• Title/Summary/Keyword: malware analysis

Search Result 262, Processing Time 0.025 seconds

Securing a Cyber Physical System in Nuclear Power Plants Using Least Square Approximation and Computational Geometric Approach

  • Gawand, Hemangi Laxman;Bhattacharjee, A.K.;Roy, Kallol
    • Nuclear Engineering and Technology
    • /
    • v.49 no.3
    • /
    • pp.484-494
    • /
    • 2017
  • In industrial plants such as nuclear power plants, system operations are performed by embedded controllers orchestrated by Supervisory Control and Data Acquisition (SCADA) software. A targeted attack (also termed a control aware attack) on the controller/SCADA software can lead a control system to operate in an unsafe mode or sometimes to complete shutdown of the plant. Such malware attacks can result in tremendous cost to the organization for recovery, cleanup, and maintenance activity. SCADA systems in operational mode generate huge log files. These files are useful in analysis of the plant behavior and diagnostics during an ongoing attack. However, they are bulky and difficult for manual inspection. Data mining techniques such as least squares approximation and computational methods can be used in the analysis of logs and to take proactive actions when required. This paper explores methodologies and algorithms so as to develop an effective monitoring scheme against control aware cyber attacks. It also explains soft computation techniques such as the computational geometric method and least squares approximation that can be effective in monitor design. This paper provides insights into diagnostic monitoring of its effectiveness by attack simulations on a four-tank model and using computation techniques to diagnose it. Cyber security of instrumentation and control systems used in nuclear power plants is of paramount importance and hence could be a possible target of such applications.

Secure Coding for SQL Injection Prevention Using Generative AI

  • Young-Bok Cho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.29 no.9
    • /
    • pp.61-68
    • /
    • 2024
  • In this paper, Generative AI is a technology that creates various forms of content such as text, images, and music, and is being utilized across different fields. In the security sector, generative AI is poised to open up new possibilities in various areas including security vulnerability analysis, malware detection and analysis, and the creation and improvement of security policies. This paper presents a guide for identifying vulnerabilities and secure coding using ChatGPT for security vulnerability analysis and prediction, considering the application of generative AI in the security domain. While generative AI offers innovative possibilities in the security field, it is essential to continuously pursue research and development to ensure safe and effective utilization of generative AI through in-depth consideration of ethical and legal issues accompanying technological advancements.

Classification of HTTP Automated Software Communication Behavior Using a NoSQL Database

  • Tran, Manh Cong;Nakamura, Yasuhiro
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.5 no.2
    • /
    • pp.94-99
    • /
    • 2016
  • Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

Analysis of File Time Change by File Manipulation of Linux System (리눅스 시스템에서의 파일 조작에 따른 시간변화 분석)

  • Yoo, Byeongyeong
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.3
    • /
    • pp.21-28
    • /
    • 2016
  • File Time information has a significant meaning in digital forensic investigation. File time information in Linux Ext4 (Extended File System 4) environment is the Access Time, Modification Time, Inode Change Time, Deletion Time and Creation Time. File time is variously changed by user manipulations such as creation, copy and edit. And, the study of file time change is necessary for evidence analysis. This study analyzes the change in time information of files or folders resulting from user manipulations in Linux operating system and analyzes ways to determine real time of malware infection and whether the file was modulation.

Design and Implementation of a Real-time Integrated Analysis Framework based on Multiprocessor Search Modules against Malicious Codes (악성코드 대응 MPSM기반 실시간통합분석체계의 설계 및 구현)

  • Moon, Yoon Jong
    • Convergence Security Journal
    • /
    • v.15 no.1
    • /
    • pp.69-82
    • /
    • 2015
  • This dissertation introduce how to react against the cybercrime and analysis of malware detection. Also this dissertation emphasize the importance about efficient control of correspond process for the information security. Cybercrime and cyber breach are becoming increasingly intelligent and sophisticated. To correspond those crimes, the strategy of defense need change soft kill to hard kill. So this dissertation includes the study of weak point about OS, Application system. Also this dissertation suggest that API structure for handling and analyzing big data forensic.

