Open Access. Powered by Scholars. Published by Universities.®
- Publication Year
- Publication
- Publication Type
Articles 1 - 18 of 18
Full-Text Articles in Entire DC Network
Malware Detection With Artificial Intelligence: A Systematic Literature Review, Matthew G. Gaber, Mohiuddin Ahmed, Helge Janicke
Malware Detection With Artificial Intelligence: A Systematic Literature Review, Matthew G. Gaber, Mohiuddin Ahmed, Helge Janicke
Research outputs 2022 to 2026
In this survey, we review the key developments in the field of malware detection using AI and analyze core challenges. We systematically survey state-of-the-art methods across five critical aspects of building an accurate and robust AI-powered malware-detection model: malware sophistication, analysis techniques, malware repositories, feature selection, and machine learning vs. deep learning. The effectiveness of an AI model is dependent on the quality of the features it is trained with. In turn, the quality and authenticity of these features is dependent on the quality of the dataset and the suitability of the analysis tool. Static analysis is fast but is …
Developing Resilient Cyber-Physical Systems: A Review Of State-Of-The-Art Malware Detection Approaches, Gaps, And Future Directions, M. Imran Malik, Ahmed Ibrahim, Peter Hannay, Leslie F. Sikos
Developing Resilient Cyber-Physical Systems: A Review Of State-Of-The-Art Malware Detection Approaches, Gaps, And Future Directions, M. Imran Malik, Ahmed Ibrahim, Peter Hannay, Leslie F. Sikos
Research outputs 2022 to 2026
Cyber-physical systems (CPSes) are rapidly evolving in critical infrastructure (CI) domains such as smart grid, healthcare, the military, and telecommunication. These systems are continually threatened by malicious software (malware) attacks by adversaries due to their improvised tactics and attack methods. A minor configuration change in a CPS through malware has devastating effects, which the world has seen in Stuxnet, BlackEnergy, Industroyer, and Triton. This paper is a comprehensive review of malware analysis practices currently being used and their limitations and efficacy in securing CPSes. Using well-known real-world incidents, we have covered the significant impacts when a CPS is compromised. In …
Ransomware Behavioural Analysis On Windows Platforms, Nikolai Hampton, Zubair A. Baig, Sherali Zeadally
Ransomware Behavioural Analysis On Windows Platforms, Nikolai Hampton, Zubair A. Baig, Sherali Zeadally
Research outputs 2014 to 2021
Ransomware infections have grown exponentially during the recent past to cause major disruption in operations across a range of industries including the government. Through this research, we present an analysis of 14 strains of ransomware that infect Windows platforms, and we do a comparison of Windows Application Programming Interface (API) calls made through ransomware processes with baselines of normal operating system behaviour. The study identifies and reports salient features of ransomware as referred through the frequencies of API calls
Ransomware: Emergence Of The Cyber-Extortion Menace, Nikolai Hampton, Zubair A. Baig
Ransomware: Emergence Of The Cyber-Extortion Menace, Nikolai Hampton, Zubair A. Baig
Australian Information Security Management Conference
Ransomware is increasingly posing a threat to the security of information resources. Millions of dollars of monetary loss have been afflicted on end-users and corporations alike through unlawful deployment of ransomware. Through malware injection into end-user devices and subsequent extortion of their system or data, ransomware has emerged as a threat requiring immediate attention and containment by the cyber-security community. We conduct a detailed analysis of the steps of execution involved in ransomware deployment to facilitate readiness of the cyber-security community in containing the rapid proliferation of ransomware. This paper examines the evolution of malware over a period of 26 …
Territorial Behavior And The Economics Of Botnets, Craig S. Wright
Territorial Behavior And The Economics Of Botnets, Craig S. Wright
Australian Information Security Management Conference
This paper looks at the economics associated with botnets. This research can be used to calculate territorial sizes for online criminal networks. Looking at the types of systems we can compare the time required to maintain the botnet against the benefits received. In doing this it will be possible to formulate economic defence strategies that reduce the benefits received through the control of the botnet. We look at the decision to be territorial or not from the perspective of the criminal bot-herder. This is extended to an analysis of territorial size. The criminal running a botnet seeks to maximize profit. …
