Reanimating historic malware samples
- Authors: Black, Paul , Gondal, Iqbal , Vamplew, Peter , Lakhotia, Arun
- Date: 2021
- Type: Text , Book chapter
- Relation: Malware Analysis Using Artificial Intelligence and Deep Learning p. 345-360
- Full Text: false
- Reviewed:
- Description: Many types of malicious software are controlled from an attacker’s command and control (C2) servers. Anti-virus organizations seek to defeat malware attacks by requesting removal of C2 server Domain Name Server (DNS) records. As a result, the life span of most malware samples is relatively short. Large datasets of historical malware samples are available for countermeasures research. However, due to the age of these malware samples, their C2 servers are no longer available. To cope with high volumes of malware production, malware analysis is increasingly performed using machine learning techniques. Dynamic analysis is commonly used for feature extraction. However, due to the absence of their C2 servers, after initialization, malware samples may exit or loop attempting to establish C2 server connections and, as a result, no longer exhibit their original capabilities. Therefore, partial execution of historical malware samples in a sandbox results in features that differ from those that would be extracted in-the-wild, thus invalidating the results of any machine learning research based on these features. One approach to extracting accurate features is to build an emulated C2 server to provide an environment that allows control of the full capabilities of the malware in an isolated environment. To illustrate the benefits of building C2 server emulators, this chapter provides examples of techniques for the creation of C2 server emulators for three malware families (Zeus, CryptoWall, and CryptoLocker) using manual reverse engineering techniques and a review of semi-automated techniques for the construction of C2 server emulators.
Mobile malware detection : an analysis of deep learning model
- Authors: Khoda, Mahbub , Kamruzzaman, Joarder , Gondal, Iqbal , Imam, Tasadduq , Rahman, Ashfaqur , IEEE
- Date: 2019
- Type: Text , Book chapter
- Relation: 2019 IEEE International Conference on Industrial Technology p. 1161-1166
- Full Text: false
- Reviewed:
- Description: Due to its widespread use, with numerous applications deployed everyday, smartphones have become an inevitable target of the malware developers. This huge number of applications renders manual inspection of codes infeasible; as such, researchers have proposed several malware detection techniques based on automatic machine learning tools. Deep learning has gained a lot of attention from the malware researchers due to its ability of capture complex relationships among inputs and outputs. However, deep learning models depend largely on several hyper-parameters (i.e., learning rate, batch size, dropout rate). Hence, it is of utmost importance to analyze the effect of these parameters on classifier performance. In this paper, we systematically studied the effect of these parameters along with the effect of network architecture. We showed that building arbitrary deep networks does not always improve classifier performance. We also determined the combination of hyper-parameters that yields best result. This study will be useful in building better deep neural network based model for malware classification.
Vulnerability modelling for hybrid IT systems
- Authors: Ur-Rehman, Attiq , Gondal, Iqbal , Kamruzzuman, Joarder , Jolfaei, Alireza , IEEE
- Date: 2019
- Type: Text , Book chapter
- Relation: 2019 IEEE International Conference on Industrial Technology p. 1186-1191
- Full Text: false
- Reviewed:
- Description: Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.
Ethical considerations when using online datasets for research purposes
- Authors: Kopp, Christian , Layton, Robert , Gondal, Iqbal , Sillitoe, Jim
- Date: 2015
- Type: Text , Book chapter
- Relation: Automating Open Source Intelligence: Algorithms for OSINT p. 131-157
- Full Text: false
- Reviewed:
- Description: The Internet has become an important community communications platform, supporting a range of programs and virtual environments. While there are many ways in which people choose to develop personal interactions over the Internet, one of the most popular manifestations is the creation and maintenance of social relationships using social and dating websites. In this chapter, the collection and use of data from such sites is assessed from an ethical frame, and key concepts such as informed consent, information, comprehension, and voluntariness are outlined.
Computational modelling strategies for gene regulatory network reconstruction
- Authors: Sehgal, Muhammad Shoaib B , Gondal, Iqbal , Dooley, Laurence
- Date: 2008
- Type: Text , Book chapter
- Relation: Studies in Computational Intelligence p. 207-220
- Full Text:
- Reviewed:
- Description: Gene Regulatory Network (GRN) modelling infers genetic interactions between different genes and other cellular components to elucidate the cellular functionality. This GRN modelling has overwhelming applications in biology starting from diagnosis through to drug target identification. Several GRN modelling methods have been proposed in the literature, and it is important to study the relative merits and demerits of each method. This chapter provides a comprehensive comparative study on GRN reconstruction algorithms. The methods discussed in this chapter are diverse and vary from simple similarity based methods to state of the art hybrid and probabilistic methods. In addition, the chapter also underpins the need of strategies which should be able to model the stochastic behavior of gene regulation in the presence of limited number of samples, noisy data, multi-collinearity for high number of genes.
Gene expression imputation techniques for robust post genomic knowledge discovery
- Authors: Sehgal, Muhammad Shoaib B , Gondal, Iqbal , Dooley, Laurence
- Date: 2008
- Type: Text , Book chapter
- Relation: Studies in Computational Intelligence p. 185-206
- Full Text: false
- Reviewed:
- Description: Microarrays measure expression patterns of thousands of genes at a time, under same or diverse conditions, to facilitate faster analysis of biological processes. This gene expression data is being widely used for diagnosis, prognosis and tailored drug discovery. Microarray data, however, commonly contains missing values, which can have high impact on subsequent biological knowledge discovery methods. This has been catalyst for the manifest of different imputation algorithms, including Collateral Missing Value Estimation (CMVE), Bayesian Principal Component Analysis (BPCA), Least Square Impute (LSImpute), Local Least Square Impute (LLSImpute) and K-Nearest Neighbour (KNN). This Chapter investigates the impact of missing values on post genomic knowledge discovery methods like, Gene Selection and Gene Regulatory Network (GRN) reconstruction. A framework for robust subsequent biological knowledge inference has been proposed which has shown significant improvements in the outcomes of Gene Selection and GRN reconstruction methods.