hence reduce the overall dwell time for the buses at the bus stops/bus rapid transit (BRT) stations. TransLink, the transit authority responsible for public transport management in South East Queensland, has introduced ‘GoCard’ technology using the Cubic platform for fare collection on its public transport system. In addition to this, three inner city BRT stations on South East Busway spine are operating as pre-paid platforms during evening peak time. This paper evaluates the effects of these multiple policy measures on operation of study busway station. The comparison between pre and post policy scenarios suggests that though boarding time per passenger has decreased, while the alighting time per passenger has increased slightly. However, there is a substantial reduction in operating efficiency was observed at the station.
Resumo:
Studies have examined the associations between cancers and circulating 25-hydroxyvitamin D [25(OH)D], but little is known about the impact of different laboratory practices on 25(OH)D concentrations. We examined the potential impact of delayed blood centrifuging, choice of collection tube, and type of assay on 25(OH)D concentrations. Blood samples from 20 healthy volunteers underwent alternative laboratory procedures: four centrifuging times (2, 24, 72, and 96 h after blood draw); three types of collection tubes (red top serum tube, two different plasma anticoagulant tubes containing heparin or EDTA); and two types of assays (DiaSorin radioimmunoassay [RIA] and chemiluminescence immunoassay [CLIA/LIAISON®]). Log-transformed 25(OH)D concentrations were analyzed using the generalized estimating equations (GEE) linear regression models. We found no difference in 25(OH)D concentrations by centrifuging times or type of assay. There was some indication of a difference in 25(OH)D concentrations by tube type in CLIA/LIAISON®-assayed samples, with concentrations in heparinized plasma (geometric mean, 16.1 ng ml−1) higher than those in serum (geometric mean, 15.3 ng ml−1) (p = 0.01), but the difference was significant only after substantial centrifuging delays (96 h). Our study suggests no necessity for requiring immediate processing of blood samples after collection or for the choice of a tube type or assay.
Resumo:
In the past few years, numerous data collection protocols have been developed for wireless sensor networks (WSNs). However, there has been no comparison of their relative performance in realistic environments. Here we report the results of an empirical study using a Fleck3 sensor network testbed for four different data collection protocols: One phase pull Directed Diffusion (DD), Expected Number of Transmissions (ETX), ETX with explicit acknowledgment (ETX-eAck), and ETX with implicit acknowledgment (ETX-iAck). Our empirical study provides useful insights for future sensor network deployments. When the required application end-to-end reliability is not strict (e.g., 70%) and link quality is good, DD and ETX are the best options because of their simplicity and low routing overhead. Both ETX-eAck and ETX-iAck achieve more than 90% end-to-end reliability when the link quality is reasonable (less than 25% packet loss). When the link quality is good, ETX-iAck introduces significantly less routing overhead (up to 50%) than ETX-eAck. However, if the radio transceiver supports variable packet length, ETX-eAck can outperform ETX-iAck when the link quality is poor. The important message from this paper is that choice of data collection protocol should come after the operating environment is understood. This understanding must include the characteristics of the radio transceiver, and link loss statistics from a long-term (across seasons and weather variation) radio survey of the site.
Resumo:
In this paper we present a novel platform for underwater sensor networks to be used for long-term monitoring of coral reefs and �sheries. The sensor network consists of static and mobile underwater sensor nodes. The nodes communicate point-to-point using a novel high-speed optical communication system integrated into the TinyOS stack, and they broadcast using an acoustic protocol integrated in the TinyOS stack. The nodes have a variety of sensing capabilities, including cameras, water temperature, and pressure. The mobile nodes can locate and hover above the static nodes for data muling, and they can perform network maintenance functions such as deployment, relocation, and recovery. In this paper we describe the hardware and software architecture of this underwater sensor network. We then describe the optical and acoustic networking protocols and present experimental networking and data collected in a pool, in rivers, and in the ocean. Finally, we describe our experiments with mobility for data muling in this network.
Resumo:
The Intention to Notice: the collection, the tour and ordinary landscapes is concerned with how ordinary landscapes and places are enabled and conserved through making itineraries that are framed around the ephemera encountered by chance, and the practices that make possible the endurance of these material traces. Through observing and then examining the material and temporal aspects of a variety of sites/places, the museum and the expanded garden are identified as spaces where the expression of contemporary political, ecological and social attitudes to cultural landscapes can be realised through a curatorial approach to design, to effect minimal intervention. Three notions are proposed to encourage investigation into contemporary cultural landscapes: To traverse slowly to allow space for speculations framed by the topographies and artefacts encountered; to [re]make/[re]write cultural landscapes as discursive landscapes that provoke the intention to notice; and to reveal and conserve the fabric of everyday places. A series of walking, recording and making projects undertaken across a variety of cultural landscapes in remote South Australia, Melbourne, Sydney, London, Los Angeles, Chandigarh, Padova and Istanbul, investigate how communities of practice are facilitated through the invitation to notice and intervene in ordinary landscapes, informed by the theory and practice of postproduction and the reticent auteur. This community of practice approach draws upon chance encounters and it seeks to encourage creative investigation into places. The Intention to Notice is a practice of facilitating that also leads to recording traces and events; large and small, material and immaterial, that encourages both conjecture and archive. Most importantly, there is an open-ended invitation to commit and exchange through design interaction.
