Computer Engineering Commons^™

Few-Shot Malware Detection Using A Novel Adversarial Reprogramming Model, Ekula Praveen Kumar

Browse all Theses and Dissertations

The increasing sophistication of malware has made detecting and defending against new strains a major challenge for cybersecurity. One promising approach to this problem is using machine learning techniques that extract representative features and train classification models to detect malware in an early stage. However, training such machine learning-based malware detection models represents a significant challenge that requires a large number of high-quality labeled data samples while it is very costly to obtain them in real-world scenarios. In other words, training machine learning models for malware detection requires the capability to learn from only a few labeled examples. To address …

C2 Microservices Api: Ch4rl3sch4l3m4gn3, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

In the 21^st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest …

Detecting Malware In Memory With Memory Object Relationships, Demarcus M. Thomas Sr.

Theses and Dissertations

Malware is a growing concern that not only affects large businesses but the basic consumer as well. As a result, there is a need to develop tools that can identify the malicious activities of malware authors. A useful technique to achieve this is memory forensics. Memory forensics is the study of volatile data and its structures in Random Access Memory (RAM). It can be utilized to pinpoint what actions have occurred on a computer system.

This dissertation utilizes memory forensics to extract relationships between objects and supervised machine learning as a novel method for identifying malicious processes in a system …

A Deep-Dive Into Cryptojacking Malware: From An Empirical Analysis To A Detection Method For Computationally Weak Devices, Ege Tekiner

FIU Electronic Theses and Dissertations

Cryptojacking is an act of using a victim's computation power without his/her consent. Unauthorized mining costs extra electricity consumption and decreases the victim host's computational efficiency dramatically. In this thesis, we perform an extensive research on cryptojacking malware from every aspects. First, we present a systematic overview of cryptojacking malware based on the information obtained from the combination of academic research papers, two large cryptojacking datasets of samples, and numerous major attack instances. Second, we created a dataset of 6269 websites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining …

Iot Malicious Traffic Classification Using Machine Learning, Michael Austin

Graduate Theses, Dissertations, and Problem Reports

Although desktops and laptops have historically composed the bulk of botnet nodes, Internet of Things (IoT) devices have become more recent targets. Lightbulbs, outdoor cameras, watches, and many other small items are connected to WiFi and each other; and few have well-developed security or hardening. Research on botnets typically leverages honeypots, PCAPs, and network traffic analysis tools to develop detection models. The research questions addressed in this Problem Report are: (1) What machine learning algorithm performs the best in a binary classification task for a representative dataset of malicious and benign IoT traffic; and (2) What features have the most …

Advanced Techniques To Detect Complex Android Malware, Zhiqiang Li

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Android is currently the most popular operating system for mobile devices in the world. However, its openness is the main reason for the majority of malware to be targeting Android devices. Various approaches have been developed to detect malware.

Unfortunately, new breeds of malware utilize sophisticated techniques to defeat malware detectors. For example, to defeat signature-based detectors, malware authors change the malware’s signatures to avoid detection. As such, a more effective approach to detect malware is by leveraging malware’s behavioral characteristics. However, if a behavior-based detector is based on static analysis, its reported results may contain a large number of …

Automated Dynamic Detection Of Self-Hiding Behaviors, Luke Baird

Student Works

Certain Android applications, such as but not limited to malware, conceal their presence from the user, exhibiting a self-hiding behavior. Consequently, these apps put the user’s security and privacy at risk by performing tasks without the user’s awareness. Static analysis has been used to analyze apps for self-hiding behavior, but this approach is prone to false positives and suffers from code obfuscation. This research proposes a set of three tools utilizing a dynamic analysis method of detecting self-hiding behavior of an app in the home, installed, and running application lists on an Android emulator. Our approach proves both highly accurate …

Automated Dynamic Detection Of Self-Hiding Behavior In Android Apps, Luke Baird, Seth Rodgers

Student Works

Android applications that conceal themselves from a user, defined as exhibiting a “self-hiding behavior,” pose a threat to the user’s privacy, as these applications can live on a device undetected by the user. Malicious applications can do this to execute without being found by the user. Three lists are analyzed in particular—the home, running, and installed lists—as they are directly related to the typical Android app life cycle. Additionally, self-hiding behavior in the device admin list is analyzed due to the potential for catastrophic actions to be taken by device admin malware. This research proposes four dynamic analysis tools that …

Sec-Lib: Protecting Scholarly Digital Libraries From Infected Papers Using Active Machine Learning Framework, Nir Nissim, Aviad Cohen, Jian Wu, Andrea Lanzi, Lior Rokach, Yuval Elovici, Lee Giles

Computer Science Faculty Publications

Researchers from academia and the corporate-sector rely on scholarly digital libraries to access articles. Attackers take advantage of innocent users who consider the articles' files safe and thus open PDF-files with little concern. In addition, researchers consider scholarly libraries a reliable, trusted, and untainted corpus of papers. For these reasons, scholarly digital libraries are an attractive-target and inadvertently support the proliferation of cyber-attacks launched via malicious PDF-files. In this study, we present related vulnerabilities and malware distribution approaches that exploit the vulnerabilities of scholarly digital libraries. We evaluated over two-million scholarly papers in the CiteSeerX library and found the library …

