A graph-based framework for malicious software detection and classification utilizing temporal-graphs

2021 ◽  
pp. 1-38
Author(s):  
Helen-Maria Dounavi ◽  
Anna Mpanti ◽  
Stavros D. Nikolopoulos ◽  
Iosif Polenakis
Keyword(s):  
Structural Evolution ◽  
Graph Representation ◽  
Detection Rates ◽  
Malicious Software ◽  
Dependency Graphs ◽  
System Calls ◽  
Series Of Experiments ◽  
Classification Procedures ◽  
Temporal Graphs ◽  
Malware Detection And Classification

In this paper we present a graph-based framework that, utilizing relations between groups of System-calls, detects whether an unknown software sample is malicious or benign, and classifies a malicious software to one of a set of known malware families. In our approach we propose a novel graph representation of dependency graphs by capturing their structural evolution over time constructing sequential graph instances, the so-called Temporal Graphs. The partitions of the temporal evolution of a graph defined by specific time-slots, results to different types of graphs representations based upon the information we capture across the capturing of its evolution. The proposed graph-based framework utilizes the proposed types of temporal graphs computing similarity metrics over various graph characteristics in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection rates and the classification ability of our proposed graph-based framework conducting a series of experiments over a set of known malware samples pre-classified into malware families.

scholarly journals Using Graph Representation in Host-Based Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Zhichao Hu ◽  
Likun Liu ◽  
Haining Yu ◽  
Xiangzhan Yu
Keyword(s):  
Intrusion Detection ◽  
Representation Learning ◽  
Graph Representation ◽  
Daily Lives ◽  
Embedding Method ◽  
System Calls ◽  
Average Improvement ◽  
Wide Range ◽  
Structural Association ◽  
N Gram

Cybersecurity has become an important part of our daily lives. As an important part, there are many researches on intrusion detection based on host system call in recent years. Compared to sentences, a sequence of system calls has unique characteristics. It contains implicit pattern relationships that are less sensitive to the order of occurrence and that have less impact on the classification results when the frequency of system calls varies slightly. There are also various properties such as resource consumption, execution time, predefined rules, and empirical weights of system calls. Commonly used word embedding methods, such as Bow, TI-IDF, N-Gram, and Word2Vec, do not fully exploit such relationships in sequences as well as conveniently support attribute expansion. To solve these problems, we introduce Graph Representation based Intrusion Detection (GRID), an intrusion detection framework based on graph representation learning. It captures the potential relationships between system calls to learn better features, and it is applicable to a wide range of back-end classifiers. GRID utilizes a new sequence embedding method Graph Random State Embedding (GRSE) that uses graph structures to model a finite number of sequence items and represent the structural association relationships between them. A more efficient representation of sequence embeddings is generated by random walks, word embeddings, and graph pooling. Moreover, it can be easily extended to sequences with attributes. Our experimental results on the AFDA-LD dataset show that GRID has an average improvement of 2% using the GRSE embedding method comparing to others.

Detection and Classification of Malicious Software based on Regional Matching of Temporal Graphs

2021 ◽  
Author(s):  
Helen-Maria Dounavi ◽  
Anna Mpanti ◽  
Stavros D. Nikolopoulos ◽  
Iosif Polenakis
Keyword(s):  
Malicious Software ◽  
Temporal Graphs

Subliminal Gamma Flicker Draws Attention Even in the Absence of Transition-Flash Cues

2011 ◽  
Vol 105 (2) ◽  
pp. 827-833 ◽  
Author(s):  
Samuel W. Cheadle ◽  
Andrew Parton ◽  
Hermann J. Müller ◽  
Marius Usher
Keyword(s):  
Selective Attention ◽  
Target Location ◽  
Potential Contribution ◽  
Validity Effect ◽  
Detection Rates ◽  
Gamma Range ◽  
Real Phenomenon ◽  
Series Of Experiments ◽  
Effect Experiment ◽  
Object Display

We recently reported evidence indicating that selective attention is deployed to a target location in a multi-object display, when the target event (a change of one of the objects) is preceded by subliminal flicker in the gamma range. However, concerns have been raised regarding the stimuli used in this study and the possible contribution of an artifactual cue: a “transition flash” between pretarget flicker offset and target onset. Here, we report a series of experiments investigating the existence and potential contribution to selective attention of this transition-flash cue under different presentation conditions. We find that, although the transition flash is a real phenomenon (detection rates ≃ 15% > chance), it cannot, on its own, explain the original effects of gamma flicker on the response time to target detection. Even after eliminating this flash, detection was significantly faster, or more accurate, for targets preceded (vs. not preceded) by flicker. This congruency effect (≈15 ms) demonstrates that gamma flicker on its own is sufficient to engage selective attention. This interpretation is further strengthened by a reevaluation of 1) experiment 7 reported by van Diepen and colleagues and 2) the validity effect experiment reported by Bauer and colleagues. Possible reasons for the discrepant results are also discussed.