Naming Scheme for Standardization of Detection Rule on Security Monitoring Threat Event (보안관제 위협 이벤트 탐지규칙 표준 명명법 연구)

  • Park, Wonhyung;Kim, Yanghoon;Lim, YoungWhan;Ahn, Sungjin
    • Convergence Security Journal
    • /
    • v.15 no.4
    • /
    • pp.83-90
    • /
    • 2015
  • Recent, Cyber attacks such as hacking and malicious code techniques are evolving very rapidly changing cyber a ttacks are increasing, the number of malicious code techniques vary accordingly become intelligent. In the case of m alware because of the ambiguity in the number of malware have increased rapidly by name or classified as maliciou s code may have difficulty coping with. This paper investigated the naming convention of the vaccine manufacturer s in Korea to solve this problem, the analysis and offers a naming convention for security control event detection r ule analysis to compare the pattern of the detection rule out based on this current.

HAS-Analyzer: Detecting HTTP-based C&C based on the Analysis of HTTP Activity Sets

  • Kim, Sung-Jin;Lee, Sungryoul;Bae, Byungchul
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.5
    • /
    • pp.1801-1816
    • /
    • 2014
  • Because HTTP-related ports are allowed through firewalls, they are an obvious point for launching cyber attacks. In particular, malware uses HTTP protocols to communicate with their master servers. We call this an HTTP-based command and control (C&C) server. Most previous studies concentrated on the behavioral pattern of C&Cs. However, these approaches need a well-defined white list to reduce the false positive rate because there are many benign applications, such as automatic update checks and web refreshes, that have a periodic access pattern. In this paper, we focus on finding new discriminative features of HTTP-based C&Cs by analyzing HTTP activity sets. First, a C&C shows a few connections at a time (low density). Second, the content of a request or a response is changed frequently among consecutive C&Cs (high content variability). Based on these two features, we propose a novel C&C analysis mechanism that detects the HTTP-based C&C. The HAS-Analyzer can classify the HTTP-based C&C with an accuracy of more than 96% and a false positive rate of 1.3% without using any white list.

Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution (동적 기호 실행을 이용한 그래프 기반 바이너리 코드 실행 경로 탐색 플랫폼)

  • Kang, Byeongho;Im, Eul Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.437-444
    • /
    • 2014
  • In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

A Study on Tainting Technique for leaking official certificates Malicious App Detection in Android (공인인증서 유출형 안드로이드 악성앱 탐지를 위한 Tainting 기법 활용 연구)

  • Yoon, Hanj Jae;Lee, Man Hee
    • Convergence Security Journal
    • /
    • v.18 no.3
    • /
    • pp.27-35
    • /
    • 2018
  • The certificate is electronic information issued by an accredited certification body to certify an individual or to prevent forgery and alteration between communications. Certified certificates are stored in PCs and smart phones in the form of encrypted files and are used to prove individuals when using Internet banking and smart banking services. Among the rapidly growing Android-based malicious applications are malicious apps that leak personal information, especially certificates that exist in the form of files. This paper proposes a method for judging whether malicious codes leak certificates by using DroidBox, an Android-based dynamic analysis tool.

  • PDF

Feature Analysis for Detecting Mobile Application Review Generated by AI-Based Language Model

  • Lee, Seung-Cheol;Jang, Yonghun;Park, Chang-Hyeon;Seo, Yeong-Seok
    • Journal of Information Processing Systems
    • /
    • v.18 no.5
    • /
    • pp.650-664
    • /
    • 2022
  • Mobile applications can be easily downloaded and installed via markets. However, malware and malicious applications containing unwanted advertisements exist in these application markets. Therefore, smartphone users install applications with reference to the application review to avoid such malicious applications. An application review typically comprises contents for evaluation; however, a false review with a specific purpose can be included. Such false reviews are known as fake reviews, and they can be generated using artificial intelligence (AI)-based text-generating models. Recently, AI-based text-generating models have been developed rapidly and demonstrate high-quality generated texts. Herein, we analyze the features of fake reviews generated from Generative Pre-Training-2 (GPT-2), an AI-based text-generating model and create a model to detect those fake reviews. First, we collect a real human-written application review from Kaggle. Subsequently, we identify features of the fake review using natural language processing and statistical analysis. Next, we generate fake review detection models using five types of machine-learning models trained using identified features. In terms of the performances of the fake review detection models, we achieved average F1-scores of 0.738, 0.723, and 0.730 for the fake review, real review, and overall classifications, respectively.