Detecting Malicious Behavior In Openwrt With Qemu Tracing, Jeremy Porter

Browse all Theses and Dissertations

In recent years embedded devices have become more ubiquitous than ever before and are expected to continue this trend. Embedded devices typically have a singular or more focused purpose, a smaller footprint, and often interact with the physical world. Some examples include routers, wearable heart rate monitors, and thermometers. These devices are excellent at providing real time data or completing a specific task quickly, but they lack many features that make security issues more obvious. Generally, Embedded devices are not easily secured. Malware or rootkits in the firmware of an embedded system are difficult to detect because embedded devices do …

Androparse - An Android Feature Extraction Framework & Dataset, Robert Schmicker, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Android malware has become a major challenge. As a consequence, practitioners and researchers spend a significant time analyzing Android applications (APK). A common procedure (especially for data scientists) is to extract features such as permissions, APIs or strings which can then be analyzed. Current state of the art tools have three major issues: (1) a single tool cannot extract all the significant features used by scientists and practitioners (2) Current tools are not designed to be extensible and (3) Existing parsers do not have runtime efficiency. Therefore, this work presents AndroParse which is an open-source Android parser written in Golang …

Using Static Analysis And Dalvik Bytecode On Android Compass Applications To Detect Operational Anomalies, Arti J. Tripathi

Senior Projects Spring 2018

The focus of this paper is the functionality of Android applications and the detection of functional anomalies though a basic static analysis approach. The intention of this research is analyzing applications without running them and detecting how application behavior might correlate with method call patterns. We will focus on simple free compass applications because their ostensible simplicity will make high variation in methods calls an interesting phenomenon. We employ clustering algorithms and other statistical methods to isolate a particularly unusual collection of applications and then perform a qualitative analysis of these applications to discover any interesting common operational behavior or …

Applying Machine Learning To Advance Cyber Security: Network Based Intrusion Detection Systems, Hassan Hadi Latheeth Al-Maksousy

Computer Science Theses & Dissertations

Many new devices, such as phones and tablets as well as traditional computer systems, rely on wireless connections to the Internet and are susceptible to attacks. Two important types of attacks are the use of malware and exploiting Internet protocol vulnerabilities in devices and network systems. These attacks form a threat on many levels and therefore any approach to dealing with these nefarious attacks will take several methods to counter. In this research, we utilize machine learning to detect and classify malware, visualize, detect and classify worms, as well as detect deauthentication attacks, a form of Denial of Service (DoS). …

Malware Analysis Skills Taught In University Courses, Swetha Gorugantu

Browse all Theses and Dissertations

Career opportunities for malware analysts are growing at a fast pace due to the evolving nature of cyber threats as well as the necessity to counter them. However, employers are often unable to hire analysts fast though due to a lack of the required skillset. Hence, the primary purpose of the thesis is to conduct a gap analysis between the binary analysis skills taught in universities with those that the recruiters are looking for. Malware can be analyzed using three main types of tools and techniques: high-level profiling, static analysis, and dynamic analysis. These methods provide detailed information about the …

Proactive Biometric-Enabled Forensic Imprinting, Abdulrahman Alruban, Nathan L. Clarke, Fudong Li, Steven M. Furnell

Research outputs 2014 to 2021

Threats to enterprises have become widespread in the last decade. A major source of such threats originates from insiders who have legitimate access to the organization's internal systems and databases. Therefore, preventing or responding to such incidents has become a challenging task. Digital forensics has grown into a de-facto standard in the examination of electronic evidence; however, a key barrier is often being able to associate an individual to the stolen data. Stolen credentials and the Trojan defense are two commonly cited arguments used. This paper proposes a model that can more inextricably links the use of information (e.g. images, …

A Survey Of Botnet Detection Techniques By Command And Control Infrastructure, Thomas S. Hyslip, Jason M. Pittman

Journal of Digital Forensics, Security and Law

Botnets have evolved to become one of the most serious threats to the Internet and there is substantial research on both botnets and botnet detection techniques. This survey reviewed the history of botnets and botnet detection techniques. The survey showed traditional botnet detection techniques rely on passive techniques, primarily honeypots, and that honeypots are not effective at detecting peer-to-peer and other decentralized botnets. Furthermore, the detection techniques aimed at decentralized and peer-to-peer botnets focus on detecting communications between the infected bots. Recent research has shown hierarchical clustering of flow data and machine learning are effective techniques for detecting botnet peer-to-peer …

Research In Progress-Defending Android Smartphones From Malware Attacks, Marwan Omar, Maurice E. Dawson Jr.

Maurice Dawson

Smart phones are becoming enriched with confidential information due to their powerful computational capabilities and attractive communications features. The Android smart phone is one of the most widely used platforms by businesses and users alike. This is partially because Android smart phones use the free, open-source Linux as the underlying operating system, which allows development of applications by any software developer. This research study aims to explore security risks associated with the use of Android smart phones and the sensitive information they contain, the researcher devised a survey questionnaire to investigate and further understand security threats targeting Android smart phones. …

Malware Forensics: Discovery Of The Intent Of Deception, Murray Brand, Craig Valli, Andrew Woodward

Journal of Digital Forensics, Security and Law

Malicious software (malware) has a wide variety of analysis avoidance techniques that it can employ to hinder forensic analysis. Although legitimate software can incorporate the same analysis avoidance techniques to provide a measure of protection against reverse engineering and to protect intellectual property, malware invariably makes much greater use of such techniques to make detailed analysis labour intensive and very time consuming. Analysis avoidance techniques are so heavily used by malware that the detection of the use of analysis avoidance techniques could be a very good indicator of the presence of malicious intent. However, there is a tendency for analysis …