Forensic identification and detection of hidden and obfuscated malware
- Authors: Alazab, Mamoun
- Date: 2012
- Type: Text , Thesis , PhD
- Full Text:
- Description: The revolution in online criminal activities and malicious software (malware) has posed a serious challenge in malware forensics. Malicious attacks have become more organized and purposefully directed. With cybercrimes escalating to great heights in quantity as well as in sophistication and stealth, the main challenge is to detect hidden and obfuscated malware. Malware authors use a variety of obfuscation methods and specialized stealth techniques of information hiding to embed malicious code, to infect systems and to thwart any attempt to detect them, specifically with the use of commercially available anti-malware engines. This has led to the situation of zero-day attacks, where malware inflict systems even with existing security measures. The aim of this thesis is to address this situation by proposing a variety of novel digital forensic and data mining techniques to automatically detect hidden and obfuscated malware. Anti-malware engines use signature matching to detect malware where signatures are generated by human experts by disassembling the file and selecting pieces of unique code. Such signature based detection works effectively with known malware but performs poorly with hidden or unknown malware. Code obfuscation techniques, such as packers, polymorphism and metamorphism, are able to fool current detection techniques by modifying the parent code to produce offspring copies resulting in malware that has the same functionality, but with a different structure. These evasion techniques exploit the drawbacks of traditional malware detection methods, which take current malware structure and create a signature for detecting this malware in the future. However, obfuscation techniques aim to reduce vulnerability to any kind of static analysis to the determent of any reverse engineering process. Furthermore, malware can be hidden in file system slack space, inherent in NTFS file system based partitions, resulting in malware detection that even more difficult.
- Description: Doctor of Philosophy
- Authors: Alazab, Mamoun
- Date: 2012
- Type: Text , Thesis , PhD
- Full Text:
- Description: The revolution in online criminal activities and malicious software (malware) has posed a serious challenge in malware forensics. Malicious attacks have become more organized and purposefully directed. With cybercrimes escalating to great heights in quantity as well as in sophistication and stealth, the main challenge is to detect hidden and obfuscated malware. Malware authors use a variety of obfuscation methods and specialized stealth techniques of information hiding to embed malicious code, to infect systems and to thwart any attempt to detect them, specifically with the use of commercially available anti-malware engines. This has led to the situation of zero-day attacks, where malware inflict systems even with existing security measures. The aim of this thesis is to address this situation by proposing a variety of novel digital forensic and data mining techniques to automatically detect hidden and obfuscated malware. Anti-malware engines use signature matching to detect malware where signatures are generated by human experts by disassembling the file and selecting pieces of unique code. Such signature based detection works effectively with known malware but performs poorly with hidden or unknown malware. Code obfuscation techniques, such as packers, polymorphism and metamorphism, are able to fool current detection techniques by modifying the parent code to produce offspring copies resulting in malware that has the same functionality, but with a different structure. These evasion techniques exploit the drawbacks of traditional malware detection methods, which take current malware structure and create a signature for detecting this malware in the future. However, obfuscation techniques aim to reduce vulnerability to any kind of static analysis to the determent of any reverse engineering process. Furthermore, malware can be hidden in file system slack space, inherent in NTFS file system based partitions, resulting in malware detection that even more difficult.
- Description: Doctor of Philosophy
Enhancing service quality and reliability in intelligent traffic system
- Authors: Chowdhury, Abdullahi
- Date: 2020
- Type: Text , Thesis , PhD
- Full Text:
- Description: Intelligent Traffic Systems (ITS) can manage on-road traffic efficiently based on real-time traffic conditions, reduce delay at the intersections, and maintain the safety of the road users. However, emergency vehicles still struggle to meet their targeted response time, and an ITS is vulnerable to various types of attacks, including cyberattacks. To address these issues, in this dissertation, we introduce three techniques that enhance the service quality and reliability of an ITS. First, an innovative Emergency Vehicle Priority System (EVPS) is presented to assist an Emergency Vehicle (EV) in attending the incident place faster. Our proposed EVPS determines the proper priority codes of EV based on the type of incidents. After priority code generation, EVPS selects the number of traffic signals needed to be turned green considering the impact on other vehicles gathered in the relevant adjacent cells. Second, for improving reliability, an Intrusion Detection System for traffic signals is proposed for the first time, which leverages traffic and signal characteristics such as the flow rate, vehicle speed, and signal phase time. Shannon’s entropy is used to calculate the uncertainty associated with the likelihood of particular evidence and Dempster-Shafer (DS) decision theory is used to fuse the evidential information. Finally, to improve the reliability of a future ITS, we introduce a model that assesses the trust level of four major On-Board Units (OBU) of a self-driving car along with Global Positioning System (GPS) data and safety messages. Both subjective logic (DS theory) and CertainLogic are used to develop the theoretical underpinning for estimating the trust value of a self-driving car by fusing the trust value of four OBU components, GPS data and safety messages. For evaluation and validation purposes, a popular and widely used traffic simulation package, namely Simulation of Urban Mobility (SUMO), is used to develop the simulation platform using a real map of Melbourne CBD. The relevant historical real data taken from the VicRoads website were used to inject the traffic flow and density in the simulation model. We evaluated the performance of our proposed techniques considering different traffic and signal characteristics such as occupancy rate, flow rate, phase time, and vehicle speed under many realistic scenarios. The simulation result shows the potential efficacy of our proposed techniques for all selected scenarios.
- Description: Doctor of Philosophy
- Authors: Chowdhury, Abdullahi
- Date: 2020
- Type: Text , Thesis , PhD
- Full Text:
- Description: Intelligent Traffic Systems (ITS) can manage on-road traffic efficiently based on real-time traffic conditions, reduce delay at the intersections, and maintain the safety of the road users. However, emergency vehicles still struggle to meet their targeted response time, and an ITS is vulnerable to various types of attacks, including cyberattacks. To address these issues, in this dissertation, we introduce three techniques that enhance the service quality and reliability of an ITS. First, an innovative Emergency Vehicle Priority System (EVPS) is presented to assist an Emergency Vehicle (EV) in attending the incident place faster. Our proposed EVPS determines the proper priority codes of EV based on the type of incidents. After priority code generation, EVPS selects the number of traffic signals needed to be turned green considering the impact on other vehicles gathered in the relevant adjacent cells. Second, for improving reliability, an Intrusion Detection System for traffic signals is proposed for the first time, which leverages traffic and signal characteristics such as the flow rate, vehicle speed, and signal phase time. Shannon’s entropy is used to calculate the uncertainty associated with the likelihood of particular evidence and Dempster-Shafer (DS) decision theory is used to fuse the evidential information. Finally, to improve the reliability of a future ITS, we introduce a model that assesses the trust level of four major On-Board Units (OBU) of a self-driving car along with Global Positioning System (GPS) data and safety messages. Both subjective logic (DS theory) and CertainLogic are used to develop the theoretical underpinning for estimating the trust value of a self-driving car by fusing the trust value of four OBU components, GPS data and safety messages. For evaluation and validation purposes, a popular and widely used traffic simulation package, namely Simulation of Urban Mobility (SUMO), is used to develop the simulation platform using a real map of Melbourne CBD. The relevant historical real data taken from the VicRoads website were used to inject the traffic flow and density in the simulation model. We evaluated the performance of our proposed techniques considering different traffic and signal characteristics such as occupancy rate, flow rate, phase time, and vehicle speed under many realistic scenarios. The simulation result shows the potential efficacy of our proposed techniques for all selected scenarios.
- Description: Doctor of Philosophy
- «
- ‹
- 1
- ›
- »