266 resultados para malicious
Resumo:
Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.
Resumo:
This paper focuses on malicious workplace gossip from the perspective of those targeted by this dark form of organisational communication. Findings from a large exemplarian action research project are reported that suggest malicious gossip can be an influential form of power that strongly contributes to counterproductive organisational behaviour. The discussion draws upon the emergent themes from the research to highlight the negative consequences of malicious gossip for those targeted and their organisations, and in so doing, elaborates on the phenomenon of workplace mobbing. This research highlights the importance of recognising gossip as an effective, though dark, form of power and the value of rational discourse for improving organisational communication.
Resumo:
In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.
Resumo:
The current day networks use Proactive networks for adaption to the dynamic scenarios. The use of cognition technique based on the Observe, Orient, Decide and Act loop (OODA) is proposed to construct proactive networks. The network performance degradation in knowledge acquisition and malicious node presence is a problem that exists. The use of continuous time dynamic neural network is considered to achieve cognition. The variance in service rates of user nodes is used to detect malicious activity in heterogeneous networks. The improved malicious node detection rates are proved through the experimental results presented in this paper. (C) 2015 The Authors. Published by Elsevier B.V.
Resumo:
Since the publication of Hobsbawm and Rudé's Captain Swing our understanding of the role(s) of covert protests in Hanoverian rural England has advanced considerably. Whilst we now know much about the dramatic practices of incendiarism and animal maiming and the voices of resistance in seemingly straightforward acquisitive acts, one major gap remains. Despite the fact that almost thirty years have passed since E. P. Thompson brought to our attention that under the notorious ‘Black Act’ the malicious cutting of trees was a capital offence, no subsequent research has been published. This paper seeks to address this major lacuna by systematically analysing the practices and patterns of malicious attacks on plants (‘plant maiming’) in the context of late eighteenth- and early nineteenth-century southern England. It is shown that not only did plant maiming take many different forms, attacking every conceivable type of flora, but also that it was universally understood and practised. In some communities plant maiming was the protestors' weapon of choice. As a social practice it therefore embodied wider community beliefs regarding the defence of plebeian livelihoods and identities.
Resumo:
Since its establishment, the Android applications market has been infected by a proliferation of malicious applications. Recent studies show that rogue developers are injecting malware into legitimate market applications which are then installed on open source sites for consumer uptake. Often, applications are infected several times. In this paper, we investigate the behavior of malicious Android applications, we present a simple and effective way to safely execute and analyze them. As part of this analysis, we use the Android application sandbox Droidbox to generate behavioral graphs for each sample and these provide the basis of the development of patterns to aid in identifying it. As a result, we are able to determine if family names have been correctly assigned by current anti-virus vendors. Our results indicate that the traditional anti-virus mechanisms are not able to correctly identify malicious Android applications.
Resumo:
The Android platform uses a permission system model to allow users and developers to regulate access to private information and system resources required by applications. Permissions have been proved to be useful for inferring behaviors and characteristics of an application. In this paper, a novel method to extract contrasting permission patterns for clean and malicious applications is proposed. Contrary to existing work, both required and used permissions were considered when discovering the patterns. We evaluated our methodology on a clean and a malware dataset, each comprising of 1227 applications. Our empirical results suggest that our permission patterns can capture key differences between clean and malicious applications, which can assist in characterizing these two types of applications.
Resumo:
Malicious code is a threat to computer systems globally. In this paper, we outline the evolution of malicious code attacks. The threat is evolving, leaving challenges for attackers to improve attack techniques and for researchers and security specialists to improve detection accuracy. We present a novel architecture for an effective defense against malicious code attack, inspired by the human immune system. We introduce two phases of program execution: Adolescent and Mature Phase. The first phase uses a malware profile matching mechanism, whereas the second phase uses a program profile matching mechanism. Both mechanisms are analogous to the innate immune system
Resumo:
Dr. Wen's research includes modelling the propagation dynamics of malicious information, exposing the most influential people and source identification of epidemics in social networks. His research is beneficial to both academia and industry in the field of Internet social networks.
Resumo:
An Android application uses a permission system to regulate the access to system resources and users' privacy-relevant information. Existing works have demonstrated several techniques to study the required permissions declared by the developers, but little attention has been paid towards used permissions. Besides, no specific permission combination is identified to be effective for malware detection. To fill these gaps, we have proposed a novel pattern mining algorithm to identify a set of contrast permission patterns that aim to detect the difference between clean and malicious applications. A benchmark malware dataset and a dataset of 1227 clean applications has been collected by us to evaluate the performance of the proposed algorithm. Valuable findings are obtained by analyzing the returned contrast permission patterns. © 2013 Elsevier B.V. All rights reserved.
Resumo:
Cyber attacks are an unfortunate part of society as an increasing amount of critical infrastructure is managed and controlled via the Internet. In order to protect legitimate users, it is critical for us to obtain an accurate and timely understanding of our cyber opponents. However, at the moment we lack effective tools to do this. In this article we summarize the work on modeling malicious activities from various perspectives, discuss the pros and cons of current models, and present promising directions for possible efforts in the near future.
Resumo:
Security is a major challenge in Opportunistic Networks because of its characteristics, such as open medium, dynamic topology, no centralized management and absent clear lines of defense. A packet dropping attack is one of the major security threats in OppNets since neither source nodes nor destination nodes have the knowledge of where or when the packet will be dropped. In this paper, we present a malicious nodes detection mechanism against a special type of packet dropping attack where the malicious node drops one or more packets and then injects new fake packets instead. Our novel detection and traceback mechanism is very powerful and has very high accuracy. Each node can detect and then traceback the malicious nodes based on a solid and powerful idea that is, Merkle tree hashing technique. In our defense techniques we have two stages. The first stage is to detect the attack, and the second stage is to find the malicious nodes. We have compared our approach with the acknowledgement based mechanisms and the networks coding based mechanism which are well known approaches in the literature. Simulation results show this robust mechanism achieves a very high accuracy and detection rate.
