Supervised malware learning in cloud through System calls analysis

2021 ◽  
Author(s):  
K. Uma Maheswari ◽  
G. Shobana ◽  
S. Nikkath Bushra ◽  
Nalini Subramanian
Keyword(s):  
System Calls

scholarly journals Observability and chaos engineering on system calls for containerized applications in Docker

2021 ◽  
Vol 122 ◽  
pp. 117-129
Author(s):  
Jesper Simonsson ◽  
Long Zhang ◽  
Brice Morin ◽  
Benoit Baudry ◽  
Martin Monperrus
Keyword(s):  
System Calls

scholarly journals Detection of Malicious Software by Analyzing Distinct Artifacts Using Machine Learning and Deep Learning Algorithms

Electronics ◽  
2021 ◽  
Vol 10 (14) ◽  
pp. 1694
Author(s):  
Mathew Ashik ◽  
A. Jyothish ◽  
S. Anandaram ◽  
P. Vinod ◽  
Francesco Mercaldo ◽  
...  
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Deep Learning ◽  
Support Vector ◽  
Malware Analysis ◽  
Learning Approaches ◽  
Dynamic Features ◽  
System Calls ◽  
Prevention Methods ◽  
Structural Aspects

Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

scholarly journals Getting ahead of the Arms Race: Hothousing the Coevolution of VirusTotal with a Packer

Entropy ◽  
2021 ◽  
Vol 23 (4) ◽  
pp. 395
Author(s):  
Héctor D. Menéndez ◽  
David Clark ◽  
Earl T. Barr
Keyword(s):  
Machine Learning ◽  
Evolutionary Computation ◽  
Malware Detection ◽  
Cloud Service ◽  
False Positives ◽  
Arms Race ◽  
System Calls ◽  
A New Technique ◽  
Coevolutionary Arms Race

Malware detection is in a coevolutionary arms race where the attackers and defenders are constantly seeking advantage. This arms race is asymmetric: detection is harder and more expensive than evasion. White hats must be conservative to avoid false positives when searching for malicious behaviour. We seek to redress this imbalance. Most of the time, black hats need only make incremental changes to evade them. On occasion, white hats make a disruptive move and find a new technique that forces black hats to work harder. Examples include system calls, signatures and machine learning. We present a method, called Hothouse, that combines simulation and search to accelerate the white hat’s ability to counter the black hat’s incremental moves, thereby forcing black hats to perform disruptive moves more often. To realise Hothouse, we evolve EEE, an entropy-based polymorphic packer for Windows executables. Playing the role of a black hat, EEE uses evolutionary computation to disrupt the creation of malware signatures. We enter EEE into the detection arms race with VirusTotal, the most prominent cloud service for running anti-virus tools on software. During our 6 month study, we continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%. We report both how well VirusTotal learns to detect EEE-packed binaries and how well VirusTotal forgets in order to reduce false positives. VirusTotal’s tools learn and forget fast, actually in about 3 days. We also show where VirusTotal focuses its detection efforts, by analysing EEE’s variants.

Design of ARM Based Embedded Operating System Micro Kernel

2013 ◽  
Vol 347-350 ◽  
pp. 1799-1803
Author(s):  
Bo Qu ◽  
Zhao Zhi Wu
Keyword(s):  
Operating System ◽  
Core Layer ◽  
Embedded Operating System ◽  
Time Sharing ◽  
Tool Chain ◽  
Design And Implementation ◽  
System Calls ◽  
Three Layer Architecture ◽  
Technical Details ◽  
And Task

This paper describes the design and implementation of an ARM based embedded operating system micro kernel developed on Linux platform with GNU tool chain in technical details, including the three-layer architecture of the kernel (boot layer, core layer and task layer), multi-task schedule (priority for real-time and round-robin for time-sharing), IRQ handler, SWI handler, system calls, and inter-task communication based on which the micro-kernel architecture is constructed. On the foundation of this micro kernel, more components essential to a practical operating system, such as file system and TCP/IP processing, can be added in order to form a real and practical multi-task micro-kernel embedded operating system.

Interrupts and System Calls

2017 ◽  
pp. 91-100
Author(s):  
Igor Zhirkov
Keyword(s):  
System Calls

scholarly journals Information Flow Tracking for Linux Handling Concurrent System Calls and Shared Memory

2017 ◽  
pp. 1-16 ◽  
Author(s):  
Laurent Georget ◽  
Mathieu Jaume ◽  
Guillaume Piolle ◽  
Frédéric Tronel ◽  
Valérie Viet Triem Tong
Keyword(s):  
Shared Memory ◽  
Information Flow ◽  
Concurrent System ◽  
Information Flow Tracking ◽  
System Calls

Host-Based Intrusion Detection System with System Calls

2019 ◽  
Vol 51 (5) ◽  
pp. 1-36 ◽  
Author(s):  
Ming Liu ◽  
Zhi Xue ◽  
Xianghua Xu ◽  
Changmin Zhong ◽  
Jinjun Chen
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
System Calls

scholarly journals Leisure Studies on Program Output With Delay Relaxation.

2021 ◽  
Author(s):  
Frank Appiah
Keyword(s):  
Delay Time ◽  
Leisure Time ◽  
Program Execution ◽  
Leisure Studies ◽  
File Management ◽  
System Calls ◽  
Interactive Computing ◽  
Computing Environments ◽  
Program Output

Interactive computing environments consisting of screen and keyboard provides a means to relax and enjoy the program output. Leisurely, ways to slow and relax program execution is delved with system calls like delay execution, synthesis execution and file management execution. The leisure time can be the exact delay time used in slowly the chances of output activity.

Sign in / Sign up

Export Citation Format

Share Document