A Threat To Cyber Resilience: A Malware Rebirthing Botnet, Murray Brand, Craig Valli, Andrew Woodward
A Threat To Cyber Resilience: A Malware Rebirthing Botnet, Murray Brand, Craig Valli, Andrew Woodward
International Cyber Resilience conference
This paper presents a threat to cyber resilience in the form of a conceptual model of a malware rebirthing botnet which can be used in a variety of scenarios. It can be used to collect existing malware and rebirth it with new functionality and signatures that will avoid detection by AV software and hinder analysis. The botnet can then use the customized malware to target an organization with an orchestrated attack from the member machines in the botnet for a variety of malicious purposes, including information warfare applications. Alternatively, it can also be used to inject known malware signatures into …
New Approaches To Mitigation Of Malicious Traffic In Voip Networks, Tobi Wulff, Ray Hunt
New Approaches To Mitigation Of Malicious Traffic In Voip Networks, Tobi Wulff, Ray Hunt
Australian Information Security Management Conference
Voice over IP (VoIP) telephony is becoming widespread in use, and is often integrated into computer networks. Because of this, malicious software threatens VoIP systems in the same way that traditional computer systems have been attacked by viruses, worms, and other automated agents. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. This paper describes the design and implementation of a novel VoIP security architecture in which evaluation of, and mitigation against, malicious traffic is demonstrated by the use of virtual machines to emulate …
Malware Detection Based On Structural And Behavioural Features Of Api Calls, Manoun Alazab, Robert Layton, Sitalakshmi Venkataraman, Paul Watters
Malware Detection Based On Structural And Behavioural Features Of Api Calls, Manoun Alazab, Robert Layton, Sitalakshmi Venkataraman, Paul Watters
International Cyber Resilience conference
In this paper, we propose a five-step approach to detect obfuscated malware by investigating the structural and behavioural features of API calls. We have developed a fully automated system to disassemble and extract API call features effectively from executables. Using n-gram statistical analysis of binary content, we are able to classify if an executable file is malicious or benign. Our experimental results with a dataset of 242 malwares and 72 benign files have shown a promising accuracy of 96.5% for the unigram model. We also provide a preliminary analysis by our approach using support vector machine (SVM) and by varying …
Lessons Learned From An Investigation Into The Analysis Avoidance Techniques Of Malicious Software, Murray Brand, Craig Valli, Andrew Woodward
Lessons Learned From An Investigation Into The Analysis Avoidance Techniques Of Malicious Software, Murray Brand, Craig Valli, Andrew Woodward
Australian Digital Forensics Conference
This paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a …
Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward
Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward
Australian Digital Forensics Conference
Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis …
Analysis Avoidance Techniques Of Malicious Software, Murray Brand
Analysis Avoidance Techniques Of Malicious Software, Murray Brand
Theses: Doctorates and Masters
Anti Virus (AV) software generally employs signature matching and heuristics to detect the presence of malicious software (malware). The generation of signatures and determination of heuristics is dependent upon an AV analyst having successfully determined the nature of the malware, not only for recognition purposes, but also for the determination of infected files and startup mechanisms that need to be removed as part of the disinfection process. If a specimen of malware has not been previously extensively analyzed, it is unlikely to be detected by AV software. In addition, malware is becoming increasingly profit driven and more likely to incorporate …
Smartpot: Creating A 1st Generation Smartphone Honeypot, Michael Freeman, Andrew Woodward
Smartpot: Creating A 1st Generation Smartphone Honeypot, Michael Freeman, Andrew Woodward
Australian Digital Forensics Conference
This paper discusses an experimental method for creating a 1st generation smart-phone honey-pot with the intention of discovering automated worms. A Honeyd low-interaction virtual honey-pot is conceived as a possible method of discovering automated smart-phone worms by emulating the operating system Windows Mobile 5 and Windows Mobile 6, along with the available TCP/UDP ports of each operating system. This is an experimental method as there are currently no known malicious smart-phone worms. Honeyd emulates devices by mimicking the devices operating system fingerprint which is created by the unique responses each operating system sends to a discrete series of TCP and …
