Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 5 of 5
Full-Text Articles in Physical Sciences and Mathematics
Process Flow Features As A Host-Based Event Knowledge Representation, Benhur E. Pacer
Process Flow Features As A Host-Based Event Knowledge Representation, Benhur E. Pacer
Theses and Dissertations
The detection of malware is of great importance but even non-malicious software can be used for malicious purposes. Monitoring processes and their associated information can characterize normal behavior and help identify malicious processes or malicious use of normal process by measuring deviations from the learned baseline. This exploratory research describes a novel host feature generation process that calculates statistics of an executing process during a window of time called a process flow. Process flows are calculated from key process data structures extracted from computer memory using virtual machine introspection. Each flow cluster generated using k-means of the flow features represents …
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
Theses and Dissertations
Botnets are a threat to computer systems and users around the world. Botmasters can range from annoying spam email propagators to nefarious criminals. These criminals attempt to take down networks or web servers through distributed denial-of-service attacks, to steal corporate secrets, or to launder money from individuals or corporations. As the number and severity of successful botnet attacks rise, computer security experts need to develop better early-detection and removal techniques to protect computer networks and individual computer users from these very real threats. I will define botnets and describe some of their common purposes and current uses. Next, I will …
Short Message Service (Sms) Command And Control (C2) Awareness In Android-Based Smartphones Using Kernel-Level Auditing, Robert J. Olipane
Short Message Service (Sms) Command And Control (C2) Awareness In Android-Based Smartphones Using Kernel-Level Auditing, Robert J. Olipane
Theses and Dissertations
This thesis addresses the emerging threat of botnets in the smartphone domain and focuses on the Android platform and botnets using short message service (SMS) as the command and control (C2) channel. With any botnet, C2 is the most important component contributing to its overall resilience, stealthiness, and effectiveness. This thesis develops a passive host-based approach for identifying covert SMS traffic and providing awareness to the user. Modifying the kernel and implementing this awareness mechanism is achieved by developing and inserting a loadable kernel module that logs all inbound SMS messages as they are sent from the baseband radio to …
Evaluation Of Malware Target Recognition Deployed In A Cloud-Based Fileserver Environment, G. Parks Masters
Evaluation Of Malware Target Recognition Deployed In A Cloud-Based Fileserver Environment, G. Parks Masters
Theses and Dissertations
Cloud computing, or the migration of computing resources from the end user to remotely managed locations where they can be purchased on-demand, presents several new and unique security challenges. One of these challenges is how to efficiently detect malware amongst files that are possibly spread across multiple locations in the Internet over congested network connections. This research studies how such an environment will impact the performance of malware detection. A simplified cloud environment is created in which network conditions are fully controlled. This environment includes a fileserver, a detection server, the detection mechanism, and clean and malicious file sample sets. …
Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller
Binary Disassembly Block Coverage By Symbolic Execution Vs. Recursive Descent, Jonathan D. Miller
Theses and Dissertations
This research determines how appropriate symbolic execution is (given its current implementation) for binary analysis by measuring how much of an executable symbolic execution allows an analyst to reason about. Using the S2E Selective Symbolic Execution Engine with a built-in constraint solver (KLEE), this research measures the effectiveness of S2E on a sample of 27 Debian Linux binaries as compared to a traditional static disassembly tool, IDA Pro. Disassembly code coverage and path exploration is used as a metric for determining success. This research also explores the effectiveness of symbolic execution on packed or obfuscated samples of the same binaries …