Nuggets tagged detection - [remove filter]
Sept. 6, 2016 (9 months, 3 weeks ago)
Oct. 15, 2015 (1 year, 8 months ago)
Oct. 13, 2015 (1 year, 8 months ago)
The internet in general is typically diverse, from the perspective of malware attacks, due to distinct configurations, firewall rules, antimalware signature sets, intrusion detection, and router policies etc. However many networks still have limited internal diversity, making them vulnerable to malware spreading. Diversity can provide a malware-halting technique and this paper models the spreading of infectious malware over networked computing devices using a model comprising a simple graph with N nodes of L types. A good measure of a model's diversity is the number of node types L. Nodes of the same type share an exploitable vulnerability, whereas nodes of different types have no common exploitable vulnerability. An epidemiological model represents the spreading phase of multi-malware outbreaks. The analysis of this phase establishes a lower bound on the diversity L needed by various halting techniques proposed for spreading networks with three different topologies: i)Sparse and homogeneous, ii) Sparse and inhomogeneous, iii) Dense and homogeneous.
July 22, 2014 (2 years, 11 months ago)
Unfortunately this paper is behind a paywall but a short preview is accessible. It claims a 97% success rate in detecting metamorphic malware. Metamorphic malware have been around for a number of years and change their code as they propagate in order to avoid anti-virus defences (which work by detecting previously seen code signatures). This approach identifies characteristic features of this type of malware assembly code, such as instructions that change registers, instructions that change control flow, and code fragmentation. Metamorphic code is rarely used in non-malware so features that are indicative of such behaviour should yield a low false positive rate. However, although metamorphic malware is a key tactic for virus writers who want widely distributed attacks it is actually less important in Advanced Persistent Threats as they are not designed to propagate too extensively to avoid the risk of detection by anti-malware tools and researchers in the first place.
July 9, 2014 (2 years, 11 months ago)
This paper is behind a paywall. The abstract claims a novel approach to SCADA IDS based on multi-attributes but does not say what those attributes are. It also claims a ‘comprehensive solution to mitigate varied cyberattack threats’. Information is limited in the abstract but there is little indication that major progress can be found in the full paper.