The Malware Analysis Body Of Knowledge (Mabok), Craig Valli
The Malware Analysis Body Of Knowledge (Mabok), Craig Valli
Australian Digital Forensics Conference
The ability to forensically analyse malicious software (malware) is becoming an increasingly important discipline in the field of Digital Forensics. This is because malware is becoming stealthier, targeted, profit driven, managed by criminal organizations, harder to detect and much harder to analyse. Malware analysis requires a considerable skill set to delve deep into malware internals when it is designed specifically to detect and hinder such attempts. This paper presents a foundation for a Malware Analysis Body of Knowledge (MABOK) that is required to successfully forensically analyse malware. This body of knowledge has been the result of several years of research …
Malware Detection And Removal: An Examination Of Personal Anti-Virus Software, Patryk Szewczyk, Murray Brand
Malware Detection And Removal: An Examination Of Personal Anti-Virus Software, Patryk Szewczyk, Murray Brand
Australian Digital Forensics Conference
SoHo users are increasingly faced with the dilemma of applying appropriate security mechanisms to their computer with little or no knowledge of which countermeasure will deal with which potential threat. As problematic as it may seem for individuals to apply appropriate safeguards, individuals with malicious intent are advancing methods by which malicious software may operate undetected on a target host. Previous research has identified that there are numerous ways in which malware may go undetected on a target workstation. This paper examines the quality of malware removal programs currently available on the market, which consumers may use whilst utilising the …
Malware, Viruses And Log Visualisation, Iain Swanson
Malware, Viruses And Log Visualisation, Iain Swanson
Australian Digital Forensics Conference
This paper will look at the current state of visualization in relation to mainly malware collector logs, network logs and the possibility of visualizing their payloads. We will show that this type of visualization of activity on the network can help us in the forensic investigation of the traffic, which may contain unwanted pieces of cod, and may identify any patterns within the traffic or payloads that might help us determine the nature of the traffic visually. We will further speculate on a framework that could be built which would be able to finger print any type of malware, based …
How Safe Is Azeroth, Or, Are Mmorpgs A Security Risk?, An Hilven, Andrew Woodward
How Safe Is Azeroth, Or, Are Mmorpgs A Security Risk?, An Hilven, Andrew Woodward
Australian Information Security Management Conference
Massive Multiplayer Online Role Playing Games (MMORPGs) are at a basic level a networked application. Blizzard’s World of Warcraft is currently the largest example of such a type of application, with over nine million subscribers at last count. Whilst the idea of researching a game for network security may sound trivial, nine million potential backdoors into home and business computers is not. The ports used by the game, as well as authentication methods and client update programs were examined using packet analysis software. No obvious vulnerabilities were discovered as a result of this analysis. In addition to this analysis, an …
An Examination Of The Asus Wl-Hdd 2.5 As A Nepenthes Malware Collector, Patryk Szewczyk
An Examination Of The Asus Wl-Hdd 2.5 As A Nepenthes Malware Collector, Patryk Szewczyk
Australian Digital Forensics Conference
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact …
An Overview Of Adsl Homed Nepenthes Honeypots In Western Australia, Craig Valli, Aaron Wooten
An Overview Of Adsl Homed Nepenthes Honeypots In Western Australia, Craig Valli, Aaron Wooten
Australian Digital Forensics Conference
This paper outlines initial analysis from research in progress into ADSL homed Nepenthes honeypots. One of the Nepenthes honeypots prime objective in this research was the collection of malware for analysis and dissection. A further objective is the analysis of risks that are circulating within ISP networks in Western Australian. What differentiates Nepenthes from many traditional honeypot designs it that is has been engineered from a distributed network philosophy. The program allows distribution of results across a network of sensors and subsequent aggregation of malware statistics readily within a large network environment.