X-ray microanalysis of thin specimens in the transmission electron microscope at voltages up to 1000 Kv.

1978 ◽  
Vol 36 (1) ◽  
pp. 540-541
Author(s):  
G. Cliff ◽  
M.J. Nasir ◽  
G.W. Lorimer ◽  
N. Ridley
Keyword(s):  
Electron Microscope ◽  
Transmission Electron Microscope ◽  
Weight Fraction ◽  
Present Series ◽  
Constant Independent ◽  
X Ray ◽  
Transmission Electron ◽  
Series Of Experiments ◽  
Image Position ◽  
X Ray Absorption

In a specimen which is transmission thin to 100 kV electrons - a sample in which X-ray absorption is so insignificant that it can be neglected and where fluorescence effects can generally be ignored (1,2) - a ratio of characteristic X-ray intensities, I1/I2 can be converted into a weight fraction ratio, C1/C2, using the equationwhere k12 is, at a given voltage, a constant independent of composition or thickness, k12 values can be determined experimentally from thin standards (3) or calculated (4,6). Both experimental and calculated k12 values have been obtained for K(11<Z>19),kα(Z>19) and some Lα radiation (3,6) at 100 kV. The object of the present series of experiments was to experimentally determine k12 values at voltages between 200 and 1000 kV and to compare these with calculated values.The experiments were carried out on an AEI-EM7 HVEM fitted with an energy dispersive X-ray detector.

Microstructure and reactivity of small metal particles: The role of Ce additives

1992 ◽  
Vol 50 (1) ◽  
pp. 318-319
Author(s):  
L.D. Schmidt ◽  
K. R. Krause ◽  
J. M. Schwartz ◽  
X. Chu
Keyword(s):  
Atmospheric Pressure ◽  
Noble Metals ◽  
Mixed Oxides ◽  
Catalytic Properties ◽  
Chemical Shifts ◽  
Catalytic Converter ◽  
Structural Evolution ◽  
Single Particles ◽  
Small Metal Particles

The evolution of microstructures of 10- to 100-Å diameter particles of Rh and Pt on SiO2 and Al2O3 following treatment in reducing, oxidizing, and reacting conditions have been characterized by TEM. We are able to transfer particles repeatedly between microscope and a reactor furnace so that the structural evolution of single particles can be examined following treatments in gases at atmospheric pressure. We are especially interested in the role of Ce additives on noble metals such as Pt and Rh. These systems are crucial in the automotive catalytic converter, and rare earths can significantly modify catalytic properties in many reactions. In particular, we are concerned with the oxidation state of Ce and its role in formation of mixed oxides with metals or with the support. For this we employ EELS in TEM, a technique uniquely suited to detect chemical shifts with ∼30Å resolution.

Slip traces caused by plastic deformation during recrystallization of thin metal sheets

1994 ◽  
Vol 52 ◽  
pp. 620-621
Author(s):  
H. Lin ◽  
D. P. Pope
Keyword(s):  
Grain Size ◽  
Grain Boundaries ◽  
Sample Thickness ◽  
List Type ◽  
Metal Sheets ◽  
Second Phases ◽  
Slip Traces ◽  
Series Of Experiments ◽  
Cold Rolled ◽  
Individual Grains

During a study of mechanical properties of recrystallized B-free Ni3Al single crystals, regularly spaced parallel traces within individual grains were discovered on the surfaces of thin recrystallized sheets, see Fig. 1. They appeared to be slip traces, but since we could not find similar observations in the literature, a series of experiments was performed to identify them. We will refer to them “traces”, because they contain some, if not all, of the properties of slip traces. A variety of techniques, including the Electron Backscattering Pattern (EBSP) method, was used to ascertain the composition, geometry, and crystallography of these traces. The effect of sample thickness on their formation was also investigated.In summary, these traces on the surface of recrystallized Ni3Al have the following properties:1.The chemistry and crystallographic orientation of the traces are the same as the bulk. No oxides or other second phases were observed.2.The traces are not grooves caused by thermal etching at previous locations of grain boundaries.3.The traces form after recrystallization (because the starting Ni3Al is a single crystal).4.For thicknesses between 50 μm and 720 μm, the density of the traces increases as the sample thickness decreases. Only one set of “protrusion-like” traces is visible in a given grain on the thicker samples, but multiple sets of “cliff-like” traces are visible on the thinner ones (See Fig. 1 and Fig. 2).5.They are linear and parallel to the traces of {111} planes on the surface, see Fig. 3.6.Some of the traces terminate within the interior of the grains, and the rest of them either terminate at or are continuous across grain boundaries. The portion of latter increases with decreasing thickness.7.The grain size decreases with decreasing thickness, the decrease is more pronounced when the grain size is comparable with the thickness, Fig. 4.8.Traces also formed during the recrystallization of cold-rolled polycrystalline Cu thin sheets, Fig. 5.

Dissection of the molecular mechanisms of protein targeting to the peroxisome using immunofluorescence and immunocryoelectron microscopies

1990 ◽  
Vol 48 (3) ◽  
pp. 44-45
Author(s):  
G-A. Keller ◽  
S. J. Gould ◽  
S. Subramani ◽  
S. Krisans
Keyword(s):  
Mammalian Cells ◽  
Molecular Mechanisms ◽  
Protein Targeting ◽  
Firefly Luciferase ◽  
Peroxisomal Enzyme ◽  
Transfected Cells ◽  
Peroxisomal Targeting ◽  
Targeting Signal ◽  
Series Of Experiments ◽  
Peroxisomal Targeting Signal

Subcellular compartments within eukaryotic cells must each be supplied with unique sets of proteins that must be directed to, and translocated across one or more membranes of the target organelles. This transport is mediated by cis- acting targeting signals present within the imported proteins. The following is a chronological account of a series of experiments designed and carried out in an effort to understand how proteins are targeted to the peroxisomal compartment.-We demonstrated by immunocryoelectron microscopy that the enzyme luciferase is a peroxisomal enzyme in the firefly lantern. -We expressed the cDNA encoding firefly luciferase in mammalian cells and demonstrated by immunofluorescence that the enzyme was transported into the peroxisomes of the transfected cells. -Using deletions, linker insertions, and gene fusion to identify regions of luciferase involved in its transport to the peroxisomes, we demonstrated that luciferase contains a peroxisomal targeting signal (PTS) within its COOH-terminal twelve amino acid.

Effect of furnace atmosphere and silica content on the consolidation behaviour of magnesia partially stabilised zirconia

1990 ◽  
Vol 48 (4) ◽  
pp. 1056-1057
Author(s):  
J. Drennan ◽  
R.H.J. Hannink ◽  
D.R. Clarke ◽  
T.M. Shaw
Keyword(s):  
Liquid Phase ◽  
Silica Content ◽  
Liquid Phase Sintering ◽  
Furnace Atmosphere ◽  
Boundary Phase ◽  
Analytical Electron ◽  
Analytical Electron Microscope ◽  
Series Of Experiments ◽  
Compositional Gradients ◽  
Mobile Liquid

Magnesia partially stabilised zirconia (Mg-PSZ) ceramics are renowned for their excellent nechanical properties. These are effected by processing conditions and purity of starting materials. It has been previously shown that small additions of strontia (SrO) have the effect of removing the major contaminant, silica (SiO2).The mechanism by which this occurs is not fully understood but the strontia appears to form a very mobile liquid phase at the grain boundaries. As the sintering reaches the final stages the liquid phase is expelled to the surface of the ceramic. A series of experiments, to examine the behaviour of the liquid grain boundary phase, were designed to produce compositional gradients across the ceramic bodies. To achieve this, changes in both silica content and furnace atmosphere were implemented. Analytical electron microscope techniques were used to monitor the form and composition of the phases developed. This paper describes the results of our investigation and the presentation will discuss the work with reference to liquid phase sintering of ceramics in general.

Sign in / Sign up

Export Citation Format

Share Document